[ubuntu/wily-proposed] chromium-browser 44.0.2403.89-0ubuntu1.1195 (Accepted)
Chad MILLER
chad.miller at canonical.com
Wed Aug 19 11:37:43 UTC 2015
chromium-browser (44.0.2403.89-0ubuntu1.1195) wily; urgency=medium
* Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
Date: Tue, 28 Jul 2015 11:19:11 -0400
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/44.0.2403.89-0ubuntu1.1195
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Jul 2015 11:19:11 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 44.0.2403.89-0ubuntu1.1195
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-chromedriver-dbg - chromium-chromedriver debug symbols
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 1477662
Changes:
chromium-browser (44.0.2403.89-0ubuntu1.1195) wily; urgency=medium
.
* Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
Checksums-Sha1:
9ca5dd8f1f04bf9348abafb38e45143eb9c120ae 2904 chromium-browser_44.0.2403.89-0ubuntu1.1195.dsc
680c5f6f65333916653c9d06d2fd6555e77bb0db 478752 chromium-browser_44.0.2403.89-0ubuntu1.1195.debian.tar.xz
Checksums-Sha256:
c92f8ecc41e3a02139bfbe2a387a0b7db482652284e45b09e4232d18fd461c41 2904 chromium-browser_44.0.2403.89-0ubuntu1.1195.dsc
0060c764178f8062e4d0a39e8c0f1ab400cd455bbf0b53985770d145f2e7d2e0 478752 chromium-browser_44.0.2403.89-0ubuntu1.1195.debian.tar.xz
Files:
ac9ef7ef570a1604c8098acb9e7fd383 2904 web optional chromium-browser_44.0.2403.89-0ubuntu1.1195.dsc
c6cabf921d5bc34a3ff716dbfaffc8d3 478752 web optional chromium-browser_44.0.2403.89-0ubuntu1.1195.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV1Gn2AAoJEGEfvezVlG4P5WcH/iu8HXivlZri0m1p1RQj9uys
cOiwMH9za7kaIqzPX8bkQ36IEEuBo8nz/ns3K1W9SSH1dvLAhqp7BeF9UeT3tnqG
e+4nij97zEdl0fOziMb9RFGcPDwYyLzL/Bc47vKUNN3B8bvAt5SftO7MgjgjUIl9
3W99uzUOfylPo34XfpMk5gpMl1gNzp7WFs3ID7UK1OIWN1DrCECmFAaxLcW2scOS
yTaSwESOgnKZy/edfl7dgXTV/sqgmTQTzWaA9qKPb7ixFZuajEx9bRp0hJ/C2nWA
qAdHqymQo1MoYCro5VBh/8wZBVVPWfoKiR8/G15tP8TJN5RE/y8sUFNC5z4Tv+Q=
=qVWG
-----END PGP SIGNATURE-----
More information about the Wily-changes
mailing list