[ubuntu/trusty-security] chromium-browser 43.0.2357.81-0ubuntu0. (Accepted)

Chris Coulson chris.coulson at canonical.com
Tue Jun 9 14:38:55 UTC 2015

chromium-browser (43.0.2357.81-0ubuntu0. trusty-security; urgency=medium

  * Upstream release 43.0.2357.81.
    - "Icons not displaying properly on Linux" (LP: #1449063)
  * Upstream release 43.0.2357.65:
    - CVE-2015-1252: Sandbox escape in Chrome.
    - CVE-2015-1253: Cross-origin bypass in DOM.
    - CVE-2015-1254: Cross-origin bypass in Editing.
    - CVE-2015-1255: Use-after-free in WebAudio.
    - CVE-2015-1256: Use-after-free in SVG.
    - CVE-2015-1251: Use-after-free in Speech.
    - CVE-2015-1257: Container-overflow in SVG.
    - CVE-2015-1258: Negative-size parameter in Libvpx. 
    - CVE-2015-1259: Uninitialized value in PDFium.
    - CVE-2015-1260: Use-after-free in WebRTC.
    - CVE-2015-1261: URL bar spoofing.
    - CVE-2015-1262: Uninitialized value in Blink.
    - CVE-2015-1263: Insecure download of spellcheck dictionary. 
    - CVE-2015-1264: Cross-site scripting in bookmarks.
    - CVE-2015-1265: Various fixes from internal audits, fuzzing and other
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
  * debian/patches/display-scaling-report-hardware-info: removed, unnecessary.
  * debian/patches/coordinate-space-map: removed, unnecessary.
  * debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until
    ARM works.
  * debian/chromium-browser.sh.in: Add --verbose to get logging info.
  * debian/patches/{notifications-nicer,mir-support}: disable unnecessary
  * debian/control, debian/chromium-browser.sh.in: Prompt nothing about 
    Flash plugin. Send Help clicks to Wiki instead.

Date: 2015-06-02 14:21:14.261738+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list