chromium-browser (50.0.2661.102-0ubuntu0.16.04.1.1237) xenial-security;
urgency=medium
* Upstream release 50.0.2661.102:
- CVE-2016-1667: Same origin bypass in DOM.
- CVE-2016-1668: Same origin bypass in Blink V8 bindings.
- CVE-2016-1669: Buffer overflow in V8.
- CVE-2016-1670: Race condition in loader.
- CVE-2016-1671: Directory traversal using the file scheme on Android.
* Upstream release 50.0.2661.94:
- CVE-2016-1660: Out-of-bounds write in Blink.
- CVE-2016-1661: Memory corruption in cross-process frames.
- CVE-2016-1662: Use-after-free in extensions.
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings.
- CVE-2016-1664: Address bar spoofing.
- CVE-2016-1665: Information leak in V8.
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 50.0.2661.75:
- CVE-2016-1652: Universal XSS in extension bindings.
- CVE-2016-1653: Out-of-bounds write in V8.
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
- CVE-2016-1654: Uninitialized memory read in media.
- CVE-2016-1655: Use-after-free related to extensions.
- CVE-2016-1656: Android downloaded file path restriction bypass.
- CVE-2016-1657: Address bar spoofing.
- CVE-2016-1658: Potential leak of sensitive information to malicious
extensions.
- CVE-2015-1659: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/seccomp-allow-set-robust-list: pass through syscall
set_robust_list. glibc nptl thread creation uses it.
* debian/rules: use new libsecret way of contacting keyring.
* debian/patches/blink-platform-export-class: avoid Trusty bug where
WebKit Platform class vtable not found at link time.
* debian/apport/chromium-browser.py: Handle case when crash and no
chromium directory exists. Still report errors in apport.
Date: 2016-05-13 16:03:13.104391+00:00
Changed-By: Chad Miller <chad.mil...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/chromium-browser/50.0.2661.102-0ubuntu0.16.04.1.1237
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes