chromium-browser 53.0.2785.143-0ubuntu1.1307 source package in Ubuntu
Changelog
chromium-browser (53.0.2785.143-0ubuntu1.1307) yakkety; urgency=medium * Upstream release 53.0.2785.143: - CVE-2016-5177: Use after free in V8. - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.113: - CVE-2016-5170: Use after free in Blink. - CVE-2016-5171: Use after free in Blink. - CVE-2016-5172: Arbitrary Memory Read in v8. - CVE-2016-5173: Extension resource access. - CVE-2016-5174: Popup not correctly suppressed. - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.89: - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups functions. * debian/rules, debian/control: Force using gcc-5 compiler. * Use system libraries for expat, speex, zlib, opus, png, jpeg. * Also build for arm64 architecture. * Don't compile in cups support by default on all architectures. * Upstream release 52.0.2743.116: - CVE-2016-5141 Address bar spoofing. - CVE-2016-5142 Use-after-free in Blink. - CVE-2016-5139 Heap overflow in pdfium. - CVE-2016-5140 Heap overflow in pdfium. - CVE-2016-5145 Same origin bypass for images in Blink. - CVE-2016-5143 Parameter sanitization failure in DevTools. - CVE-2016-5144 Parameter sanitization failure in DevTools. - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. * Exclude harfbuzz and libxslt from system-library use. * Upstream release 52.0.2743.82: - CVE-2016-1706: Sandbox escape in PPAPI. - CVE-2016-1707: URL spoofing on iOS. - CVE-2016-1708: Use-after-free in Extensions. - CVE-2016-1709: Heap-buffer-overflow in sfntly. - CVE-2016-1710: Same-origin bypass in Blink. - CVE-2016-1711: Same-origin bypass in Blink. - CVE-2016-5127: Use-after-free in Blink. - CVE-2016-5128: Same-origin bypass in V8. - CVE-2016-5129: Memory corruption in V8. - CVE-2016-5130: URL spoofing. - CVE-2016-5131: Use-after-free in libxml. - CVE-2016-5132: Limited same-origin bypass in Service Workers. - CVE-2016-5133: Origin confusion in proxy authentication. - CVE-2016-5134: URL leakage via PAC script. - CVE-2016-5135: Content-Security-Policy bypass. - CVE-2016-5136: Use after free in extensions. - CVE-2016-5137: History sniffing with HSTS and CSP. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives * Upstream release 51.0.2704.106 * Upstream release 51.0.2704.103: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. * debian/control: remvove build-dep on clang. * debian/rules: Disable Google Now. Creepy. Might mean downloads of opaque programs too. * debian/rules: Disable Wallet service. * debian/rules: Remove precise-specific conditions. More simple. * debian/rules: In install-validation, don't use mktemp. Hard-code destination. * debian/patches/gsettings-display-scaling: Disable because code moved and needs refactoring. * debian/patches/display-scaling-default-value: Disable because probbly not needed any more. * debian/rules: widevine cdm is not really available in this source. No longer lie about that. * Set new GOOG keys to bisect service overuse problem. * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow it in sandbox filter. Also, undefine it so we don't use MADV_FREE and thereby depend on it at runtime. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/gsettings-display-scaling, debian/patches/display-scaling-default-value, reenable DPI scaling taken from dconf. * debian/rules: explicitly set target arch for arm64. * debian/patches/series, debian/rules: Re-enable widevine component. -- Chad MILLER <email address hidden> Thu, 29 Sep 2016 16:54:11 -0400
Upload details
- Uploaded by:
- Chad Miller
- Sponsored by:
- Chris Coulson
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- armhf armel i386 amd64 arm64 all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
chromium-browser_53.0.2785.143.orig.tar.xz | 439.5 MiB | c52a58b79bfb27bb87e4a0a6ff213001485fbc747657b290f75d39ddce07dcc3 |
chromium-browser_53.0.2785.143-0ubuntu1.1307.debian.tar.xz | 530.7 KiB | 39e3290ed7409a8302e4ea986cb2f54571af99d19fc4bd0700a390fae4014e5a |
chromium-browser_53.0.2785.143-0ubuntu1.1307.dsc | 2.9 KiB | f42eb96c74a5db06e55a46d50c2d743e81432410c174d34fd57be2e4edd07bc4 |
Available diffs
Binary packages built by this source
- chromium-browser: No summary available for chromium-browser in ubuntu yakkety.
No description available for chromium-browser in ubuntu yakkety.
- chromium-browser-dbgsym: No summary available for chromium-browser-dbgsym in ubuntu yakkety.
No description available for chromium-
browser- dbgsym in ubuntu yakkety.
- chromium-browser-l10n: No summary available for chromium-browser-l10n in ubuntu yakkety.
No description available for chromium-
browser- l10n in ubuntu yakkety.
- chromium-chromedriver: No summary available for chromium-chromedriver in ubuntu yakkety.
No description available for chromium-
chromedriver in ubuntu yakkety.
- chromium-chromedriver-dbgsym: No summary available for chromium-chromedriver-dbgsym in ubuntu zesty.
No description available for chromium-
chromedriver- dbgsym in ubuntu zesty.
- chromium-codecs-ffmpeg: No summary available for chromium-codecs-ffmpeg in ubuntu yakkety.
No description available for chromium-
codecs- ffmpeg in ubuntu yakkety.
- chromium-codecs-ffmpeg-dbgsym: No summary available for chromium-codecs-ffmpeg-dbgsym in ubuntu zesty.
No description available for chromium-
codecs- ffmpeg- dbgsym in ubuntu zesty.
- chromium-codecs-ffmpeg-extra: No summary available for chromium-codecs-ffmpeg-extra in ubuntu zesty.
No description available for chromium-
codecs- ffmpeg- extra in ubuntu zesty.
- chromium-codecs-ffmpeg-extra-dbgsym: No summary available for chromium-codecs-ffmpeg-extra-dbgsym in ubuntu yakkety.
No description available for chromium-
codecs- ffmpeg- extra-dbgsym in ubuntu yakkety.