[ubuntu/utopic-proposed] chromium-browser 37.0.2062.94-0ubuntu1~pkg1065 (Accepted)

Chad MILLER chad.miller at canonical.com
Tue Sep 2 15:01:08 UTC 2014 

chromium-browser (37.0.2062.94-0ubuntu1~pkg1065) utopic; urgency=medium

  * Release to stage

chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low

  * Upstream release 37.0.2062.94.
    - CVE-2014-3165: Use-after-free in Blink websockets.
    - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
      extensions that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3168: Use-after-free in SVG.
    - CVE-2014-3169: Use-after-free in DOM.
    - CVE-2014-3170: Extension permission dialog spoofing.
    - CVE-2014-3171: Use-after-free in bindings.
    - CVE-2014-3172: Issue related to extension debugging.
    - CVE-2014-3173: Uninitialized memory read in WebGL.
    - CVE-2014-3174: Uninitialized memory read in Web Audio.
    - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
      API, and Google V8 to execute arbitrary code.
  * Fix a shell bug in the binary-wrapper that prevented USER flags
    from working properly.
  * debian/control: Suggests chromiumflashplugin .
  * debian/apport: Significant cleanup.
  * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
    (LP: #1353185)
  * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
  * debian/patches/*: refresh line numbers.
  * debian/patches/search-credit.patch,
    debian/patches/additional-search-engines.patch: Track source files moved.
  * debian/patches/ffmpeg-gyp-config.patch,
    debian/patches/fix-gyp-space-in-object-filename-exception.patch,
    debian/patches/gyp-icu-m32-test:
    Disabled. No longer needs fixing.
  * debian/control: build-dep on openssl.
  * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
    (LP: #1353185)
  * debian/rules: Use built-in PDF support. (LP: #513745, #1009902)

chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low

  * Upstream release 36.0.1985.143:
    - CVE-2014-3165: Use-after-free in web sockets.
    - CVE-2014-3166: Information disclosure in SPDY.
    - CVE-2014-3167: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules: Avoid some unnecessary warning of invalid mv.
  * debian/control: Build-depends on libxkbcommon-dev.
  * debian/rules: Don't use tcmalloc on i386.
  * debian/control, debian/rules: Build-dep on, and use, compiler 4.8
    toolchain, since 4.9 seems to be broken.
  * debian/control: Don't have (unused) shlibs-depends on -dbg packages
    and non-binary packages.
  * debian/chromium-browser-codecs-ffmpeg-extra.dirs,
    debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused.
  * debian/chromium-browser.lintian-overrides,
    debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides,
    debian/chromium-codecs-ffmpeg-extra.lintian-overrides,
    debian/chromium-codecs-ffmpeg.lintian-overrides,
    debian/source/lintian-overrides: Add lintian overrides.

Date: Sun, 31 Aug 2014 14:26:29 -0400
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/utopic/+source/chromium-browser/37.0.2062.94-0ubuntu1~pkg1065
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 31 Aug 2014 14:26:29 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 37.0.2062.94-0ubuntu1~pkg1065
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 513745 1009902 1353185
Changes:
 chromium-browser (37.0.2062.94-0ubuntu1~pkg1065) utopic; urgency=medium
 .
   * Release to stage
 .
 chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low
 .
   * Upstream release 37.0.2062.94.
     - CVE-2014-3165: Use-after-free in Blink websockets.
     - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
       extensions that can lead to remote code execution outside of the sandbox.
     - CVE-2014-3168: Use-after-free in SVG.
     - CVE-2014-3169: Use-after-free in DOM.
     - CVE-2014-3170: Extension permission dialog spoofing.
     - CVE-2014-3171: Use-after-free in bindings.
     - CVE-2014-3172: Issue related to extension debugging.
     - CVE-2014-3173: Uninitialized memory read in WebGL.
     - CVE-2014-3174: Uninitialized memory read in Web Audio.
     - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
       initiatives.
     - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
       API, and Google V8 to execute arbitrary code.
   * Fix a shell bug in the binary-wrapper that prevented USER flags
     from working properly.
   * debian/control: Suggests chromiumflashplugin .
   * debian/apport: Significant cleanup.
   * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
     (LP: #1353185)
   * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
   * debian/patches/*: refresh line numbers.
   * debian/patches/search-credit.patch,
     debian/patches/additional-search-engines.patch: Track source files moved.
   * debian/patches/ffmpeg-gyp-config.patch,
     debian/patches/fix-gyp-space-in-object-filename-exception.patch,
     debian/patches/gyp-icu-m32-test:
     Disabled. No longer needs fixing.
   * debian/control: build-dep on openssl.
   * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
     (LP: #1353185)
   * debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
 .
 chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low
 .
   * Upstream release 36.0.1985.143:
     - CVE-2014-3165: Use-after-free in web sockets.
     - CVE-2014-3166: Information disclosure in SPDY.
     - CVE-2014-3167: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/rules: Avoid some unnecessary warning of invalid mv.
   * debian/control: Build-depends on libxkbcommon-dev.
   * debian/rules: Don't use tcmalloc on i386.
   * debian/control, debian/rules: Build-dep on, and use, compiler 4.8
     toolchain, since 4.9 seems to be broken.
   * debian/control: Don't have (unused) shlibs-depends on -dbg packages
     and non-binary packages.
   * debian/chromium-browser-codecs-ffmpeg-extra.dirs,
     debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused.
   * debian/chromium-browser.lintian-overrides,
     debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides,
     debian/chromium-codecs-ffmpeg-extra.lintian-overrides,
     debian/chromium-codecs-ffmpeg.lintian-overrides,
     debian/source/lintian-overrides: Add lintian overrides.
Checksums-Sha1:
 f70b43e80fbf3fb1e3685654dd2a5d96dbdf6abd 2900 chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.dsc
 e6c03f51147a253eac71469819da91520aaad765 284604 chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.debian.tar.xz
Checksums-Sha256:
 e69a21cb9f29e26cf1218158d0ae82a54655f94de6da444e92b29a34cff65efa 2900 chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.dsc
 692784f52ed2c34e45dbbc30bf5fc50c0f8eaf46c8f8e28450a1cf2c3f473f2a 284604 chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.debian.tar.xz
Files:
 defe617b4c0e108909961acc1c71b46f 2900 web optional chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.dsc
 9e7e0a9ec0c74fee201b817e267ccdb6 284604 web optional chromium-browser_37.0.2062.94-0ubuntu1~pkg1065.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUBdtEAAoJEGEfvezVlG4Ps6sH+gIA5PJ60Z5OHSObSDPdaPWg
fnLPv1P3jQwf97hMWdTwIguFB4YDX3S4sIDomZNjA8+ugS4Br8Us60i6+iEB6ass
5L2pjn5DfCpsl+ZDSebnTZse/NKTVr7Sz7ArIFf2PC6TjP+oQ8qD3xrjIjeJMYZe
xpvpVOwvGSlrXY1TZBIiRYFrF1iXuSs9JRNxTcL7lqP2rUm3MphtS8s3fhBkV5fF
LjGkp5MtSRSqBFjApo91HMSS1fDLCuwxhMK8LJC60JodSmydIvViWiuty7UPBKR4
JE+pctpkH14tzp8JrbfKkI8VbfTuA6BggGEWB4NjLNjKFSHTXM3hNtIOfI2gwyI=
=lqoz
-----END PGP SIGNATURE-----

More information about the Utopic-changes mailing list