[ubuntu/precise-updates] chromium-browser 36.0.1985.125-0ubuntu1.12.04.0~pkg897 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Aug 5 17:29:36 UTC 2014
chromium-browser (36.0.1985.125-0ubuntu1.12.04.0~pkg897) precise-security; urgency=medium
* Release to stage
chromium-browser (36.0.1985.125-0ubuntu1) UNRELEASED; urgency=low
* Upstream release 36.0.1985.125:
- CVE-2014-3160: Same-Origin-Policy bypass in SVG.
- CVE-2014-3162: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/*: Moved more gtk related changes to aura code.
* debian/control: Build-dep version of ninja-build should be recent.
* debian/patches/gyp-icu-m32-test: Smarter g++ test, no "echo |bad".
* debian/rules: Re-disable tcmalloc usage. It SEGVs at startup.
chromium-browser (35.0.1916.153-0ubuntu1) utopic; urgency=low
* debian/patches/display-scaling-default-value: Make default scale 1:1
when no gsettings information is available. (LP: #1302155)
* debian/patches/title-bar-default-system.patch-v34: Make window
title-bar frame default to system-provided instead of custom. Again.
* debian/patches/fix-gyp-space-in-object-filename-exception.patch: Make
is deprecated, and not well supported, but we still need it.
* debian/chromium-browser.sh.in, debian/chromium-browser.dirs: Speed up
chromium startup by avoiding execution of unnecessary programs for real
this time, and also, add a place in /etc for other packages to hook into
chromium safely.
* debian/chromium-browser-customization-example,
debian/chromium-browser.sh.in: Add support for better customization of
chromium by other packages. Files in /etc/chromium-browser/customizations/
are sourced at startup time.
* debian/patches/notifications-nicer: Make buggy background-mode processes
off by default.
* 7-npapi-permission-not-defaults-to-unauthorized.patch: Fix misapplication.
Put inside linux test, not chromeos test.
* Upstream release 35.0.1916.153.
* Upstream release 34.0.1847.137:
- CVE-2014-1740: Use-after-free in WebSockets.
- CVE-2014-1741: Integer overflow in DOM ranges.
- CVE-2014-1742: Use-after-free in editing.
* Upstream release 35.0.1916.114:
- CVE-2014-1743: Use-after-free in styles.
- CVE-2014-1744: Integer overflow in audio.
- CVE-2014-1745: Use-after-free in SVG.
- CVE-2014-1746: Out-of-bounds read in media filters.
- CVE-2014-1747: UXSS with local MHTML file.
- CVE-2014-1748: UI spoofing with scrollbar.
- CVE-2014-1749: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.
* debian/rules: Re-enable SSE for x86.
* debian/control: Add build-dep on libkrb5-dev.
* debian/patches/gyp-make-generator-reenabled.
* Reenable webapps patches 3,5,6,7.
* debian/rules: Use ninja to build. Make-file generation is deprecated and
broken in gyp now.
* debian/control: Build-dep on ninja-build, which is backported and in the
ubuntu security pocket to resolve this build-dep.
* Remove old, unnecessary files, debian/cdbs, debian/cdbs/scons.mk,
debian/cdbs/tarball.mk, debian/enable-dist-patches.pl,
debian/keep-alive.sh
chromium-browser (34.0.1847.131-0ubuntu1) precise-security; urgency=low
* debian/rules: Disable new feature Notifications Center, as it clutters
desktop without nicely theming or being killable.
* debian/patches/display-scaling-default-value: Make default scale 1:1
when no gsettings information is available. (LP: #1302155)
* debian/patches/title-bar-default-system.patch-v34: Make window
title-bar frame default to system-provided instead of custom. Again.
* New upstream release 34.0.1847.131.
chromium-browser (34.0.1847.116-0ubuntu0.12.04.1) precise-security; urgency=low
* New upstream release 34.0.1847.116:
- CVE-2014-1716: UXSS in V8.
- CVE-2014-1717: OOB access in V8.
- CVE-2014-1718: Integer overflow in compositor.
- CVE-2014-1719: Use-after-free in web workers.
- CVE-2014-1720: Use-after-free in DOM.
- CVE-2014-1721: Memory corruption in V8.
- CVE-2014-1722: Use-after-free in rendering.
- CVE-2014-1723: Url confusion with RTL characters.
- CVE-2014-1724: Use-after-free in speech.
- CVE-2014-1725: OOB read with window property.
- CVE-2014-1726: Local cross-origin bypass.
- CVE-2014-1727: Use-after-free in forms.
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
3.24.35.22.
+ Now ignores "autocomplete=off" in web forms. (LP: #1294325)
* debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
matching our version, then use version dir as the new lib dir. This
is an attempto to mitigate version upgrade hangs.
* debian/control: Add libexif-dev, libgcrypt-dev to build-deps.
* debian/control: Drop Recommend x11-xserver-utils, x11-utils .
* debian/control: Add libexif-dev to build-deps.
* debian/apport/chromium-browser.py: Convert encoded bytes to str before
splitting. Converting these to str at all is wrong, though.
* debian/patches/clipboard: Backport a few bug fixes.
Date: 2014-08-04 19:55:14.211936+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/chromium-browser/36.0.1985.125-0ubuntu1.12.04.0~pkg897
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list