[ubuntu/wily-security] chromium-browser 49.0.2623.87-0ubuntu0.15.10.1.1222 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Mon Mar 21 22:55:08 UTC 2016


chromium-browser (49.0.2623.87-0ubuntu0.15.10.1.1222) wily-security; urgency=medium

  * debian/patches/system-xdg-settings: Insist on using system xdg utilities.
  * Upstream release 49.0.2623.87:
    - CVE-2016-1643: Type confusion in Blink.
    - CVE-2016-1644: Use-after-free in Blink.
    - CVE-2016-1645: Out-of-bounds write in PDFium.
  * Upstream release 49.0.2623.75:
    - CVE-2016-1630: Same-origin bypass in Blink.
    - CVE-2016-1631: Same-origin bypass in Pepper Plugin.
    - CVE-2016-1632: Bad cast in Extensions.
    - CVE-2016-1633: Use-after-free in Blink.
    - CVE-2016-1634: Use-after-free in Blink.
    - CVE-2016-1635: Use-after-free in Blink.
    - CVE-2016-1636: SRI Validation Bypass.
    - CVE-2015-8126: Out-of-bounds access in libpng.
    - CVE-2016-1637: Information Leak in Skia.
    - CVE-2016-1638: WebAPI Bypass.
    - CVE-2016-1639: Use-after-free in WebRTC.
    - CVE-2016-1640: Origin confusion in Extensions UI. 
    - CVE-2016-1641: Use-after-free in Favicon.
    - CVE-2016-1642: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
      (currently 4.9.385.26).
  * debian/rules: No longer fabricate snap package as side effect.
  * debian/control: build-dep on libffi-dev, mesa-common-dev.
  * debian/patches/format-flag: Remove patch.

Date: 2016-03-16 17:53:13.933991+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/49.0.2623.87-0ubuntu0.15.10.1.1222
-------------- next part --------------
Sorry, changesfile not available.


More information about the Wily-changes mailing list