[ubuntu/xenial-proposed] chromium-browser 49.0.2623.87-0ubuntu1.1232 (Accepted)

Chad MILLER chad.miller at canonical.com
Mon Mar 21 23:01:25 UTC 2016 

chromium-browser (49.0.2623.87-0ubuntu1.1232) xenial; urgency=medium

  * debian/patches/system-xdg-settings: Insist on using system xdg utilities.
  * Upstream release 49.0.2623.87:
    - CVE-2016-1643: Type confusion in Blink.
    - CVE-2016-1644: Use-after-free in Blink.
    - CVE-2016-1645: Out-of-bounds write in PDFium.
  * Upstream release 49.0.2623.75:
    - CVE-2016-1630: Same-origin bypass in Blink.
    - CVE-2016-1631: Same-origin bypass in Pepper Plugin.
    - CVE-2016-1632: Bad cast in Extensions.
    - CVE-2016-1633: Use-after-free in Blink.
    - CVE-2016-1634: Use-after-free in Blink.
    - CVE-2016-1635: Use-after-free in Blink.
    - CVE-2016-1636: SRI Validation Bypass.
    - CVE-2015-8126: Out-of-bounds access in libpng.
    - CVE-2016-1637: Information Leak in Skia.
    - CVE-2016-1638: WebAPI Bypass.
    - CVE-2016-1639: Use-after-free in WebRTC.
    - CVE-2016-1640: Origin confusion in Extensions UI.
    - CVE-2016-1641: Use-after-free in Favicon.
    - CVE-2016-1642: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
      (currently 4.9.385.26).
  * debian/rules: No longer fabricate snap package as side effect.
  * debian/control: build-dep on libffi-dev, mesa-common-dev.
  * debian/patches/format-flag: Remove patch.

Date: Tue, 15 Mar 2016 09:42:48 -0400
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/49.0.2623.87-0ubuntu1.1232
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 15 Mar 2016 09:42:48 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 49.0.2623.87-0ubuntu1.1232
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
 chromium-browser (49.0.2623.87-0ubuntu1.1232) xenial; urgency=medium
 .
   * debian/patches/system-xdg-settings: Insist on using system xdg utilities.
   * Upstream release 49.0.2623.87:
     - CVE-2016-1643: Type confusion in Blink.
     - CVE-2016-1644: Use-after-free in Blink.
     - CVE-2016-1645: Out-of-bounds write in PDFium.
   * Upstream release 49.0.2623.75:
     - CVE-2016-1630: Same-origin bypass in Blink.
     - CVE-2016-1631: Same-origin bypass in Pepper Plugin.
     - CVE-2016-1632: Bad cast in Extensions.
     - CVE-2016-1633: Use-after-free in Blink.
     - CVE-2016-1634: Use-after-free in Blink.
     - CVE-2016-1635: Use-after-free in Blink.
     - CVE-2016-1636: SRI Validation Bypass.
     - CVE-2015-8126: Out-of-bounds access in libpng.
     - CVE-2016-1637: Information Leak in Skia.
     - CVE-2016-1638: WebAPI Bypass.
     - CVE-2016-1639: Use-after-free in WebRTC.
     - CVE-2016-1640: Origin confusion in Extensions UI.
     - CVE-2016-1641: Use-after-free in Favicon.
     - CVE-2016-1642: Various fixes from internal audits, fuzzing and other
       initiatives.
     - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
       (currently 4.9.385.26).
   * debian/rules: No longer fabricate snap package as side effect.
   * debian/control: build-dep on libffi-dev, mesa-common-dev.
   * debian/patches/format-flag: Remove patch.
Checksums-Sha1:
 69d4cb2f08ba0be6d0a8975c421859eea7403c2a 2945 chromium-browser_49.0.2623.87-0ubuntu1.1232.dsc
 16d1a72b0efc39949286dc4885bd6bbfe77d7406 540396 chromium-browser_49.0.2623.87-0ubuntu1.1232.debian.tar.xz
Checksums-Sha256:
 783d5e7a88ff31beedd2d8ea9a1ea04f12da1471cb9bfc624c327e5e78ca2c06 2945 chromium-browser_49.0.2623.87-0ubuntu1.1232.dsc
 c7810d6fbae2fc562cb0a74866955acabad63fc6c008737828be4adab075e1d1 540396 chromium-browser_49.0.2623.87-0ubuntu1.1232.debian.tar.xz
Files:
 de113bfbe4a512c18270563f89bec531 2945 web optional chromium-browser_49.0.2623.87-0ubuntu1.1232.dsc
 43eb8f6e2bcabd6a4099d090434118c1 540396 web optional chromium-browser_49.0.2623.87-0ubuntu1.1232.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJW8HyRAAoJEGEfvezVlG4PiQIIAIcvPsLVe42eaSohNNVHelwz
NsyAnp4cRrfCJE4O8WSDXPlI+CWUX2hjMBKG0Vo7fzuSsXM9HniV9I6OM5Oj0o0F
5N+NMWh2nTXkFiWBJn4CdxL6zF0ZKTK66tcI3ws3KfADR92MEsbIki2D1WzJv6z6
q0/ju85kF3exTIZ1eFX/XiecMxSy7cTicCy/KVF9ljtIc/qYBv0lD1PwXbAh4dZx
sfqetvmGYT24bxYTRMfZLcB/6i4VaLsMdNPRTmvtTzRCOjGnbUEo4C7sJPEiqbqI
uTFuYYyXKmxLMxwwPPskybuXGWQ3Ru31NZeiXLPsTlXD1ETKiU9G6i5zJVD/KYA=
=Wy4L
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list