[ubuntu/vivid-proposed] chromium-browser 41.0.2272.76-0ubuntu1.1134 (Accepted)

Chad MILLER chad.miller at canonical.com
Mon Mar 9 16:50:07 UTC 2015 

chromium-browser (41.0.2272.76-0ubuntu1.1134) vivid; urgency=medium

  * Upstream release 41.0.2272.76:
    - CVE-2015-1212: Out-of-bounds write in media.
    - CVE-2015-1213: Out-of-bounds write in skia filters.
    - CVE-2015-1214: Out-of-bounds write in skia filters.
    - CVE-2015-1215: Out-of-bounds write in skia filters.
    - CVE-2015-1216: Use-after-free in v8 bindings.
    - CVE-2015-1217: Type confusion in v8 bindings.
    - CVE-2015-1218: Use-after-free in dom.
    - CVE-2015-1219: Integer overflow in webgl.
    - CVE-2015-1220: Use-after-free in gif decoder.
    - CVE-2015-1221: Use-after-free in web databases.
    - CVE-2015-1222: Use-after-free in service workers.
    - CVE-2015-1223: Use-after-free in dom.
    - CVE-2015-1230: Type confusion in v8.
    - CVE-2015-1224: Out-of-bounds read in vpxdecoder.
    - CVE-2015-1225: Out-of-bounds read in pdfium.
    - CVE-2015-1226: Validation issue in debugger.
    - CVE-2015-1227: Uninitialized value in blink.
    - CVE-2015-1228: Uninitialized value in rendering.
    - CVE-2015-1229: Cookie injection via proxies.
    - CVE-2015-1231: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 40.0.2214.115.
  * debian/patches/coordinate-space-map: Backport v43 and unofficial
    coordinate mapping to fix some high-dpi problems in popup menu placement.
  * debian/apport/chromium-browser.py: Simplify. Use more standard functions
    from apport utility. Add CPU usage information. Add bargraph of "running"
    processes, so bugpatterns can sort away busy machines, and then classify
    remainder according to procline "gpu-vendor=id" param.
  * debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the
    GPU is really hung, the extra time matters little. It's probably not
    recoverable. Reviews of apport reports find no common thread among GPUs
    vendors. Notes at  crbug.com/221882  suggest busy CPUs could trigger hang.
    Will additionally use apport bugpatterns to comb dmesg for actual crashes
    and route to specific GPU-driver bugs.

Date: Wed, 04 Mar 2015 10:25:03 -0500
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/41.0.2272.76-0ubuntu1.1134
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Mar 2015 10:25:03 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 41.0.2272.76-0ubuntu1.1134
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
 chromium-browser (41.0.2272.76-0ubuntu1.1134) vivid; urgency=medium
 .
   * Upstream release 41.0.2272.76:
     - CVE-2015-1212: Out-of-bounds write in media.
     - CVE-2015-1213: Out-of-bounds write in skia filters.
     - CVE-2015-1214: Out-of-bounds write in skia filters.
     - CVE-2015-1215: Out-of-bounds write in skia filters.
     - CVE-2015-1216: Use-after-free in v8 bindings.
     - CVE-2015-1217: Type confusion in v8 bindings.
     - CVE-2015-1218: Use-after-free in dom.
     - CVE-2015-1219: Integer overflow in webgl.
     - CVE-2015-1220: Use-after-free in gif decoder.
     - CVE-2015-1221: Use-after-free in web databases.
     - CVE-2015-1222: Use-after-free in service workers.
     - CVE-2015-1223: Use-after-free in dom.
     - CVE-2015-1230: Type confusion in v8.
     - CVE-2015-1224: Out-of-bounds read in vpxdecoder.
     - CVE-2015-1225: Out-of-bounds read in pdfium.
     - CVE-2015-1226: Validation issue in debugger.
     - CVE-2015-1227: Uninitialized value in blink.
     - CVE-2015-1228: Uninitialized value in rendering.
     - CVE-2015-1229: Cookie injection via proxies.
     - CVE-2015-1231: Various fixes from internal audits, fuzzing and other
       initiatives.
   * Upstream release 40.0.2214.115.
   * debian/patches/coordinate-space-map: Backport v43 and unofficial
     coordinate mapping to fix some high-dpi problems in popup menu placement.
   * debian/apport/chromium-browser.py: Simplify. Use more standard functions
     from apport utility. Add CPU usage information. Add bargraph of "running"
     processes, so bugpatterns can sort away busy machines, and then classify
     remainder according to procline "gpu-vendor=id" param.
   * debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the
     GPU is really hung, the extra time matters little. It's probably not
     recoverable. Reviews of apport reports find no common thread among GPUs
     vendors. Notes at  crbug.com/221882  suggest busy CPUs could trigger hang.
     Will additionally use apport bugpatterns to comb dmesg for actual crashes
     and route to specific GPU-driver bugs.
Checksums-Sha1:
 11382868d180c60a5289c38114f6f1a5b13c89a8 2904 chromium-browser_41.0.2272.76-0ubuntu1.1134.dsc
 b0ba1c98b742930e3d1f085562386d4232387b5c 606088 chromium-browser_41.0.2272.76-0ubuntu1.1134.debian.tar.xz
Checksums-Sha256:
 9d46a547366af473a3df3e6a60605ddfbf085259748444827f96f9f48f076026 2904 chromium-browser_41.0.2272.76-0ubuntu1.1134.dsc
 09437161845c85de5c4a57cac059d9ea294ff62db5b9845dab01168c125f9490 606088 chromium-browser_41.0.2272.76-0ubuntu1.1134.debian.tar.xz
Files:
 594c623be121b8ea1b5cde84b7f56c40 2904 web optional chromium-browser_41.0.2272.76-0ubuntu1.1134.dsc
 7878afc5ebd24d7df95ec4f835af5623 606088 web optional chromium-browser_41.0.2272.76-0ubuntu1.1134.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU/c4VAAoJEGEfvezVlG4PIMYIAJ25oGxYzWov9wAGOaSUcn8Z
k/O9SqOY1N9MjPFBASQ+qO+IlilK5TDSOvY8B85pMgIONbAZWVgwIByX7f8i0q8z
1yeGNF/4MazIL5N6SQg0z+ikVS2EOOkBljU6vkigg/CTeYARAvrR/SGnuy58Ge05
+PN8/oOOH0nOF9EWSz3TVrzHM2e1xIrur1cxqjNdweYYOLtiZKfCRSJlmW3Wlp/k
7iQVDj+w0ej/v9L446CUaRumhyYr732UW0Jscl6B0RcPxur0/G3ux2uGrkbG1N2K
Vr3kVCzSwb9nW/jAiASQsgwj3z77JOzCtmblAZOhADYeIFbbOW3WxfFVgGbN4o4=
=SuAB
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list