[ubuntu/oneiric-updates] chromium-browser 25.0.1364.160-0ubuntu0.11.10.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 11 23:12:17 UTC 2013

chromium-browser (25.0.1364.160-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * Disable lintian warnings about outdated autoconf files in source tree.
  * New stable version 25.0.1364.160:
    - CVE-2013-0912: Type confusion in WebKit.
  * New stable version 25.0.1364.152:
    - CVE-2013-0902: Use-after-free in frame loader.
    - CVE-2013-0903: Use-after-free in browser navigation handling.
    - CVE-2013-0904: Memory corruption in Web Audio.
    - CVE-2013-0905: Use-after-free with SVG animations.
    - CVE-2013-0906: Memory corruption in Indexed DB.
    - CVE-2013-0907: Race condition in media thread handling.
    - CVE-2013-0908: Incorrect handling of bindings for extension processes.
    - CVE-2013-0909: Referer leakage with XSS Auditor.
    - CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
    - CVE-2013-0911: Possible path traversal in database handling.
  * New stable version 25.0.1364.97:
    - CVE-2013-0879: Memory corruption with web audio node.
    - CVE-2013-0880: Use-after-free in database handling.
    - CVE-2013-0881: Bad read in Matroska handling.
    - CVE-2013-0882: Bad memory access with excessive SVG parameters.
    - CVE-2013-0883: Bad read in Skia.
    - CVE-2013-0885: Too many API permissions granted to web store.
    - CVE-2013-0887: Developer tools process has too many permissions and
      places too much trust in the connected server.
    - CVE-2013-0888: Out-of-bounds read in Skia.
    - CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
    - CVE-2013-0890: Memory safety issues across the IPC layer.
    - CVE-2013-0891: Integer overflow in blob handling.
    - CVE-2013-0892: Lower severity issues across the IPC layer.
    - CVE-2013-0893: Race condition in media handling.
    - CVE-2013-0894: Buffer overflow in vorbis decoding.
    - CVE-2013-0895: Incorrect path handling in file copying.
    - CVE-2013-0896: Memory management issues in plug-in message handling.
    - CVE-2013-0897: Off-by-one read in PDF.
    - CVE-2013-0898: Use-after-free in URL handling.
    - CVE-2013-0899: Integer overflow in Opus handling.
    - CVE-2013-0900: Race condition in ICU.
  * New stable version 24.0.1312.52:
    - CVE-2012-5145: Use-after-free in SVG layout.
    - CVE-2012-5146: Same origin policy bypass with malformed URL.
    - CVE-2012-5147: Use-after-free in DOM handling.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
    - CVE-2012-5149: Integer overflow in audio IPC handling.
    - CVE-2012-5150: Use-after-free when seeking video.
    - CVE-2012-5151: Integer overflow in PDF JavaScript.
    - CVE-2012-5152: Out-of-bounds read when seeking video.
    - CVE-2012-5153: Out-of-bounds stack access in v8.
    - CVE-2012-5156: Use-after-free in PDF fields.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling.
    - CVE-2013-0828: Bad cast in PDF root handling.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
    - CVE-2013-0830: Missing NUL termination in IPC.
    - CVE-2013-0831: Possible path traversal from extension process.
    - CVE-2013-0832: Use-after-free with printing.
    - CVE-2013-0833: Out-of-bounds read with printing.
    - CVE-2013-0834: Out-of-bounds read with glyph handling.
    - CVE-2013-0835: Browser crash with geolocation.
    - CVE-2013-0836: Crash in v8 garbage collection.
    - CVE-2013-0837: Crash in extension tab handling.
    - CVE-2013-0838: Tighten permissions on shared memory segments.
  * Add libpci-dev to build-deps.
  * debian/patches/ffmpeg-gyp-config.
    - Renamed from debian/patches/gyp-config-root
    - Write includes for more targets in ffmpeg building.
  * debian/patches/arm-crypto.patch
    - Added patch to distinguish normal ARM and hard-float ARM in crypto
      NSS inclusion.
  * Put GOOG search credit in a patch so we know when it fails.  Also 
    add credit to the other search idioms for GOOG.
    because releases can have any number of updates.
  * debian/rules:
    - Adopt some ARM build conditions from Debian.
    - Clean up. Stop matching Ubuntu versions outside of Ubuntu environments.
      Match patterns instead of whole words
    - Write REMOVED files in correct place.
    - Remove all generated in-tree makefiles at clean and get-source time.
    - Move all file-removal lines in get-source inside the condition
      for stripping files out of the source.
    - Hack in a "clean" rule that implements what src/Makefile should.

Date: 2013-03-10 05:17:25.487520+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Oneiric-changes mailing list