chromium-browser (89.0.4389.82-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 89.0.4389.82
chromium-browser (89.0.4389.72-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 89.0.4389.72
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
* debian/rules: remove google_default_client_id and
google_default_client_secret per
https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/Y73W4CecCQAJ
* debian/patches/closure-compiler-java-no-client-vm.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-c++17ism.patch: refreshed
* debian/patches/gtk-symbols-conditional.patch: refreshed
* debian/patches/revert-newer-xcb-requirement.patch: refreshed
* debian/patches/revert-sequence-checker-capability-name.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/snappy-fix-amd64-build.patch: added
* debian/patches/stl-util-old-clang-compatibility.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
chromium-browser (88.0.4324.182-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 88.0.4324.182
- CVE-2021-21149: Stack overflow in Data Transfer.
- CVE-2021-21150: Use after free in Downloads.
- CVE-2021-21151: Use after free in Payments.
- CVE-2021-21152: Heap buffer overflow in Media.
- CVE-2021-21153: Stack overflow in GPU Process.
- CVE-2021-21154: Heap buffer overflow in Tab Strip.
- CVE-2021-21155: Heap buffer overflow in Tab Strip.
- CVE-2021-21156: Heap buffer overflow in V8.
- CVE-2021-21157: Use after free in Web Sockets.
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
chromium-browser (88.0.4324.150-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 88.0.4324.150
- CVE-2021-21148: Heap buffer overflow in V8.
chromium-browser (88.0.4324.146-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 88.0.4324.146
- CVE-2021-21142: Use after free in Payments .
- CVE-2021-21143: Heap buffer overflow in Extensions.
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts.
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia.
chromium-browser (88.0.4324.96-0ubuntu0.16.04.2) xenial; urgency=medium
* debian/rules: do not build with optimize_webui=false (LP: #1913069)
* debian/known_gn_gen_args-*: remove (long gone) use_vulcanize build flag
chromium-browser (88.0.4324.96-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 88.0.4324.96
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome.
- CVE-2021-21118: Insufficient data validation in V8.
- CVE-2021-21119: Use after free in Media.
- CVE-2021-21120: Use after free in WebSQL.
- CVE-2021-21121: Use after free in Omnibox.
- CVE-2021-21122: Use after free in Blink.
- CVE-2021-21123: Insufficient data validation in File System API.
- CVE-2021-21124: Potential user after free in Speech Recognizer.
- CVE-2021-21125: Insufficient policy enforcement in File System API.
- CVE-2020-16044: Use after free in WebRTC.
- CVE-2021-21126: Insufficient policy enforcement in extensions.
- CVE-2021-21127: Insufficient policy enforcement in extensions.
- CVE-2021-21128: Heap buffer overflow in Blink.
- CVE-2021-21129: Insufficient policy enforcement in File System API.
- CVE-2021-21130: Insufficient policy enforcement in File System API.
- CVE-2021-21131: Insufficient policy enforcement in File System API.
- CVE-2021-21132: Inappropriate implementation in DevTools.
- CVE-2021-21133: Insufficient policy enforcement in Downloads.
- CVE-2021-21134: Incorrect security UI in Page Info.
- CVE-2021-21135: Inappropriate implementation in Performance API.
- CVE-2021-21136: Insufficient policy enforcement in WebView.
- CVE-2021-21137: Inappropriate implementation in DevTools.
- CVE-2021-21138: Use after free in DevTools.
- CVE-2021-21139: Inappropriate implementation in iframe sandbox.
- CVE-2021-21140: Uninitialized Use in USB.
- CVE-2021-21141: Insufficient policy enforcement in File System API.
* debian/control: do not suggest installing adobe-flashplugin (Flash is EOL)
* debian/rules:
- build with use_allocator_shim=false to replace the default-allocator patch
- remove is_desktop_linux build flag
- build with use_vaapi=false to prevent the default on amd64 and i386 (since
https://chromium.googlesource.com/chromium/src/+/7bc2776), because this
requires a version of libva newer than what is available in xenial
* debian/apport/chromium-browser.py: update the list of related packages
* debian/chromium-browser.sh.in: do not try to detect Flash plugin
* debian/patches/add-missing-minigbm-dep.patch: refreshed
* debian/patches/closure-compiler-java-no-client-vm.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: removed, no longer needed
* debian/patches/fix-c++17ism.patch: refreshed
* debian/patches/fix-ptrace-header-include.patch: refreshed
* debian/patches/no-dirmd.patch: added
* debian/patches/revert-newer-xcb-requirement.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/stl-util-old-clang-compatibility.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*: remove is_desktop_linux build flag
chromium-browser (87.0.4280.141-0ubuntu0.16.04.2) xenial; urgency=medium
* debian/patches/wayland-scanner-add-missing-include.patch: added
chromium-browser (87.0.4280.141-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 87.0.4280.141
- CVE-2021-21106: Use after free in autofill.
- CVE-2021-21107: Use after free in drag and drop.
- CVE-2021-21108: Use after free in media.
- CVE-2021-21109: Use after free in payments.
- CVE-2021-21110: Use after free in safe browsing.
- CVE-2021-21111: Insufficient policy enforcement in WebUI.
- CVE-2021-21112: Use after free in Blink.
- CVE-2021-21113: Heap buffer overflow in Skia.
- CVE-2020-16043: Insufficient data validation in networking.
- CVE-2021-21114: Use after free in audio.
- CVE-2020-15995: Out of bounds write in V8.
- CVE-2021-21115: Use after free in safe browsing.
- CVE-2021-21116: Heap buffer overflow in audio.
chromium-browser (87.0.4280.88-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 87.0.4280.88
Date: 2021-03-07 05:53:12.908759+00:00
Changed-By: Olivier Tilloy <olivier.til...@canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/89.0.4389.82-0ubuntu0.16.04.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
