[ubuntu/saucy-security] chromium-browser 34.0.1847.116-0ubuntu~1.13.10.0~pkg991 (Accepted)

Chris Coulson chris.coulson at canonical.com
Thu Apr 24 17:28:55 UTC 2014 

chromium-browser (34.0.1847.116-0ubuntu~1.13.10.0~pkg991) saucy-security; urgency=medium

  * Release to stage

chromium-browser (34.0.1847.116-0ubuntu1) UNRELEASED; urgency=low

  * New upstream release 34.0.1847.116:
    - CVE-2014-1716: UXSS in V8.
    - CVE-2014-1717: OOB access in V8.
    - CVE-2014-1718: Integer overflow in compositor.
    - CVE-2014-1719: Use-after-free in web workers.
    - CVE-2014-1720: Use-after-free in DOM.
    - CVE-2014-1721: Memory corruption in V8.
    - CVE-2014-1722: Use-after-free in rendering.
    - CVE-2014-1723: Url confusion with RTL characters.
    - CVE-2014-1724: Use-after-free in speech.
    - CVE-2014-1725: OOB read with window property.
    - CVE-2014-1726: Local cross-origin bypass.
    - CVE-2014-1727: Use-after-free in forms.
    - CVE-2014-1728: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
      3.24.35.22.
    + Now ignores "autocomplete=off" in web forms. (LP: #1294325)
  * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
    matching our version, then use version dir as the new lib dir.  This
    is an attempto to mitigate version upgrade hangs.
  * debian/control: Add libexif-dev, libgcrypt-dev to build-deps.
  * debian/control: Add Recommend pepperflashplugin-nonfree . NPAPI is dying.
  * debian/control: Drop Recommend x11-xserver-utils, x11-utils .
  * debian/control: Add libexif-dev to build-deps.
  * debian/apport/chromium-browser.py: Convert encoded bytes to str before
    splitting. Converting these to str at all is wrong, though.
  * debian/patches/clipboard: Backport a few bug fixes.

chromium-browser (33.0.1750.152-0ubuntu0.13.10.1) saucy-security; urgency=low

  * debian/rules: Enable high-DPI. Enable touch support.  May not work on all
    devices yet.
  * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
    matching our version, then use version dir as the new lib dir.  This
    is an attempto to mitigate version upgrade hangs.
  * debian/rules: Move log-removal into the section for "release" builds only.
  * Upstream release 33.0.1750.152:
    - CVE-2014-1713: Code execution outside sandbox. Use-after-free in Blink
      bindings.
    - CVE-2014-1714: Code execution outside sandbox. Windows clipboard
      vulnerability.
    - CVE-2014-1705: Code execution outside sandbox. Memory corruption in V8.
    - CVE-2014-1715: Code execution outside sandbox. Directory traversal issue.
  * Upstream release 33.0.1750.149:
    - CVE-2014-1700: Use-after-free in speech.
    - CVE-2014-1701: UXSS in events.
    - CVE-2014-1702: Use-after-free in web database.
    - CVE-2014-1703: Potential sandbox escape due to a use-after-free in web
      sockets.
    - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version
      3.23.17.18.
  * Upstream release 33.0.1750.115.
  * Upstream release 33.0.1750.146.
    - CVE-2013-6663: Use-after-free in svg images.
    - CVE-2013-6664: Use-after-free in speech recognition.
    - CVE-2013-6665: Heap buffer overflow in software rendering.
    - CVE-2013-6666: Chrome allows requests in flash header request.
    - CVE-2013-6667: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version
      3.24.35.10.
  * Add a token to get search credit at Baidu.
  * debian/rules, debian/control: Switch to using ninja instead of make to
    build. Switch from CDBS to dh. Remove many old hacks.
  * debian/patches/disable_gn.patch: disable broken GN before build. Temporary
    hack.
  * debian/chromium-browser.{postinst,prerm}, add debhelper token.
  * debian/rules: Split compare function into arch-dep and arch-indep versions,
    since they check different things.
  * debian/rules: Use actual upstream orig tarball.
  * debian/control: build-dep on coreutils so we can print the checksums, too.

Date: 2014-04-14 02:38:11.979141+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/saucy/+source/chromium-browser/34.0.1847.116-0ubuntu~1.13.10.0~pkg991
-------------- next part --------------
Sorry, changesfile not available.

More information about the Saucy-changes mailing list