[ubuntu/vivid-security] chromium-browser 44.0.2403.89-0ubuntu0. (Accepted)

Chris Coulson chris.coulson at canonical.com
Wed Aug 19 11:26:25 UTC 2015

chromium-browser (44.0.2403.89-0ubuntu0. vivid-security; urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different. 
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that 
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately 
    than chromium. Depend with version specification also.

Date: 2015-07-28 18:29:29.333883+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Vivid-changes mailing list