[ubuntu/oneiric] chromium-browser 12.0.742.91~r87961-0ubuntu1 (Accepted)
Fabien Tassin
fta at ubuntu.com
Tue Jun 7 19:05:52 UTC 2011
chromium-browser (12.0.742.91~r87961-0ubuntu1) oneiric; urgency=high
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
Packaging changes:
* Provide a batch of translations for the Unity quicklists, and update
the regular desktop translations
- update debian/chromium-browser.desktop
* Add a keep-alive script preventing the builders from killing the build
when it's not echoing anything for too long (useful when linking
the main binary with ld-bfd)
- add debian/keep-alive.sh
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the stored passwords patch
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* When building with a non-default g++, also link with the same version
- update debian/rules
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
Date: Thu, 26 May 2011 17:16:41 +0200
Changed-By: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/chromium-browser/12.0.742.91~r87961-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 26 May 2011 17:16:41 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-codecs-ffmpeg-nonfree chromium-codecs-ffmpeg-nonfree-dbg
Architecture: source
Version: 12.0.742.91~r87961-0ubuntu1
Distribution: oneiric
Urgency: high
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description:
chromium-browser - Chromium browser
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-inspector - page inspector for the chromium-browser
chromium-browser-l10n - chromium-browser language packages
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
chromium-codecs-ffmpeg-nonfree - dummy upgrade package
chromium-codecs-ffmpeg-nonfree-dbg - dummy upgrade package
Launchpad-Bugs-Fixed: 794197
Changes:
chromium-browser (12.0.742.91~r87961-0ubuntu1) oneiric; urgency=high
.
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
Packaging changes:
* Provide a batch of translations for the Unity quicklists, and update
the regular desktop translations
- update debian/chromium-browser.desktop
* Add a keep-alive script preventing the builders from killing the build
when it's not echoing anything for too long (useful when linking
the main binary with ld-bfd)
- add debian/keep-alive.sh
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the stored passwords patch
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* When building with a non-default g++, also link with the same version
- update debian/rules
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
Checksums-Sha1:
da5005d8d61ab11f72eef8d12bdbb5d7b0f662f9 2153 chromium-browser_12.0.742.91~r87961-0ubuntu1.dsc
141c4a26df989d7c0d582912842181ea9d7b12a3 189908448 chromium-browser_12.0.742.91~r87961.orig.tar.gz
269f93f39ea31642d708fe92c1ad9f439574b345 199892 chromium-browser_12.0.742.91~r87961-0ubuntu1.diff.gz
Checksums-Sha256:
bf888f80f7cbd81f3eafd6a930acc0486fa577ffd440b7e8cdf6a6aab78074d3 2153 chromium-browser_12.0.742.91~r87961-0ubuntu1.dsc
4a277de6f8171e14015e85ea9b3652ab3a63316e9e3d270917a81c71636567ea 189908448 chromium-browser_12.0.742.91~r87961.orig.tar.gz
32856dc1c68f9ebbd5371cc2fa8aa0f3c4e546e489b5a279e4122c1c57fde38f 199892 chromium-browser_12.0.742.91~r87961-0ubuntu1.diff.gz
Files:
0239c995dda002a7cd619a5b4272ec1b 2153 web optional chromium-browser_12.0.742.91~r87961-0ubuntu1.dsc
27eee45eddb4839e59b183f3d542c7ae 189908448 web optional chromium-browser_12.0.742.91~r87961.orig.tar.gz
000602397ddd49576ec9714f618ca4e0 199892 web optional chromium-browser_12.0.742.91~r87961-0ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3udjcACgkQaOfNHbbuIOhlPACfVDJCj8oWhlMsCIvvy8Yewf/+
CHwAnjdn0wDCykj6pPlWP3pL96j26c4h
=syA5
-----END PGP SIGNATURE-----
More information about the Oneiric-changes
mailing list