[ubuntu/yakkety-proposed] chromium-browser 50.0.2661.102-0ubuntu1.1242 (Accepted)

Chad MILLER chad.miller at canonical.com
Wed May 18 17:53:42 UTC 2016 

chromium-browser (50.0.2661.102-0ubuntu1.1242) yakkety; urgency=medium

  * Upstream release 50.0.2661.102:
    - CVE-2016-1667: Same origin bypass in DOM.
    - CVE-2016-1668: Same origin bypass in Blink V8 bindings.
    - CVE-2016-1669: Buffer overflow in V8.
    - CVE-2016-1670: Race condition in loader.
    - CVE-2016-1671: Directory traversal using the file scheme on Android.
  * Upstream release 50.0.2661.94:
    - CVE-2016-1660: Out-of-bounds write in Blink.
    - CVE-2016-1661: Memory corruption in cross-process frames.
    - CVE-2016-1662: Use-after-free in extensions.
    - CVE-2016-1663: Use-after-free in Blink’s V8 bindings.
    - CVE-2016-1664: Address bar spoofing.
    - CVE-2016-1665: Information leak in V8.
    - CVE-2016-1666: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 50.0.2661.75:
    - CVE-2016-1652: Universal XSS in extension bindings.
    - CVE-2016-1653: Out-of-bounds write in V8.
    - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
    - CVE-2016-1654: Uninitialized memory read in media.
    - CVE-2016-1655: Use-after-free related to extensions.
    - CVE-2016-1656: Android downloaded file path restriction bypass.
    - CVE-2016-1657: Address bar spoofing.
    - CVE-2016-1658: Potential leak of sensitive information to malicious
      extensions.
    - CVE-2015-1659: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/patches/seccomp-allow-set-robust-list: pass through syscall
    set_robust_list. glibc nptl thread creation uses it.
  * debian/rules: use new libsecret way of contacting keyring.
  * debian/patches/blink-platform-export-class: avoid Trusty bug where
    WebKit Platform class vtable not found at link time.
  * debian/apport/chromium-browser.py: Handle case when crash and no
    chromium directory exists. Still report errors in apport.

Date: Fri, 13 May 2016 10:52:23 -0400
Changed-By: Chad MILLER <chad.miller at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/50.0.2661.102-0ubuntu1.1242
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 13 May 2016 10:52:23 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-chromedriver chromium-chromedriver-dbg
Architecture: source
Version: 50.0.2661.102-0ubuntu1.1242
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chad MILLER <chad.miller at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-chromedriver-dbg - chromium-chromedriver debug symbols
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes:
 chromium-browser (50.0.2661.102-0ubuntu1.1242) yakkety; urgency=medium
 .
   * Upstream release 50.0.2661.102:
     - CVE-2016-1667: Same origin bypass in DOM.
     - CVE-2016-1668: Same origin bypass in Blink V8 bindings.
     - CVE-2016-1669: Buffer overflow in V8.
     - CVE-2016-1670: Race condition in loader.
     - CVE-2016-1671: Directory traversal using the file scheme on Android.
   * Upstream release 50.0.2661.94:
     - CVE-2016-1660: Out-of-bounds write in Blink.
     - CVE-2016-1661: Memory corruption in cross-process frames.
     - CVE-2016-1662: Use-after-free in extensions.
     - CVE-2016-1663: Use-after-free in Blink’s V8 bindings.
     - CVE-2016-1664: Address bar spoofing.
     - CVE-2016-1665: Information leak in V8.
     - CVE-2016-1666: Various fixes from internal audits, fuzzing and other
       initiatives.
   * Upstream release 50.0.2661.75:
     - CVE-2016-1652: Universal XSS in extension bindings.
     - CVE-2016-1653: Out-of-bounds write in V8.
     - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
     - CVE-2016-1654: Uninitialized memory read in media.
     - CVE-2016-1655: Use-after-free related to extensions.
     - CVE-2016-1656: Android downloaded file path restriction bypass.
     - CVE-2016-1657: Address bar spoofing.
     - CVE-2016-1658: Potential leak of sensitive information to malicious
       extensions.
     - CVE-2015-1659: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/patches/seccomp-allow-set-robust-list: pass through syscall
     set_robust_list. glibc nptl thread creation uses it.
   * debian/rules: use new libsecret way of contacting keyring.
   * debian/patches/blink-platform-export-class: avoid Trusty bug where
     WebKit Platform class vtable not found at link time.
   * debian/apport/chromium-browser.py: Handle case when crash and no
     chromium directory exists. Still report errors in apport.
Checksums-Sha1:
 db8196b943acb8f7919895cc7e4b372b28a14066 2952 chromium-browser_50.0.2661.102-0ubuntu1.1242.dsc
 73ce7f0477aad67aebd44fefd169dfbddd6fddfc 541064 chromium-browser_50.0.2661.102-0ubuntu1.1242.debian.tar.xz
Checksums-Sha256:
 2deb805930cd0d034b3181e92073be23541a5255342abd0ac2f788660b52b0f2 2952 chromium-browser_50.0.2661.102-0ubuntu1.1242.dsc
 63cf2cdb34bde05befba154e488b638fd4669fb2259447fa7cc80debb3cb8757 541064 chromium-browser_50.0.2661.102-0ubuntu1.1242.debian.tar.xz
Files:
 d40fef93a6dee773f499df4fceed4fe8 2952 web optional chromium-browser_50.0.2661.102-0ubuntu1.1242.dsc
 2074d344d48b8846cfdfd08ce114ccc3 541064 web optional chromium-browser_50.0.2661.102-0ubuntu1.1242.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXPKtTAAoJEGEfvezVlG4PFB8H/3n383j0sBJouoA0SNLgdWi3
p48143oMQ49fI5HvxLH+6FBGvZpPDhJ0MMK7Ckk3yoi7Sd50yC3bWq99QPn9gl3T
+AjDsQ1nc+wzQ/irocEYx9aQTO+cqMkc1zca4wzsfcX+hEYXXlRyk6ulf8+XlXyE
tbF+KQG+weDEGx6xf+ObSLbsJ+rcN9ZvGCX3bCumnVl6rltNn1hWunlxCmTlJHMd
8FW7MeM+UO9nyj/I2R1cHPWIsk+i0NoISdtEWHTRndFVKbpwsUaTX9ZquPwZRbc5
zwy0jnA2ZOEToNlO4o6TLff5f+II9AYwUngi69NFj+MdL4XDXB7CpmSbxz+j+l4=
=O15B
-----END PGP SIGNATURE-----

More information about the Yakkety-changes mailing list