[ubuntu/raring-proposed] chromium-browser 25.0.1364.160-0ubuntu1 (Accepted)
Chad MILLER
chad.miller at canonical.com
Sun Mar 10 05:06:21 UTC 2013
chromium-browser (25.0.1364.160-0ubuntu1) raring-proposed; urgency=low
* Disable lintian warnings about outdated autoconf files in source tree.
* New stable version 25.0.1364.160:
- CVE-2013-0912: Type confusion in WebKit.
* New stable version 25.0.1364.152:
- CVE-2013-0902: Use-after-free in frame loader.
- CVE-2013-0903: Use-after-free in browser navigation handling.
- CVE-2013-0904: Memory corruption in Web Audio.
- CVE-2013-0905: Use-after-free with SVG animations.
- CVE-2013-0906: Memory corruption in Indexed DB.
- CVE-2013-0907: Race condition in media thread handling.
- CVE-2013-0908: Incorrect handling of bindings for extension processes.
- CVE-2013-0909: Referer leakage with XSS Auditor.
- CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
- CVE-2013-0911: Possible path traversal in database handling.
* New stable version 25.0.1364.97:
- CVE-2013-0879: Memory corruption with web audio node.
- CVE-2013-0880: Use-after-free in database handling.
- CVE-2013-0881: Bad read in Matroska handling.
- CVE-2013-0882: Bad memory access with excessive SVG parameters.
- CVE-2013-0883: Bad read in Skia.
- CVE-2013-0885: Too many API permissions granted to web store.
- CVE-2013-0887: Developer tools process has too many permissions and
places too much trust in the connected server.
- CVE-2013-0888: Out-of-bounds read in Skia.
- CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- CVE-2013-0890: Memory safety issues across the IPC layer.
- CVE-2013-0891: Integer overflow in blob handling.
- CVE-2013-0892: Lower severity issues across the IPC layer.
- CVE-2013-0893: Race condition in media handling.
- CVE-2013-0894: Buffer overflow in vorbis decoding.
- CVE-2013-0895: Incorrect path handling in file copying.
- CVE-2013-0896: Memory management issues in plug-in message handling.
- CVE-2013-0897: Off-by-one read in PDF.
- CVE-2013-0898: Use-after-free in URL handling.
- CVE-2013-0899: Integer overflow in Opus handling.
- CVE-2013-0900: Race condition in ICU.
* New stable version 24.0.1312.52:
- CVE-2012-5145: Use-after-free in SVG layout.
- CVE-2012-5146: Same origin policy bypass with malformed URL.
- CVE-2012-5147: Use-after-free in DOM handling.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
- CVE-2012-5149: Integer overflow in audio IPC handling.
- CVE-2012-5150: Use-after-free when seeking video.
- CVE-2012-5151: Integer overflow in PDF JavaScript.
- CVE-2012-5152: Out-of-bounds read when seeking video.
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5156: Use-after-free in PDF fields.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling.
- CVE-2013-0828: Bad cast in PDF root handling.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access.
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process.
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling.
- CVE-2013-0835: Browser crash with geolocation.
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments.
* Add libpci-dev to build-deps.
* Add Recomends for webaccounts-chromium-extension.
* Add Recomends for unity-chromium-extension.
* debian/patches/ffmpeg-gyp-config.
- Renamed from debian/patches/gyp-config-root
- Write includes for more targets in ffmpeg building.
* debian/patches/arm-crypto.patch
- Added patch to distinguish normal ARM and hard-float ARM in crypto
NSS inclusion.
* Put GOOG search credit in a patch so we know when it fails. Also
add credit to the other search idioms for GOOG.
because releases can have any number of updates.
* Update webapps patches.
* debian/rules:
- Adopt some ARM build conditions from Debian.
- Clean up. Stop matching Ubuntu versions outside of Ubuntu environments.
Match patterns instead of whole words
- Write REMOVED files in correct place.
- Remove all generated in-tree makefiles at clean and get-source time.
- Move all file-removal lines in get-source inside the condition
for stripping files out of the source.
- Hack in a "clean" rule that implements what src/Makefile should.
Date: Fri, 08 Mar 2013 09:50:59 -0500
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/chromium-browser/25.0.1364.160-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Mar 2013 09:50:59 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver
Architecture: source
Version: 25.0.1364.160-0ubuntu1
Distribution: raring-proposed
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
chromium-browser - Chromium browser
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
chromium-browser (25.0.1364.160-0ubuntu1) raring-proposed; urgency=low
.
* Disable lintian warnings about outdated autoconf files in source tree.
* New stable version 25.0.1364.160:
- CVE-2013-0912: Type confusion in WebKit.
* New stable version 25.0.1364.152:
- CVE-2013-0902: Use-after-free in frame loader.
- CVE-2013-0903: Use-after-free in browser navigation handling.
- CVE-2013-0904: Memory corruption in Web Audio.
- CVE-2013-0905: Use-after-free with SVG animations.
- CVE-2013-0906: Memory corruption in Indexed DB.
- CVE-2013-0907: Race condition in media thread handling.
- CVE-2013-0908: Incorrect handling of bindings for extension processes.
- CVE-2013-0909: Referer leakage with XSS Auditor.
- CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
- CVE-2013-0911: Possible path traversal in database handling.
* New stable version 25.0.1364.97:
- CVE-2013-0879: Memory corruption with web audio node.
- CVE-2013-0880: Use-after-free in database handling.
- CVE-2013-0881: Bad read in Matroska handling.
- CVE-2013-0882: Bad memory access with excessive SVG parameters.
- CVE-2013-0883: Bad read in Skia.
- CVE-2013-0885: Too many API permissions granted to web store.
- CVE-2013-0887: Developer tools process has too many permissions and
places too much trust in the connected server.
- CVE-2013-0888: Out-of-bounds read in Skia.
- CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- CVE-2013-0890: Memory safety issues across the IPC layer.
- CVE-2013-0891: Integer overflow in blob handling.
- CVE-2013-0892: Lower severity issues across the IPC layer.
- CVE-2013-0893: Race condition in media handling.
- CVE-2013-0894: Buffer overflow in vorbis decoding.
- CVE-2013-0895: Incorrect path handling in file copying.
- CVE-2013-0896: Memory management issues in plug-in message handling.
- CVE-2013-0897: Off-by-one read in PDF.
- CVE-2013-0898: Use-after-free in URL handling.
- CVE-2013-0899: Integer overflow in Opus handling.
- CVE-2013-0900: Race condition in ICU.
* New stable version 24.0.1312.52:
- CVE-2012-5145: Use-after-free in SVG layout.
- CVE-2012-5146: Same origin policy bypass with malformed URL.
- CVE-2012-5147: Use-after-free in DOM handling.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
- CVE-2012-5149: Integer overflow in audio IPC handling.
- CVE-2012-5150: Use-after-free when seeking video.
- CVE-2012-5151: Integer overflow in PDF JavaScript.
- CVE-2012-5152: Out-of-bounds read when seeking video.
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5156: Use-after-free in PDF fields.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling.
- CVE-2013-0828: Bad cast in PDF root handling.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access.
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process.
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling.
- CVE-2013-0835: Browser crash with geolocation.
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments.
* Add libpci-dev to build-deps.
* Add Recomends for webaccounts-chromium-extension.
* Add Recomends for unity-chromium-extension.
* debian/patches/ffmpeg-gyp-config.
- Renamed from debian/patches/gyp-config-root
- Write includes for more targets in ffmpeg building.
* debian/patches/arm-crypto.patch
- Added patch to distinguish normal ARM and hard-float ARM in crypto
NSS inclusion.
* Put GOOG search credit in a patch so we know when it fails. Also
add credit to the other search idioms for GOOG.
because releases can have any number of updates.
* Update webapps patches.
* debian/rules:
- Adopt some ARM build conditions from Debian.
- Clean up. Stop matching Ubuntu versions outside of Ubuntu environments.
Match patterns instead of whole words
- Write REMOVED files in correct place.
- Remove all generated in-tree makefiles at clean and get-source time.
- Move all file-removal lines in get-source inside the condition
for stripping files out of the source.
- Hack in a "clean" rule that implements what src/Makefile should.
Checksums-Sha1:
836d7d9f5753d2d0e162f55734fb63de18ce09a0 3326 chromium-browser_25.0.1364.160-0ubuntu1.dsc
7c2a1aef0245f63dc376b492d0e9321c2e991cfd 343407420 chromium-browser_25.0.1364.160.orig.tar.xz
45662992f8ec14e0c6716bd6a906c72f01331ec8 241405 chromium-browser_25.0.1364.160-0ubuntu1.debian.tar.gz
Checksums-Sha256:
44484db20b57a853e1ff259955c6074eecedf031a76eb49f0330af6db948683b 3326 chromium-browser_25.0.1364.160-0ubuntu1.dsc
af9f46716eecb92a3618d283cfcf617886f521b2291713c053ad7319f313f207 343407420 chromium-browser_25.0.1364.160.orig.tar.xz
f04147909a7209a22ab5b0cabf6d2bd4c3de53ce557e414dd803450c5088e9a0 241405 chromium-browser_25.0.1364.160-0ubuntu1.debian.tar.gz
Files:
abd7485b74cf2a71f2e0b2e34d5edf78 3326 web optional chromium-browser_25.0.1364.160-0ubuntu1.dsc
2548883ec75bb83ec7c29e45716930f6 343407420 web optional chromium-browser_25.0.1364.160.orig.tar.xz
dd94959ec63189284ecf652a8306c1d9 241405 web optional chromium-browser_25.0.1364.160-0ubuntu1.debian.tar.gz
Original-Maintainer: Micah Gersten <micahg at ubuntu.com>, Fabien Tassin <fta at ubuntu.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRPBIzAAoJEFHb3FjMVZVz+bAP/Ao3QsePm9oGMvu3X7DgoM+3
P6MdG2lNWThqbhjPOIIeGd7MWfOZWtz1aiwdiZ85vN1LySrPyQvbDAjDUj6PoWnK
mkvEjQtB+FbgOmVA5Cox8pcwNtl7QRSlo04O2murGkUZ+dmvgCow86VndXMNerdD
U8fF70rl0uoK+kQ5Rln++bJSVtDoAR79UKT8dtqtAbw5xTNs4TrB6ceLHMfbq7SV
hrZflcp1vBsMsMns2/CIYPoGt7hpugg+e+AImisvQPYtZf3g/KbIFYzDL+TnaNT/
ex5Gem7XLTdLmUrYydKxgsk4kkECb7dos5jIYl1iSum86MtmHREHNsu9X97WrdO7
765QkMLik3sX/Q/4bNACjAk+h/Q47p3rH9sxRicVfs27e5yGS46X1KleK/NVmdxc
F92mwlWDZOjniJQ0+TjOWAO1DkCgAqyxXr+uClE5tAbYQHcWG99nOhntyzjBY3jL
kFE39FM8/3AOsonuEOO1JXM/eVqN8lOyZYqkPXj/UKYI5hSN5NyTpI70obhhKeDw
iZGwYpjk0nODkJ0qPx1I3cMjaehRdrb+r820gE7oyzcg3Hxb21VdIUP2EOU4mTvk
r5g5jcru2mUvMDdh8nj3iLY1Xg7CA0QQAvsKbaSQFUPrmvgoSaNbv5lwZvdvdyE+
6KQJMm2BIsnvxdUiPLPS
=42uY
-----END PGP SIGNATURE-----
More information about the Raring-changes
mailing list