[ubuntu/xenial-security] chromium-browser 52.0.2743.116-0ubuntu0.16.04.1.1250 (Accepted)
Chris Coulson
chrisccoulson at ubuntu.com
Tue Sep 6 16:44:13 UTC 2016
chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium
* Upstream release 52.0.2743.116:
- CVE-2016-5141 Address bar spoofing.
- CVE-2016-5142 Use-after-free in Blink.
- CVE-2016-5139 Heap overflow in pdfium.
- CVE-2016-5140 Heap overflow in pdfium.
- CVE-2016-5145 Same origin bypass for images in Blink.
- CVE-2016-5143 Parameter sanitization failure in DevTools.
- CVE-2016-5144 Parameter sanitization failure in DevTools.
- CVE-2016-5146: Various fixes from internal audits, fuzzing and other
initiatives.
* Exclude harfbuzz from system-library use.
* Upstream release 52.0.2743.82:
- CVE-2016-1706: Sandbox escape in PPAPI.
- CVE-2016-1707: URL spoofing on iOS.
- CVE-2016-1708: Use-after-free in Extensions.
- CVE-2016-1709: Heap-buffer-overflow in sfntly.
- CVE-2016-1710: Same-origin bypass in Blink.
- CVE-2016-1711: Same-origin bypass in Blink.
- CVE-2016-5127: Use-after-free in Blink.
- CVE-2016-5128: Same-origin bypass in V8.
- CVE-2016-5129: Memory corruption in V8.
- CVE-2016-5130: URL spoofing.
- CVE-2016-5131: Use-after-free in libxml.
- CVE-2016-5132: Limited same-origin bypass in Service Workers.
- CVE-2016-5133: Origin confusion in proxy authentication.
- CVE-2016-5134: URL leakage via PAC script.
- CVE-2016-5135: Content-Security-Policy bypass.
- CVE-2016-5136: Use after free in extensions.
- CVE-2016-5137: History sniffing with HSTS and CSP.
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/control: remvove build-dep on clang.
* Sync many things from debian:
- No longer build remoting, or install its locale files.
- Use many system libraries, adding build-dep on
- libre2-dev,
- yasm,
- libopus-dev,
- zlib1g-dev,
- libspeex-dev,
- libspeechd-dev,
- libexpat1-dev,
- libpng-dev,
- libxml2-dev,
- libjpeg-dev,
- libwebp-dev,
- libxslt-dev,
- libsrtp-dev,
- libjsoncpp-dev,
- libevent-dev,
- Clean up many parts of debian/rules, wrt variable names
- Set hardening on.
- Use gold linker.
- Disable Google Now. Creepy. Might mean downloads of opaque programs too.
- Disable Wallet service.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
--exclude.
* debian/rules: Don't use tcmalloc on armhf.
* debian/rules: Remove precise-specific conditions. More simple.
* debian/rules: In install-validation, don't use mktemp. Hard-code
destination.
* debian/patches/gsettings-display-scaling: Disable because code moved and
needs refactoring.
* debian/patches/display-scaling-default-value: Disable because probbly not
needed any more.
* debian/rules: widevine cdm is not really available in this source. No
longer lie about that.
* Set new GOOG keys to bisect service overuse problem.
Date: 2016-08-24 22:00:13.791122+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/52.0.2743.116-0ubuntu0.16.04.1.1250
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list