chromium-browser (47.0.2526.73-0ubuntu1.1218) xenial; urgency=medium * Upstream release 47.0.2526.73: - CVE-2015-6765: Use-after-free in AppCache. - CVE-2015-6766: Use-after-free in AppCache. - CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768: Cross-origin bypass in DOM. - CVE-2015-6769: Cross-origin bypass in core. - CVE-2015-6770: Cross-origin bypass in DOM. - CVE-2015-6771: Out of bounds access in v8. - CVE-2015-6772: Cross-origin bypass in DOM. - CVE-2015-6764: Out of bounds access in v8. - CVE-2015-6773: Out of bounds access in Skia. - CVE-2015-6774: Use-after-free in Extensions. - CVE-2015-6775: Type confusion in PDFium. - CVE-2015-6776: Out of bounds access in PDFium. - CVE-2015-6777: Use-after-free in DOM. - CVE-2015-6778: Out of bounds access in PDFium. - CVE-2015-6779: Scheme bypass in PDFium. - CVE-2015-6780: Use-after-free in Infobars. - CVE-2015-6781: Integer overflow in Sfntly. - CVE-2015-6782: Content spoofing in Omnibox. - CVE-2015-6783: Signature validation issue in Android Crazy Linker. - CVE-2015-6784: Escaping issue in saved pages. - CVE-2015-6785: Wildcard matching issue in CSP. - CVE-2015-6786: Scheme bypass in CSP. - CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23). * Upstream release 46.0.2490.86: - CVE-2015-1302: Information leak in PDF viewer. * Upstream release 46.0.2490.71: - CVE-2015-6755: Cross-origin bypass in Blink. - CVE-2015-6756: Use-after-free in PDFium. - CVE-2015-6757: Use-after-free in ServiceWorker. - CVE-2015-6758: Bad-cast in PDFium. - CVE-2015-6759: Information leakage in LocalStorage. - CVE-2015-6760: Improper error handling in libANGLE. - CVE-2015-6761: Memory corruption in FFMpeg. - CVE-2015-6762: CORS bypass via CSS fonts. - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/gpu-hangs: remove. Not useful. * Switch to Clang to compile. * debian/rules: Explicitly create remoting resources. * debian/patches/cr46-missing-test-files: * debian/rules: support screen sharing in Hangouts. * debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer local xdg-settings. * debian/chromium-browser.desktop: Don't override WM class matching.
Date: Tue, 01 Dec 2015 15:37:11 -0500 Changed-By: Chad MILLER <chad.mil...@canonical.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Signed-By: Chris Coulson <chris.coul...@canonical.com> https://launchpad.net/ubuntu/+source/chromium-browser/47.0.2526.73-0ubuntu1.1218
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 01 Dec 2015 15:37:11 -0500 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg Architecture: source Version: 47.0.2526.73-0ubuntu1.1218 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Chad MILLER <chad.mil...@canonical.com> Description: chromium-browser - Chromium web browser, open-source version of Chrome chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-chromedriver - WebDriver driver for the Chromium Browser chromium-chromedriver-dbg - chromium-chromedriver debug symbols chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Changes: chromium-browser (47.0.2526.73-0ubuntu1.1218) xenial; urgency=medium . * Upstream release 47.0.2526.73: - CVE-2015-6765: Use-after-free in AppCache. - CVE-2015-6766: Use-after-free in AppCache. - CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768: Cross-origin bypass in DOM. - CVE-2015-6769: Cross-origin bypass in core. - CVE-2015-6770: Cross-origin bypass in DOM. - CVE-2015-6771: Out of bounds access in v8. - CVE-2015-6772: Cross-origin bypass in DOM. - CVE-2015-6764: Out of bounds access in v8. - CVE-2015-6773: Out of bounds access in Skia. - CVE-2015-6774: Use-after-free in Extensions. - CVE-2015-6775: Type confusion in PDFium. - CVE-2015-6776: Out of bounds access in PDFium. - CVE-2015-6777: Use-after-free in DOM. - CVE-2015-6778: Out of bounds access in PDFium. - CVE-2015-6779: Scheme bypass in PDFium. - CVE-2015-6780: Use-after-free in Infobars. - CVE-2015-6781: Integer overflow in Sfntly. - CVE-2015-6782: Content spoofing in Omnibox. - CVE-2015-6783: Signature validation issue in Android Crazy Linker. - CVE-2015-6784: Escaping issue in saved pages. - CVE-2015-6785: Wildcard matching issue in CSP. - CVE-2015-6786: Scheme bypass in CSP. - CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23). * Upstream release 46.0.2490.86: - CVE-2015-1302: Information leak in PDF viewer. * Upstream release 46.0.2490.71: - CVE-2015-6755: Cross-origin bypass in Blink. - CVE-2015-6756: Use-after-free in PDFium. - CVE-2015-6757: Use-after-free in ServiceWorker. - CVE-2015-6758: Bad-cast in PDFium. - CVE-2015-6759: Information leakage in LocalStorage. - CVE-2015-6760: Improper error handling in libANGLE. - CVE-2015-6761: Memory corruption in FFMpeg. - CVE-2015-6762: CORS bypass via CSS fonts. - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/gpu-hangs: remove. Not useful. * Switch to Clang to compile. * debian/rules: Explicitly create remoting resources. * debian/patches/cr46-missing-test-files: * debian/rules: support screen sharing in Hangouts. * debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer local xdg-settings. * debian/chromium-browser.desktop: Don't override WM class matching. Checksums-Sha1: 33cb909e2ca783326057dc724bfbd018ef2197d5 2916 chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc 095389857918929951944563a0815034afa31e0b 394631144 chromium-browser_47.0.2526.73.orig.tar.xz 37e25fd2dd7dd547c933e249ab80dbe5df79dab8 541640 chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz Checksums-Sha256: 9df46b64dab2b33058ec4626a3cf5700a9b28626ec2492de0e52eb42375dd7fa 2916 chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc 6d66d01c8ddff6562ff13d30ed65ef0cdc2888d9e4924be615d576b7eb15f4f5 394631144 chromium-browser_47.0.2526.73.orig.tar.xz 05ad10c79115c7224d08b7a0b40ef6b1bf12290f9c4eaa0a7b0effb947213f2c 541640 chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz Files: 609c9fead38a3d50e25be45199a326e6 2916 web optional chromium-browser_47.0.2526.73-0ubuntu1.1218.dsc 5c56e67d110167cd08af145c5d493fb9 394631144 web optional chromium-browser_47.0.2526.73.orig.tar.xz c977a0224189f86f234b554c5cd1a6fb 541640 web optional chromium-browser_47.0.2526.73-0ubuntu1.1218.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWZ2T0AAoJEGEfvezVlG4P7wAH/j5vRPFABFNvUVvd6LTDs5ZT ONrcKKHnJTs5mm9zqJUdM2qZ9leVhcyfQBtF558Bk4L/+BFcv4VEPX0CIGQXyOdL hLtX/PN7Q3XYlVIntxFGb/NDmzUkyD7SyP+xwjzyo46IEcCiSt+ckBox7P3UTkh6 qUh43p5Oy8ei/wOMdZg9i5Ih5sZmTBomO/IqzvSupnhp4CP/2TBfrkFtkpDOCJGr tF+pQ/YBycCwegrwVsi7X3XNBIlCBPjgcv0gUdxNaSDkrcI/tnzdb/bUWrkyWoyc D2wKSt/3ARzYqjPTc6T2dj8kgUYAtKN3TkmnMY2lRu1UWpGMsjaFqLQlm9idQPQ= =pV0f -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes