[ubuntu/trusty-proposed] chromium-browser 31.0.1650.63-0ubuntu1~20131204.1 (Accepted)

Chad MILLER chad.miller at canonical.com
Tue Dec 10 19:02:55 UTC 2013 

chromium-browser (31.0.1650.63-0ubuntu1~20131204.1) trusty; urgency=low

  * Release to stage at ppa:canonical-chromium-builds/stage

chromium-browser (31.0.1650.63-0ubuntu1) trusty; urgency=low

  * New release 31.0.1650.63:
    - CVE-2013-6634: Session fixation in sync related to 302 redirects.
    - CVE-2013-6635: Use-after-free in editing.
    - CVE-2013-6636: Address bar spoofing related to modal dialogs.
    - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
      3.22.24.7.
    - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
      version 3.22.24.7.
    - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
      version 3.22.24.7.

chromium-browser (31.0.1650.57-0ubuntu3) trusty; urgency=low

  * debian/control: Drop libnss version number in Depends. We only need to
    recompile. (LP: #1251454)

chromium-browser (31.0.1650.57-0ubuntu2) trusty; urgency=low

  * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
    in apport reports.
  * debian/control: Abandon nss transitional package as Dependency, and add
    real package with epoch version number.

chromium-browser (31.0.1650.57-0ubuntu1) trusty; urgency=low

  * New release 31.0.1650.57:
    - CVE-2013-6632: Multiple memory corruption issues.
  * New release 31.0.1650.48:  (LP: #1250579)
    - CVE-2013-6621: Use after free related to speech input elements.
    - CVE-2013-6622: Use after free related to media elements.
    - CVE-2013-6623: Out of bounds read in SVG.
    - CVE-2013-6624: Use after free related to "id" attribute strings.
    - CVE-2013-6625: Use after free in DOM ranges.
    - CVE-2013-6626: Address bar spoofing related to interstitial warnings.
    - CVE-2013-6627: Out of bounds read in HTTP parsing.
    - CVE-2013-6628: Issue with certificates not being checked during TLS
      renegotiation.
    - CVE-2013-2931: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
    - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
    - CVE-2013-6631: Use after free in libjingle.
  * debian/chromium-chromedriver.install: Drop unsupported, broken old
    chromedriver v1 and add chromedriver2.
  * Update webapps patches.
  * Disable chromedriver testing until the new server-test client dependencies
    are figured out.
  * Drop base_unittests and automated_ui_tests build and automatic test and
    from installation exclusion.
  * Include wildcat package 'pepflashplugin-nonfree' in apport reportting.

chromium-browser (30.0.1599.114-0ubuntu1) trusty; urgency=low

  * debian/patches/menu-bar-visible.patch: Don't treat object as object
    reference.
  * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
    introduced in menu-bar-visible patch.
  * debian/rules: Fix typo of Precise conditional.
  * Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.
  * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make
    SIGSYS handler in sandbox safe and never call itself. (LP: #1195797)
  * debian/rules, debian/control: Use standard hardening flags, not
    hardening-wrapper.
  * debian/control: Build-depend on binutils, which already includes gold
    linker.
  * debian/control: Drop some unused build-deps: autotools-dev, binutils,
       flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64],
       libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev,
       libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev,
       libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev,
       libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev,
       patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev,
  * debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes
    tab titles disappear due to a pango bug.
  * debian/tests/control: Drop Depends on obselete package
    libunity-webapps-chromium.

Date: Mon, 09 Dec 2013 21:42:54 -0500
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/chromium-browser/31.0.1650.63-0ubuntu1~20131204.1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Dec 2013 21:42:54 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 31.0.1650.63-0ubuntu1~20131204.1
Distribution: trusty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 1195797 1250579 1251454
Changes: 
 chromium-browser (31.0.1650.63-0ubuntu1~20131204.1) trusty; urgency=low
 .
   * Release to stage at ppa:canonical-chromium-builds/stage
 .
 chromium-browser (31.0.1650.63-0ubuntu1) trusty; urgency=low
 .
   * New release 31.0.1650.63:
     - CVE-2013-6634: Session fixation in sync related to 302 redirects.
     - CVE-2013-6635: Use-after-free in editing.
     - CVE-2013-6636: Address bar spoofing related to modal dialogs.
     - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
       initiatives.
     - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
       3.22.24.7.
     - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
       version 3.22.24.7.
     - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
       version 3.22.24.7.
 .
 chromium-browser (31.0.1650.57-0ubuntu3) trusty; urgency=low
 .
   * debian/control: Drop libnss version number in Depends. We only need to
     recompile. (LP: #1251454)
 .
 chromium-browser (31.0.1650.57-0ubuntu2) trusty; urgency=low
 .
   * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
     in apport reports.
   * debian/control: Abandon nss transitional package as Dependency, and add
     real package with epoch version number.
 .
 chromium-browser (31.0.1650.57-0ubuntu1) trusty; urgency=low
 .
   * New release 31.0.1650.57:
     - CVE-2013-6632: Multiple memory corruption issues.
   * New release 31.0.1650.48:  (LP: #1250579)
     - CVE-2013-6621: Use after free related to speech input elements.
     - CVE-2013-6622: Use after free related to media elements.
     - CVE-2013-6623: Out of bounds read in SVG.
     - CVE-2013-6624: Use after free related to "id" attribute strings.
     - CVE-2013-6625: Use after free in DOM ranges.
     - CVE-2013-6626: Address bar spoofing related to interstitial warnings.
     - CVE-2013-6627: Out of bounds read in HTTP parsing.
     - CVE-2013-6628: Issue with certificates not being checked during TLS
       renegotiation.
     - CVE-2013-2931: Various fixes from internal audits, fuzzing and other
       initiatives.
     - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
     - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
     - CVE-2013-6631: Use after free in libjingle.
   * debian/chromium-chromedriver.install: Drop unsupported, broken old
     chromedriver v1 and add chromedriver2.
   * Update webapps patches.
   * Disable chromedriver testing until the new server-test client dependencies
     are figured out.
   * Drop base_unittests and automated_ui_tests build and automatic test and
     from installation exclusion.
   * Include wildcat package 'pepflashplugin-nonfree' in apport reportting.
 .
 chromium-browser (30.0.1599.114-0ubuntu1) trusty; urgency=low
 .
   * debian/patches/menu-bar-visible.patch: Don't treat object as object
     reference.
   * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
     introduced in menu-bar-visible patch.
   * debian/rules: Fix typo of Precise conditional.
   * Test the compiler for "-m32" support as the canonical test of support.
     Only a problem on ARM.
   * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make
     SIGSYS handler in sandbox safe and never call itself. (LP: #1195797)
   * debian/rules, debian/control: Use standard hardening flags, not
     hardening-wrapper.
   * debian/control: Build-depend on binutils, which already includes gold
     linker.
   * debian/control: Drop some unused build-deps: autotools-dev, binutils,
        flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64],
        libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev,
        libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev,
        libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev,
        libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev,
        patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev,
   * debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes
     tab titles disappear due to a pango bug.
   * debian/tests/control: Drop Depends on obselete package
     libunity-webapps-chromium.
Checksums-Sha1: 
 a20a34f001f3eee2dbdba2e952e86068902f7e95 2643 chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.dsc
 46367f0e9844de0d51948ea72d7745d62db5e13f 183587684 chromium-browser_31.0.1650.63.orig.tar.xz
 b0253063f3e47642da315ca51e36f6df168159de 269562 chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.debian.tar.gz
Checksums-Sha256: 
 beb7c7ec027a41630f1eec7d34f48100872f3b206482ff0efe2963bd3a21335c 2643 chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.dsc
 3a42f4c79294b1750af02bd191766e5f72741d723d2c25c893dee12b2729fd89 183587684 chromium-browser_31.0.1650.63.orig.tar.xz
 eb681fadb8aa726f20cc05492a564e65c008ac98485210741789a562a70782e5 269562 chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.debian.tar.gz
Files: 
 a81fa0a262a43d7856b444c5a6adf071 2643 web optional chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.dsc
 586b5b26397a0cfdc26092d9008c8108 183587684 web optional chromium-browser_31.0.1650.63.orig.tar.xz
 69e4100729f27615afcbfdb8be46f987 269562 web optional chromium-browser_31.0.1650.63-0ubuntu1~20131204.1.debian.tar.gz
Original-Maintainer: Micah Gersten <micahg at ubuntu.com>, Fabien Tassin <fta at ubuntu.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJSp2TGAAoJEGEfvezVlG4P6iQH/Rz5yFJ5a+QbwPmZCXBZn0E1
dxz8JwPCmm1XOb3tgsJdBV4yIySb6Iqk7Lxnq9JvKKn2Y+3DZVjgAh9LR27YFfaD
HhR9Ix2TlCdTLZkPuQWxQ7H/J6TBD649TQFG8BF7DGsUtLySGJbcwEnDzAphPqw/
3OC9SUH33vVxLdR6xUg9FUPs4ChWyw5T3ZJOPgGyJCoT+7aGessVs4II4G5iiRHf
vynSSXwtxv3koYnT6A1XKTWrw1wR+OX5mvRStqTEY5oeXHZ19m6LMld/vQJhDWZX
igB8lqFwY8msStgQ//EM7c5RCaGd212w9DeKBlAyRpxcXrfVQS6v18KUPSmmN2U=
=hXVD
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list