[ubuntu/vivid-proposed] chromium-browser 39.0.2171.65-0ubuntu1.1108 (Accepted)

Chad MILLER chad.miller at canonical.com
Wed Nov 26 11:35:21 UTC 2014 

chromium-browser (39.0.2171.65-0ubuntu1.1108) vivid; urgency=medium

  * Upstream release 39.0.2171.65:
    - CVE-2014-7899: Address bar spoofing.
    - CVE-2014-7900: Use-after-free in pdfium.
    - CVE-2014-7901: Integer overflow in pdfium.
    - CVE-2014-7902: Use-after-free in pdfium.
    - CVE-2014-7903: Buffer overflow in pdfium.
    - CVE-2014-7904: Buffer overflow in Skia.
    - CVE-2014-7905: Flaw allowing navigation to intents that do not have the
      BROWSABLE category.
    - CVE-2014-7906: Use-after-free in pepper plugins.
    - CVE-2014-0574: Double-free in Flash.
    - CVE-2014-7907: Use-after-free in blink.
    - CVE-2014-7908: Integer overflow in media.
    - CVE-2014-7909: Uninitialized memory read in Skia.
    - CVE-2014-7910: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/patches/search-credit.patch: Include "client" in google search
    prepopulated template's parameters.
  * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has
    parameter.
  * debian/source/lintian-overrides: Ignore android tools we don't use.
  * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we
    configure to have no symbols in builder (because they are humongous
    otherwise).
  * debian/control: Bump standards version. Version dep "bash". Remove
    duplicate language from package descriptions.
  * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test
    for dead NPAPI unity-webapps extension.

Date: Sat, 22 Nov 2014 14:06:34 -0500
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/39.0.2171.65-0ubuntu1.1108
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 22 Nov 2014 14:06:34 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 39.0.2171.65-0ubuntu1.1108
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
 chromium-browser (39.0.2171.65-0ubuntu1.1108) vivid; urgency=medium
 .
   * Upstream release 39.0.2171.65:
     - CVE-2014-7899: Address bar spoofing.
     - CVE-2014-7900: Use-after-free in pdfium.
     - CVE-2014-7901: Integer overflow in pdfium.
     - CVE-2014-7902: Use-after-free in pdfium.
     - CVE-2014-7903: Buffer overflow in pdfium.
     - CVE-2014-7904: Buffer overflow in Skia.
     - CVE-2014-7905: Flaw allowing navigation to intents that do not have the
       BROWSABLE category.
     - CVE-2014-7906: Use-after-free in pepper plugins.
     - CVE-2014-0574: Double-free in Flash.
     - CVE-2014-7907: Use-after-free in blink.
     - CVE-2014-7908: Integer overflow in media.
     - CVE-2014-7909: Uninitialized memory read in Skia.
     - CVE-2014-7910: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/patches/search-credit.patch: Include "client" in google search
     prepopulated template's parameters.
   * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has
     parameter.
   * debian/source/lintian-overrides: Ignore android tools we don't use.
   * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we
     configure to have no symbols in builder (because they are humongous
     otherwise).
   * debian/control: Bump standards version. Version dep "bash". Remove
     duplicate language from package descriptions.
   * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test
     for dead NPAPI unity-webapps extension.
Checksums-Sha1:
 b94b11d7a447c1e2c2ed2e8f9aea15e59e0694c3 2888 chromium-browser_39.0.2171.65-0ubuntu1.1108.dsc
 bc807258a86c1eebe262d63a098c91bf354d3f75 254604 chromium-browser_39.0.2171.65-0ubuntu1.1108.debian.tar.xz
Checksums-Sha256:
 e7d4b4888bbcdca323a39cf41179fd2d86ea99de97e197162cec9d3e0742508c 2888 chromium-browser_39.0.2171.65-0ubuntu1.1108.dsc
 5c6a4ceb7e31c0a7ae7097a69a2943b1efe5403d820bcabea5e46f8d644a17aa 254604 chromium-browser_39.0.2171.65-0ubuntu1.1108.debian.tar.xz
Files:
 442620140eea32b3b890ce4342e5a8b0 2888 web optional chromium-browser_39.0.2171.65-0ubuntu1.1108.dsc
 0a791d5654e360f93f508a134ee0f3bd 254604 web optional chromium-browser_39.0.2171.65-0ubuntu1.1108.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUdbp+AAoJEGEfvezVlG4P+/oH+wZ15rFoCxKCweodoZEIkc90
ZxFzytKw8J9fvr+bE2QT5nBbBI3+o+8woFQ5Sr+ak0l+jRbasqBBy640nk5dusDt
QQMMFtoAGHS67gMcxTIymwXqUap/Tmp/u5RTOhJpu2+7thZb/BUl72D72E2qEUT7
VyvI1vnNJjcsg9lPki6haldX/0DafojNERO9F3RuVsVvEMf+KJQ17GT9arOK/0dV
xnhxp0dH/414T/ibkFien/RKySdLl7hD6df+uScbofKs68yZUB64FnK0oLrERb9q
Wm64fipcnodopuu4i75yESwge12k8uESuh2zxwp3rJlzITEVSfvPZbe/tpzvYBg=
=YXN8
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list