[ubuntu/trusty-updates] chromium-browser 51.0.2704.79-0ubuntu0.14.04.1.1121 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Jul 1 14:33:31 UTC 2016


chromium-browser (51.0.2704.79-0ubuntu0.14.04.1.1121) trusty-security; urgency=medium

  * Upstream release 51.0.2704.79:
    - CVE-2016-1696: Cross-origin bypass in Extension bindings.
    - CVE-2016-1697: Cross-origin bypass in Blink.
    - CVE-2016-1698: Information leak in Extension bindings.
    - CVE-2016-1699: Parameter sanitization failure in DevTools.
    - CVE-2016-1700: Use-after-free in Extensions.
    - CVE-2016-1701: Use-after-free in Autofill.
    - CVE-2016-1702: Out-of-bounds read in Skia.
    - CVE-2016-1703: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 51.0.2704.63:
    - CVE-2016-1672: Cross-origin bypass in extension bindings.
    - CVE-2016-1673: Cross-origin bypass in Blink.
    - CVE-2016-1674: Cross-origin bypass in extensions.
    - CVE-2016-1675: Cross-origin bypass in Blink.
    - CVE-2016-1676: Cross-origin bypass in extension bindings.
    - CVE-2016-1677: Type confusion in V8.
    - CVE-2016-1678: Heap overflow in V8.
    - CVE-2016-1679: Heap use-after-free in V8 bindings.
    - CVE-2016-1680: Heap use-after-free in Skia.
    - CVE-2016-1681: Heap overflow in PDFium.
    - CVE-2016-1682: CSP bypass for ServiceWorker.
    - CVE-2016-1683: Out-of-bounds access in libxslt.
    - CVE-2016-1684: Integer overflow in libxslt.
    - CVE-2016-1685: Out-of-bounds read in PDFium.
    - CVE-2016-1686: Out-of-bounds read in PDFium.
    - CVE-2016-1687: Information leak in extensions.
    - CVE-2016-1688: Out-of-bounds read in V8.
    - CVE-2016-1689: Heap buffer overflow in media.
    - CVE-2016-1690: Heap use-after-free in Autofill.
    - CVE-2016-1691: Heap buffer-overflow in Skia.
    - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker.
    - CVE-2016-1693: HTTP Download of Software Removal Tool.
    - CVE-2016-1694: HPKP pins removed on cache clearance.
    - CVE-2016-1695: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/patches/blink-platform-export-class: remove patch. Unnecessary.

Date: 2016-06-03 01:39:14.373042+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/chromium-browser/51.0.2704.79-0ubuntu0.14.04.1.1121
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list