[ubuntu/precise-security] chromium-browser 37.0.2062.94-0ubuntu0.12.04.1~pkg909 (Accepted)

Chris Coulson chris.coulson at canonical.com
Tue Sep 2 14:54:09 UTC 2014 

chromium-browser (37.0.2062.94-0ubuntu0.12.04.1~pkg909) precise-security; urgency=medium

  * Release to stage

chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low

  * Upstream release 37.0.2062.94.
    - CVE-2014-3165: Use-after-free in Blink websockets.
    - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
      extensions that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3168: Use-after-free in SVG.
    - CVE-2014-3169: Use-after-free in DOM.
    - CVE-2014-3170: Extension permission dialog spoofing.
    - CVE-2014-3171: Use-after-free in bindings.
    - CVE-2014-3172: Issue related to extension debugging.
    - CVE-2014-3173: Uninitialized memory read in WebGL.
    - CVE-2014-3174: Uninitialized memory read in Web Audio.
    - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
      API, and Google V8 to execute arbitrary code.
  * Fix a shell bug in the binary-wrapper that prevented USER flags
    from working properly.
  * debian/control: Suggests chromiumflashplugin .
  * debian/apport: Significant cleanup.
  * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
    (LP: #1353185)
  * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
  * debian/patches/*: refresh line numbers.
  * debian/patches/search-credit.patch,
    debian/patches/additional-search-engines.patch: Track source files moved.
  * debian/patches/ffmpeg-gyp-config.patch,
    debian/patches/fix-gyp-space-in-object-filename-exception.patch,
    debian/patches/gyp-icu-m32-test:
    Disabled. No longer needs fixing.
  * debian/control: build-dep on openssl.
  * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
    (LP: #1353185)
  * debian/rules: Use built-in PDF support. (LP: #513745, #1009902)

chromium-browser (36.0.1985.143-0ubuntu1) precise-security; urgency=low

  * Upstream release 36.0.1985.143:
    - CVE-2014-3165: Use-after-free in web sockets.
    - CVE-2014-3166: Information disclosure in SPDY.
    - CVE-2014-3167: Various fixes from internal audits, fuzzing and other
      initiatives.    
  * debian/rules: Avoid some unnecessary warning of invalid mv.
  * debian/rules: Don't use tcmalloc on i386.
  * debian/control: Don't have (unused) shlibs-depends on -dbg packages
    and non-binary packages.
  * debian/chromium-browser-codecs-ffmpeg-extra.dirs,
    debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused.
  * debian/chromium-browser.lintian-overrides,
    debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides,
    debian/chromium-codecs-ffmpeg-extra.lintian-overrides,
    debian/chromium-codecs-ffmpeg.lintian-overrides,
    debian/source/lintian-overrides: Add lintian overrides.

Date: 2014-08-31 21:31:13.049145+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/precise/+source/chromium-browser/37.0.2062.94-0ubuntu0.12.04.1~pkg909
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list