[ubuntu/xenial-proposed] chromium-browser 47.0.2526.73-0ubuntu1.1218 (Accepted)
Chad MILLER
chad.miller at canonical.com
Tue Dec 8 23:23:05 UTC 2015
chromium-browser (47.0.2526.73-0ubuntu1.1218) xenial; urgency=medium
* Upstream release 47.0.2526.73:
- CVE-2015-6765: Use-after-free in AppCache.
- CVE-2015-6766: Use-after-free in AppCache.
- CVE-2015-6767: Use-after-free in AppCache.
- CVE-2015-6768: Cross-origin bypass in DOM.
- CVE-2015-6769: Cross-origin bypass in core.
- CVE-2015-6770: Cross-origin bypass in DOM.
- CVE-2015-6771: Out of bounds access in v8.
- CVE-2015-6772: Cross-origin bypass in DOM.
- CVE-2015-6764: Out of bounds access in v8.
- CVE-2015-6773: Out of bounds access in Skia.
- CVE-2015-6774: Use-after-free in Extensions.
- CVE-2015-6775: Type confusion in PDFium.
- CVE-2015-6776: Out of bounds access in PDFium.
- CVE-2015-6777: Use-after-free in DOM.
- CVE-2015-6778: Out of bounds access in PDFium.
- CVE-2015-6779: Scheme bypass in PDFium.
- CVE-2015-6780: Use-after-free in Infobars.
- CVE-2015-6781: Integer overflow in Sfntly.
- CVE-2015-6782: Content spoofing in Omnibox.
- CVE-2015-6783: Signature validation issue in Android Crazy Linker.
- CVE-2015-6784: Escaping issue in saved pages.
- CVE-2015-6785: Wildcard matching issue in CSP.
- CVE-2015-6786: Scheme bypass in CSP.
- CVE-2015-6787: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23).
* Upstream release 46.0.2490.86:
- CVE-2015-1302: Information leak in PDF viewer.
* Upstream release 46.0.2490.71:
- CVE-2015-6755: Cross-origin bypass in Blink.
- CVE-2015-6756: Use-after-free in PDFium.
- CVE-2015-6757: Use-after-free in ServiceWorker.
- CVE-2015-6758: Bad-cast in PDFium.
- CVE-2015-6759: Information leakage in LocalStorage.
- CVE-2015-6760: Improper error handling in libANGLE.
- CVE-2015-6761: Memory corruption in FFMpeg.
- CVE-2015-6762: CORS bypass via CSS fonts.
- CVE-2015-6763: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/gpu-hangs: remove. Not useful.
* Switch to Clang to compile.
* debian/rules: Explicitly create remoting resources.
* debian/patches/cr46-missing-test-files:
* debian/rules: support screen sharing in Hangouts.
* debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer
local xdg-settings.
* debian/chromium-browser.desktop: Don't override WM class matching.
Date: Tue, 01 Dec 2015 15:37:11 -0500
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/47.0.2526.73-0ubuntu1.1218
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 01 Dec 2015 15:37:11 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 47.0.2526.73-0ubuntu1.1218
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-chromedriver-dbg - chromium-chromedriver debug symbols
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
chromium-browser (47.0.2526.73-0ubuntu1.1218) xenial; urgency=medium
.
* Upstream release 47.0.2526.73:
- CVE-2015-6765: Use-after-free in AppCache.
- CVE-2015-6766: Use-after-free in AppCache.
- CVE-2015-6767: Use-after-free in AppCache.
- CVE-2015-6768: Cross-origin bypass in DOM.
- CVE-2015-6769: Cross-origin bypass in core.
- CVE-2015-6770: Cross-origin bypass in DOM.
- CVE-2015-6771: Out of bounds access in v8.
- CVE-2015-6772: Cross-origin bypass in DOM.
- CVE-2015-6764: Out of bounds access in v8.
- CVE-2015-6773: Out of bounds access in Skia.
- CVE-2015-6774: Use-after-free in Extensions.
- CVE-2015-6775: Type confusion in PDFium.
- CVE-2015-6776: Out of bounds access in PDFium.
- CVE-2015-6777: Use-after-free in DOM.
- CVE-2015-6778: Out of bounds access in PDFium.
- CVE-2015-6779: Scheme bypass in PDFium.
- CVE-2015-6780: Use-after-free in Infobars.
- CVE-2015-6781: Integer overflow in Sfntly.
- CVE-2015-6782: Content spoofing in Omnibox.
- CVE-2015-6783: Signature validation issue in Android Crazy Linker.
- CVE-2015-6784: Escaping issue in saved pages.
- CVE-2015-6785: Wildcard matching issue in CSP.
- CVE-2015-6786: Scheme bypass in CSP.
- CVE-2015-6787: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23).
* Upstream release 46.0.2490.86:
- CVE-2015-1302: Information leak in PDF viewer.
* Upstream release 46.0.2490.71:
- CVE-2015-6755: Cross-origin bypass in Blink.
- CVE-2015-6756: Use-after-free in PDFium.
- CVE-2015-6757: Use-after-free in ServiceWorker.
- CVE-2015-6758: Bad-cast in PDFium.
- CVE-2015-6759: Information leakage in LocalStorage.
- CVE-2015-6760: Improper error handling in libANGLE.
- CVE-2015-6761: Memory corruption in FFMpeg.
- CVE-2015-6762: CORS bypass via CSS fonts.
- CVE-2015-6763: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/gpu-hangs: remove. Not useful.
* Switch to Clang to compile.
* debian/rules: Explicitly create remoting resources.
* debian/patches/cr46-missing-test-files:
* debian/rules: support screen sharing in Hangouts.
* debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer
local xdg-settings.
* debian/chromium-browser.desktop: Don't override WM class matching.
Checksums-Sha1:
33cb909e2ca783326057dc724bfbd018ef2197d5 2916 chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc
095389857918929951944563a0815034afa31e0b 394631144 chromium-browser_47.0.2526.73.orig.tar.xz
37e25fd2dd7dd547c933e249ab80dbe5df79dab8 541640 chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz
Checksums-Sha256:
9df46b64dab2b33058ec4626a3cf5700a9b28626ec2492de0e52eb42375dd7fa 2916 chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc
6d66d01c8ddff6562ff13d30ed65ef0cdc2888d9e4924be615d576b7eb15f4f5 394631144 chromium-browser_47.0.2526.73.orig.tar.xz
05ad10c79115c7224d08b7a0b40ef6b1bf12290f9c4eaa0a7b0effb947213f2c 541640 chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz
Files:
609c9fead38a3d50e25be45199a326e6 2916 web optional chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc
5c56e67d110167cd08af145c5d493fb9 394631144 web optional chromium-browser_47.0.2526.73.orig.tar.xz
c977a0224189f86f234b554c5cd1a6fb 541640 web optional chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWZ2T0AAoJEGEfvezVlG4P7wAH/j5vRPFABFNvUVvd6LTDs5ZT
ONrcKKHnJTs5mm9zqJUdM2qZ9leVhcyfQBtF558Bk4L/+BFcv4VEPX0CIGQXyOdL
hLtX/PN7Q3XYlVIntxFGb/NDmzUkyD7SyP+xwjzyo46IEcCiSt+ckBox7P3UTkh6
qUh43p5Oy8ei/wOMdZg9i5Ih5sZmTBomO/IqzvSupnhp4CP/2TBfrkFtkpDOCJGr
tF+pQ/YBycCwegrwVsi7X3XNBIlCBPjgcv0gUdxNaSDkrcI/tnzdb/bUWrkyWoyc
D2wKSt/3ARzYqjPTc6T2dj8kgUYAtKN3TkmnMY2lRu1UWpGMsjaFqLQlm9idQPQ=
=pV0f
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list