[ubuntu/natty] chromium-browser 10.0.648.127~r76697-0ubuntu1 (Accepted)
Fabien Tassin
fta at ubuntu.com
Tue Mar 8 19:30:51 UTC 2011
chromium-browser (10.0.648.127~r76697-0ubuntu1) natty; urgency=high
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/webkit_rev_parser.patch
- update debian/patches/series
Date: Tue, 08 Mar 2011 17:19:58 +0100
Changed-By: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/chromium-browser/10.0.648.127~r76697-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 08 Mar 2011 17:19:58 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-codecs-ffmpeg-nonfree chromium-codecs-ffmpeg-nonfree-dbg
Architecture: source
Version: 10.0.648.127~r76697-0ubuntu1
Distribution: natty
Urgency: high
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description:
chromium-browser - Chromium browser
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-inspector - page inspector for the chromium-browser
chromium-browser-l10n - chromium-browser language packages
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
chromium-codecs-ffmpeg-nonfree - dummy upgrade package
chromium-codecs-ffmpeg-nonfree-dbg - dummy upgrade package
Launchpad-Bugs-Fixed: 194574 731520
Changes:
chromium-browser (10.0.648.127~r76697-0ubuntu1) natty; urgency=high
.
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/webkit_rev_parser.patch
- update debian/patches/series
Checksums-Sha1:
fb9823eed37d332f1e84f1a93292671c8ca77752 2135 chromium-browser_10.0.648.127~r76697-0ubuntu1.dsc
995412ffc77cc9c04af2d04166c5804009f38d4b 188365497 chromium-browser_10.0.648.127~r76697.orig.tar.gz
315933f282c8e264e2bb8dc0b3c197ad89c73bb9 199279 chromium-browser_10.0.648.127~r76697-0ubuntu1.diff.gz
Checksums-Sha256:
c3b7980e6715a7bb071142c737b3a2dafb95e7870e4e507f2dbd3e83e47cb14a 2135 chromium-browser_10.0.648.127~r76697-0ubuntu1.dsc
54abdbe38cf42322b660cb1064c6d11bd2bfd2cc2614228204a93c769b5e36b3 188365497 chromium-browser_10.0.648.127~r76697.orig.tar.gz
1543281fcda7dd25793f4665c96ea71ce22105ffd935b6bcde65a9b2ee3239d4 199279 chromium-browser_10.0.648.127~r76697-0ubuntu1.diff.gz
Files:
b685478291861aeb733f1e28c133a264 2135 web optional chromium-browser_10.0.648.127~r76697-0ubuntu1.dsc
16a418e872cc580c751a4d80985d9a81 188365497 web optional chromium-browser_10.0.648.127~r76697.orig.tar.gz
0b26b1e2caf187d63c883a43fc85a1e0 199279 web optional chromium-browser_10.0.648.127~r76697-0ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk12gm4ACgkQaOfNHbbuIOjRzQCfTQ9iEzmwBBHoCrn+alJqYggT
9JoAn0ACGIsugO8aUwHOtsre0LmkEwl0
=75E1
-----END PGP SIGNATURE-----
More information about the Natty-changes
mailing list