[ubuntu/vivid-proposed] chromium-browser 38.0.2125.111-0ubuntu1.1103 (Accepted)
Chad MILLER
chad.miller at canonical.com
Mon Nov 10 16:48:09 UTC 2014
chromium-browser (38.0.2125.111-0ubuntu1.1103) vivid; urgency=medium
* Upstream release 38.0.2125.111.
* Upstream release 38.0.2125.104.
* Upstream release 38.0.2125.101: (LP: #1310163)
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium.
- CVE-2014-3190: Use-after-free in Events.
- CVE-2014-3191: Use-after-free in Rendering.
- CVE-2014-3192: Use-after-free in DOM.
- CVE-2014-3193: Type confusion in Session Management.
- CVE-2014-3194: Use-after-free in Web Workers.
- CVE-2014-3195: Information Leak in V8.
- CVE-2014-3196: Permissions bypass in Windows Sandbox.
- CVE-2014-3197: Information Leak in XSS Auditor.
- CVE-2014-3198: Out-of-bounds read in PDFium.
- CVE-2014-3199: Release Assert in V8 bindings.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 38).
* debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
* Make the verification step in clean make more compare-able output.
* debian/patches/configuration-directory.patch: Account for new location of
policies directory in /etc . Change back. (LP: #1373802)
* debian/patches/lp-translations-paths: Map old third_party filenames to
new name after processor compiles.
* debian/rules: Fix patch-translations rule, workflow.
* debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
* debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
which has never worked. (LP: #1381644)
* debian/patches/disable-sse: Disable more SSE #includes.
* debian/rules: Omit unnecessary files from packaging.
* debian/chromium-browser.sh.in: Fix variable name bug and suggest
~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
* debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
APIs.
chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.120:
- CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
- CVE-2014-3179: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Simplify and rearrange.
* debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
so we can fail when something changes unexpectedly.
* debian/rules: Fix up patch-translations rule.
chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
Date: Wed, 15 Oct 2014 14:22:55 -0400
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/38.0.2125.111-0ubuntu1.1103
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 15 Oct 2014 14:22:55 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 38.0.2125.111-0ubuntu1.1103
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
chromium-browser - Chromium browser
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-chromedriver-dbg - chromium-chromedriver debug symbols
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 513745 1009902 1310163 1353185 1373802 1381644
Changes:
chromium-browser (38.0.2125.111-0ubuntu1.1103) vivid; urgency=medium
.
* Upstream release 38.0.2125.111.
* Upstream release 38.0.2125.104.
* Upstream release 38.0.2125.101: (LP: #1310163)
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium.
- CVE-2014-3190: Use-after-free in Events.
- CVE-2014-3191: Use-after-free in Rendering.
- CVE-2014-3192: Use-after-free in DOM.
- CVE-2014-3193: Type confusion in Session Management.
- CVE-2014-3194: Use-after-free in Web Workers.
- CVE-2014-3195: Information Leak in V8.
- CVE-2014-3196: Permissions bypass in Windows Sandbox.
- CVE-2014-3197: Information Leak in XSS Auditor.
- CVE-2014-3198: Out-of-bounds read in PDFium.
- CVE-2014-3199: Release Assert in V8 bindings.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 38).
* debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
* Make the verification step in clean make more compare-able output.
* debian/patches/configuration-directory.patch: Account for new location of
policies directory in /etc . Change back. (LP: #1373802)
* debian/patches/lp-translations-paths: Map old third_party filenames to
new name after processor compiles.
* debian/rules: Fix patch-translations rule, workflow.
* debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
* debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
which has never worked. (LP: #1381644)
* debian/patches/disable-sse: Disable more SSE #includes.
* debian/rules: Omit unnecessary files from packaging.
* debian/chromium-browser.sh.in: Fix variable name bug and suggest
~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
* debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
APIs.
.
chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low
.
* Upstream release 37.0.2062.120:
- CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
- CVE-2014-3179: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Simplify and rearrange.
* debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
so we can fail when something changes unexpectedly.
* debian/rules: Fix up patch-translations rule.
.
chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low
.
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
Checksums-Sha1:
e85f798e11abe26f64b217502f4b1cfad37c8138 2895 chromium-browser_38.0.2125.111-0ubuntu1.1103.dsc
170918ea825310284709ff9c0142df915410942c 248200356 chromium-browser_38.0.2125.111.orig.tar.xz
749f3830f12c7a05b92270a4795e74f45fea28a5 288264 chromium-browser_38.0.2125.111-0ubuntu1.1103.debian.tar.xz
Checksums-Sha256:
264d05997ff3a1ac5de0caebb17d37ad54b7022487575ac1b887e5a1a6f9f56b 2895 chromium-browser_38.0.2125.111-0ubuntu1.1103.dsc
e6b43c86c0dff8451c532d7411546f973aa94d755fc2ce6574d8eabe55d35a1f 248200356 chromium-browser_38.0.2125.111.orig.tar.xz
ff81b4de47c974a3ff707827163cc2965ac1c2f00e9eee69f8c98409bcc3b7b8 288264 chromium-browser_38.0.2125.111-0ubuntu1.1103.debian.tar.xz
Files:
64bc3fd7377eb4da52ef82422563f262 2895 web optional chromium-browser_38.0.2125.111-0ubuntu1.1103.dsc
e00601c7deea40b196baa8008f8e90e3 248200356 web optional chromium-browser_38.0.2125.111.orig.tar.xz
f2f83353fe92db7c2257f4ba6e0b0284 288264 web optional chromium-browser_38.0.2125.111-0ubuntu1.1103.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUYOtkAAoJEGEfvezVlG4P5cUIAJd0+a7Ii1mZIQIiA+BNtiSN
yMRgFjrsdTLlPj2A2LomJnvwF+rF0X1Cseh8NKE9lyR1yCeXafhCgWOaDV3Sh5/Z
M2kww2GDu7rlZokKjYAabf/3VhGFWMoemloJgS15gIyKjQK7N5M8E5eaGens37/Z
L0tu8o9xHV+OykCC/qZT6AT06e/2OEoUNaNy04UrX1nExeBU2TvcfeKdWPoSGWuZ
rBMgQlR/yM2xnKtTqf0BDzCaKf9a6HzXyDktUJa3GAM6W1nqi88isxSQVFH0T0+a
GMrI1YK264/bDB8HYxLTsCSs1+BUtGKbt7iOrbgB7x3GJmsGXJiNe/DHiXezkvA=
=xasx
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list