Change log for chromium package in Debian
151 → 195 of 195 results | First • Previous • Next • Last |
Superseded in sid-release |
chromium (80.0.3987.162-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6452: Heap buffer overflow in media. Reported by asnine -- Michael Gilbert <email address hidden> Wed, 01 Apr 2020 04:30:14 +0000
Superseded in sid-release |
chromium (80.0.3987.149-1) unstable; urgency=medium * New upstream security release. - CVE-2019-20503: Out of bounds read in usersctplib. Reported by Natalie Silvanovich - CVE-2020-6422: Use after free in WebGL. Reported by David Manouchehri - CVE-2020-6424: Use after free in media. Reported by Sergei Glazunov - CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6426: Inappropriate implementation in V8. Reported by Avihay Cohen - CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6428: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo -- Michael Gilbert <email address hidden> Fri, 20 Mar 2020 00:18:06 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (81.0.4044.62-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Wed, 18 Mar 2020 04:39:17 +0000
Superseded in sid-release |
chromium (80.0.3987.132-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6420: Insufficient policy enforcement in media. Reported by Taras Uzdenov -- Michael Gilbert <email address hidden> Fri, 06 Mar 2020 16:40:19 +0000
Superseded in sid-release |
chromium (80.0.3987.122-2) unstable; urgency=medium * Reduce debugging symbols to avoid memory exhaustion while linking. -- Michael Gilbert <email address hidden> Tue, 03 Mar 2020 04:15:34 +0000
Superseded in sid-release |
chromium (80.0.3987.122-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne -- Michael Gilbert <email address hidden> Sun, 01 Mar 2020 01:25:59 +0000
Superseded in sid-release |
chromium (80.0.3987.116-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov - CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri - CVE-2020-6386: Use after free in speech. Reported by Zhe Jin -- Michael Gilbert <email address hidden> Sat, 22 Feb 2020 03:01:15 +0000
Superseded in sid-release |
chromium (80.0.3987.106-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen and Rui Zhong - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen - CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh - CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato Moraes and Altieres Rohr * Remove --ignore-gpu-blacklist from the default flags (closes: #947207). * Update standards version to 4.5.0. * Build with clang instead of gcc. -- Michael Gilbert <email address hidden> Sun, 16 Feb 2020 23:33:50 +0000
Superseded in buster-release |
chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and Jianyu Chen - CVE-2019-13726: Heap buffer overflow in password manager. Reported by Sergei Glazunov - CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu - CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and Guang Gong - CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin - CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov - CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian - CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and Zhen Feng - CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous - CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery - CVE-2019-13738: Insufficient policy enforcement in navigation. Reported by Johnathan Norman and Daniel Clark - CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr - CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani - CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng - CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by Prakash - CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera - CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by David Erceg - CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti - CVE-2019-13748: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13750: Insufficient data validation in SQLite. Reported by Wenxiang Qian - CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian - CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13754: Insufficient policy enforcement in extensions. Reported by Cody Crews - CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa - CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil Zhani - CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13758: Insufficient policy enforcement in navigation. Reported by Khalil Zhani - CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu - CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain - CVE-2019-13763: Insufficient policy enforcement in payments. Reported by weiwangpp93 - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov -- Michael Gilbert <email address hidden> Sun, 19 Jan 2020 15:22:38 +0000
Superseded in sid-release |
chromium (79.0.3945.130-2) unstable; urgency=medium * Add libx11-xcb-dev as a build dependency. -- Michael Gilbert <email address hidden> Sun, 19 Jan 2020 08:42:14 +0000
Superseded in sid-release |
chromium (79.0.3945.130-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov * Fix memory instrumentation singleton initialization errors caused by tracing patch included in the previous upload (closes: #945920). -- Michael Gilbert <email address hidden> Sat, 18 Jan 2020 20:26:26 +0000
Superseded in sid-release |
chromium (79.0.3945.79-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert <email address hidden> Thu, 12 Dec 2019 04:36:09 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (79.0.3945.56-1) experimental; urgency=medium * New upstream beta release. * Update standards version to 4.4.1. * Ignore the gpu blacklist by default again. -- Michael Gilbert <email address hidden> Wed, 27 Nov 2019 23:59:29 +0000
Superseded in sid-release |
chromium (78.0.3904.108-1) unstable; urgency=medium * New upstream security release. - CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li - CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li * Disable vaapi on armhf (closes: #944627). -- Michael Gilbert <email address hidden> Wed, 20 Nov 2019 23:46:06 +0000
chromium (78.0.3904.97-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin - CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee - CVE-2019-5875: URL bar spoof. Reported by Khalil Zhani - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo Kim - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu - CVE-2019-13662: CSP bypass. Reported by David Erceg - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell - CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu - CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani - CVE-2019-13668: Global window leak via console. Reported by David Erceg - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr - CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu - CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing - CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo Tiszka - CVE-2019-13691: Omnibox spoof. Reported by David Erceg - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg - CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois and Edward Torkington - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen - CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod - CVE-2019-13711: Cross-context information leak. Reported by David Erceg - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu - CVE-2019-13715: Address bar spoofing. Reported by xisigr - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman - CVE-2019-13717: Notification obscured. Reported by xisigr - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin -- Michael Gilbert <email address hidden> Sat, 09 Nov 2019 19:01:23 +0000
Superseded in sid-release |
chromium (78.0.3904.97-1) unstable; urgency=medium * New upstream security release. * Enable vaapi (closes: #940074). * Fix crash during profile manager shutdown. * Drop libglewmx-dev build dependency (closes: #941050). -- Michael Gilbert <email address hidden> Sat, 09 Nov 2019 03:33:52 +0000
Superseded in sid-release |
chromium (78.0.3904.87-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin - CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee - CVE-2019-5875: URL bar spoof. Reported by Khalil Zhani - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo Kim - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu - CVE-2019-13662: CSP bypass. Reported by David Erceg - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell - CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu - CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani - CVE-2019-13668: Global window leak via console. Reported by David Erceg - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr - CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu - CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing - CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo Tiszka - CVE-2019-13691: Omnibox spoof. Reported by David Erceg - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg - CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois and Edward Torkington - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen - CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod - CVE-2019-13711: Cross-context information leak. Reported by David Erceg - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu - CVE-2019-13715: Address bar spoofing. Reported by xisigr - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman - CVE-2019-13717: Notification obscured. Reported by xisigr - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin * Drop support for building with gcc 6 and gtk 2. -- Michael Gilbert <email address hidden> Sat, 02 Nov 2019 22:30:42 +0000
Superseded in sid-release |
chromium (76.0.3809.100-1) unstable; urgency=medium * New upstream security release. - CVE-2019-5867: Out-of-bounds read in V8. Reported by Lucas Pinheiro - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction. Reported by banananapenguin -- Michael Gilbert <email address hidden> Fri, 09 Aug 2019 19:58:55 +0000
Superseded in sid-release |
chromium (76.0.3809.87-2) unstable; urgency=medium * Fix inverted logic in enum comparison (closes: #933598). -- Michael Gilbert <email address hidden> Sat, 03 Aug 2019 14:31:59 +0000
Superseded in sid-release |
chromium (76.0.3809.87-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex - CVE-2019-5848: Font sizes may expose sensitive information. Reported by Mark Amery - CVE-2019-5850: Use-after-free in offline page fetcher. Reported by Brendon Tiszka - CVE-2019-5851: Use-after-poison in offline audio context. Reported by Zhe Jin - CVE-2019-5852: Object leak of utility functions. Reported by David Erceg - CVE-2019-5853: Memory corruption in regexp length check. Reported by yngwei and sakura - CVE-2019-5854: Integer overflow in PDFium text rendering. Reported by Zhen Zhou - CVE-2019-5855: Integer overflow in PDFium. Reported by Zhen Zhou - CVE-2019-5856: Insufficient checks on filesystem: URI permissions. Reported by Yongke Wang - CVE-2019-5857: Comparison of -0 and null yields crash. Reported by cloudfuzzer - CVE-2019-5858: Insufficient filtering of Open URL service parameters. Reported by evi1m0 - CVE-2019-5859: res: URIs can load alternative browsers. Reported by James Lee - CVE-2019-5860: Use-after-free in PDFium. Reported by Anonymous - CVE-2019-5861: Click location incorrectly checked. Reported by Robin Linus - CVE-2019-5862: AppCache not robust to compromised renderers. Reported by Jun Kokatsu - CVE-2019-5864: Insufficient port filtering in CORS for extensions. Reported by Devin Grindle - CVE-2019-5865: Site isolation bypass from compromised renderer. Reported by Ivan Fratric * Use legacy call to avoid error in icu 6.3 (closes: #932049). -- Michael Gilbert <email address hidden> Mon, 29 Jul 2019 23:22:44 +0000
Superseded in sid-release |
chromium (76.0.3809.71-1) unstable; urgency=medium * New upstream beta release. * Recommend system-config-printer (closes: #929106). * Add -fno-delete-null-pointer-checks back into the build flags. -- Michael Gilbert <email address hidden> Wed, 24 Jul 2019 22:51:41 +0000
Superseded in sid-release |
chromium (76.0.3809.62-1) unstable; urgency=medium * New upstream beta release. - Fixes error restoring multiple profiles on startup (closes: #930469). * Update standards version to 4.4.0. -- Michael Gilbert <email address hidden> Wed, 10 Jul 2019 23:52:45 +0000
Superseded in sid-release |
chromium (75.0.3770.90-1) unstable; urgency=medium [ Riku Voipio ] * Fix build on armhf (closes: #930348). [ Michael Gilbert ] * New upstream security release. - CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE * Disable hardware accelerated video (closes: #926032). * Fix signedness error when built with gcc (closes: #914886). - Thanks to Maciej S. Szmigiero. -- Michael Gilbert <email address hidden> Fri, 14 Jun 2019 00:10:43 +0000
Superseded in sid-release |
chromium (75.0.3770.80-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5824: Parameter passing error in media player. Reported by leecraso and Guang Gong - CVE-2019-5825: Out-of-bounds write in V8. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5826: Use-after-free in IndexedDB. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5827: Out-of-bounds access issue in SQLite. Reported by mlfbrown - CVE-2019-5828: Use after free in ServiceWorker. Reported by leecraso and Guang Gong - CVE-2019-5829: Use after free in Download Manager. Reported by Lucas Pinheiro - CVE-2019-5830: Incorrectly credentialed requests in CORS. Reported by Andrew Krasichkov - CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei - CVE-2019-5832: Incorrect CORS handling in XHR. Reported by Sergey Shekyan - CVE-2019-5833: Inconsistent security UI placement. Reported by Khalil Zhani - CVE-2019-5834: URL spoof in Omnibox on iOS. Reported by Khalil Zhani - CVE-2019-5835: Out of bounds read in Swiftshader. Reported by Wenxiang Qian - CVE-2019-5836: Heap buffer overflow in Angle. Reported by Omair - CVE-2019-5837: Cross-origin resources size disclosure in Appcache. Reported by Adam Iwaniuk - CVE-2019-5838: Overly permissive tab access in Extensions. Reported by David Erceg - CVE-2019-5839: Incorrect handling of certain code points in Blink. Reported by Masato Kinugawa - CVE-2019-5840: Popup blocker bypass. Reported by Eliya Stein and Jerome Dangu -- Michael Gilbert <email address hidden> Sun, 09 Jun 2019 18:59:50 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (75.0.3770.10-1) experimental; urgency=medium * New upstream development release. - Fixes crash when launching chromium a second time (closes: #927913). * Document how to use widevine in README.debian (closes: #929026). * Apply vaapi update from the Fedora chromium 73 package (closes: #926032). -- Michael Gilbert <email address hidden> Sun, 09 Jun 2019 18:35:36 +0000
Superseded in sid-release |
chromium (74.0.3729.108-1) unstable; urgency=medium * New upstream stable release. - Eliminates flood of vsync error messages (closes: #901831). - Correctly shuts down when SIGTERM is recieved (closes: #924901). - Fixes regression in hardware accelerated video (closes: #926032). - CVE-2019-5805: Use after free in PDFium. Reported by Anonymous - CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu - CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud - CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer - CVE-2019-5809: Use after free in Blink. Reported by Mark Brand - CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery - CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu - CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic - CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 - CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire - CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru - CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin - CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu - CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg -- Michael Gilbert <email address hidden> Wed, 24 Apr 2019 00:08:54 +0000
chromium (73.0.3683.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin - CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand - CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand - CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny - CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han - CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5793: Excessive permissions for private API in Extensions. Reported by Jun Kokatsu - CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori - CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand - CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand - CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung - CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt - CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu - CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing - CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew Comminos -- Michael Gilbert <email address hidden> Tue, 19 Mar 2019 02:19:17 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (73.0.3683.56-2) experimental; urgency=medium * Fix build failure on armhf. -- Michael Gilbert <email address hidden> Sun, 10 Mar 2019 04:35:32 +0000
Superseded in sid-release |
chromium (72.0.3626.122-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert <email address hidden> Thu, 07 Mar 2019 14:05:20 +0000
Superseded in experimental-release |
chromium (73.0.3683.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 02 Mar 2019 18:02:02 +0000
Superseded in sid-release |
chromium (72.0.3626.121-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5786: Use-after-free in FileReader -- Michael Gilbert <email address hidden> Sat, 02 Mar 2019 16:28:16 +0000
Superseded in experimental-release |
chromium (73.0.3683.39-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 16 Feb 2019 08:40:14 +0000
chromium (72.0.3626.109-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas Pinheiro * Build pdfium using system lcms. * Renable support for kerberos (closes: #916684). * Fix 32-bit type error in the vaapi implementation (closes: #921823). -- Michael Gilbert <email address hidden> Mon, 04 Feb 2019 04:27:06 +0000
Superseded in sid-release |
chromium (72.0.3626.81-1) unstable; urgency=medium * New upstream stable release. - Stack buffer overflow in Skia. Reported by Ivan Fratric - Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand - CVE-2018-17481: Use after free in PDFium. Reported by Anonymous - CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad - CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya - CVE-2019-5756: Use after free in PDFium. Reported by Anonymous - CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis - CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin - CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin - CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin - CVE-2019-5762: Use after free in PDFium. Reported by Anonymous - CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong - CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin - CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin - CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg - CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao - CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu - CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel - CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt - CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou - CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang and Juno Im - CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang - CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani - CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg - CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg - CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao - CVE-2019-5783: Insufficient validation of untrusted input in DevTools. Reported by Shintaro Kobori * Opt out of all Google web service options by default (closes: #916320). * Enable support for hardware accelerated video decoding (closes: #856255). - Thanks to Akarshan Biswas. -- Michael Gilbert <email address hidden> Sat, 02 Feb 2019 05:05:43 +0000
chromium (72.0.3626.53-1) unstable; urgency=medium * New upstream beta release. * Organize the gcc 6 patches. * Update standards version to 4.3.0. * Drop libsrtp from the build dependencies (closes: #918542). -- Michael Gilbert <email address hidden> Sat, 12 Jan 2019 07:17:20 +0000
Superseded in sid-release |
chromium (72.0.3626.7-6) unstable; urgency=medium * Upload to unstable: fix FTBFS on arm64 and armhf -- Riku Voipio <email address hidden> Tue, 08 Jan 2019 14:41:13 +0200
Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-5) experimental; urgency=medium * Fix armhf and arm64 builds -- Riku Voipio <email address hidden> Fri, 04 Jan 2019 16:17:43 +0200
chromium (72.0.3626.7-4) unstable; urgency=medium * Reenable support for widevine (closes: #916058). * Update maintainer to <email address hidden> (closes: #915988). -- Michael Gilbert <email address hidden> Mon, 24 Dec 2018 19:41:02 +0000
Superseded in sid-release |
chromium (72.0.3626.7-3) unstable; urgency=medium * Remove unintended extra brace in arm patch. -- Michael Gilbert <email address hidden> Sun, 16 Dec 2018 22:37:19 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-2) experimental; urgency=medium * Fix build failures on arm. -- Michael Gilbert <email address hidden> Fri, 14 Dec 2018 02:50:58 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium (72.0.3626.7-1) experimental; urgency=medium * New upstream developmental release. -- Michael Gilbert <email address hidden> Tue, 11 Dec 2018 03:31:15 +0000
Superseded in sid-release |
chromium (71.0.3578.80-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous - CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-18336: Use after free in PDFium. Reported by Huyna - CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer - CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin - CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer - CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous - CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer - CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn - CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu - CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera - CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera - CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky - CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg - CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu - CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu - CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu - CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu - CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu - CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn - CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu - Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed - Use after free in Extensions. Reported by Zhe Jin - Inappropriate implementation in Navigation. Reported by Luan Herrera - Inappropriate implementation in Navigation. Reported by Jesper van den Ende - Insufficient policy enforcement in Navigation. Reported by Ryan Pickren - Insufficient policy enforcement in URL Formatter. Reported by evi1m0 -- Michael Gilbert <email address hidden> Wed, 05 Dec 2018 00:45:35 +0000
Superseded in sid-release |
chromium (71.0.3578.62-1) unstable; urgency=medium * New upstream beta release. * Rename the source package to chromium. * Build using the system jsoncpp library. * Remove non-free unrar source from the upstream tarball (closes: #914487). - Requires safe browsing inspection of rar files to be disabled. -- Michael Gilbert <email address hidden> Wed, 21 Nov 2018 02:37:35 +0000
chromium (0.9.13.3-1) unstable; urgency=low * New upstream release - Using the CDROM for music is off by default and the manual page documents the use_cdrom option (Closes: #492446) - bindir/datadir customisations were removed so use ./configure args * Improve the descriptions for the chromium & chromium-data packages. -- Paul Wise <email address hidden> Thu, 19 Feb 2009 14:01:45 +0900
chromium (0.9.13.2-1) unstable; urgency=low * New upstream bugfix release -- Paul Wise <email address hidden> Fri, 25 Jul 2008 18:23:45 +0800
151 → 195 of 195 results | First • Previous • Next • Last |