Format: 1.8
Date: Wed, 24 Aug 2016 13:30:26 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: armhf
Version: 52.0.2743.116-0ubuntu0.16.04.1.1250
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-004.buildd>
Changed-By: Chad MILLER <chad.miller@canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium
 .
   * Upstream release 52.0.2743.116:
     - CVE-2016-5141 Address bar spoofing.
     - CVE-2016-5142 Use-after-free in Blink.
     - CVE-2016-5139 Heap overflow in pdfium.
     - CVE-2016-5140 Heap overflow in pdfium.
     - CVE-2016-5145 Same origin bypass for images in Blink.
     - CVE-2016-5143 Parameter sanitization failure in DevTools.
     - CVE-2016-5144 Parameter sanitization failure in DevTools.
     - CVE-2016-5146: Various fixes from internal audits, fuzzing and other
       initiatives.
   * Exclude harfbuzz from system-library use.
   * Upstream release 52.0.2743.82:
     - CVE-2016-1706: Sandbox escape in PPAPI.
     - CVE-2016-1707: URL spoofing on iOS.
     - CVE-2016-1708: Use-after-free in Extensions.
     - CVE-2016-1709: Heap-buffer-overflow in sfntly.
     - CVE-2016-1710: Same-origin bypass in Blink.
     - CVE-2016-1711: Same-origin bypass in Blink.
     - CVE-2016-5127: Use-after-free in Blink.
     - CVE-2016-5128: Same-origin bypass in V8.
     - CVE-2016-5129: Memory corruption in V8.
     - CVE-2016-5130: URL spoofing.
     - CVE-2016-5131: Use-after-free in libxml.
     - CVE-2016-5132: Limited same-origin bypass in Service Workers.
     - CVE-2016-5133: Origin confusion in proxy authentication.
     - CVE-2016-5134: URL leakage via PAC script.
     - CVE-2016-5135: Content-Security-Policy bypass.
     - CVE-2016-5136: Use after free in extensions.
     - CVE-2016-5137: History sniffing with HSTS and CSP.
     - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
       initiatives
   * Upstream release 51.0.2704.106
   * Upstream release 51.0.2704.103:
     - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/control: remvove build-dep on clang.
   * Sync many things from debian:
     - No longer build remoting, or install its locale files.
     - Use many system libraries, adding build-dep on
         - libre2-dev,
         - yasm,
         - libopus-dev,
         - zlib1g-dev,
         - libspeex-dev,
         - libspeechd-dev,
         - libexpat1-dev,
         - libpng-dev,
         - libxml2-dev,
         - libjpeg-dev,
         - libwebp-dev,
         - libxslt-dev,
         - libsrtp-dev,
         - libjsoncpp-dev,
         - libevent-dev,
     - Clean up many parts of debian/rules, wrt variable names
     - Set hardening on.
     - Use gold linker.
     - Disable Google Now. Creepy. Might mean downloads of opaque programs too.
     - Disable Wallet service.
   * debian/compat: Use dh version 9.
   * debian/rules: Improve "cd;foo" logic.
   * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
     build failures in servers.
   * debian/rules: Move check steps into install steps. No need to be separate,
     and simplifies target names.
   * debian/rules: Make en-us locale files less magical, and simplify install.
   * debian/rules: Work around change to tar command param order with
     --exclude.
   * debian/rules: Don't use tcmalloc on armhf.
   * debian/rules: Remove precise-specific conditions. More simple.
   * debian/rules: In install-validation, don't use mktemp. Hard-code
     destination.
   * debian/patches/gsettings-display-scaling: Disable because code moved and
     needs refactoring.
   * debian/patches/display-scaling-default-value: Disable because probbly not
     needed any more.
   * debian/rules: widevine cdm is not really available in this source. No
     longer lie about that.
   * Set new GOOG keys to bisect service overuse problem.
Checksums-Sha1:
 72627cf18e6aaf016bf2e4994244eb0d4b7768ae 612773698 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 d4671f3de75934fd3b19ed91275fb30a15837762 46753024 chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 91f5896d178de436c504a9a097a21397ec534ac4 2906492 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 fd4325f179ad3c9cca53be6cc8d2a4bd69e66b0f 346526 chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 7052917303845397fe25038a17797da7621b5992 795240 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 ea3b5b27da038196d62561dc37814a93a5a28f2e 1534602 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 e5038e0e629467a38e17135e066707f67304686b 802298 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 ba4bf13abfc84a20da2af45e0e5bba887778e265 490536 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
Checksums-Sha256:
 92a914038db0a050d5612067df8fc7402755ebd53ec439ab9ad1b5a4e29f78b1 612773698 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 44c15bed43aab2ceb85de82e842f166ec0e5ccb616e5fd077424d67a1a9a10fd 46753024 chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 06d9c65a0039faeb45dad505090af1af33146ccd33b6fb9d413b65963ec2d6f1 2906492 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 be3a5e885beaae07888c39ed998f1675a9ec52d19e016350a173be601f10b0ae 346526 chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 0cca0ff41722c27adf088a6ad9116e32232277eed462354144edf310858312b7 795240 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 1a004e0b2ebe3f2d5ea90cb32759e5e22a1e2d6dbd54ba8adbfa08eb6106d741 1534602 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 971d3c61df8069d07d08f70e59c61ab4563fc70a0bc461c5d73950dfd7e25cb1 802298 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 134848549fb21151cbef7b9aba787586e5a0ffe7df7c3dce0039acfca52fc4c9 490536 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
Files:
 ccddd4b09dccc2e85b900916d38dbee5 612773698 web extra chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 ae4143a6e3a9fc80be2a03309fb27554 46753024 web optional chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 9911e2eeb7828d32b7cd3bdf370eb144 2906492 web extra chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 e0988ec39567ff15e1165451de1edb93 346526 web optional chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 680c55c0ac17e77a993526baf9489b79 795240 web extra chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 8f78308f863d1ad7caf6ffe19d837904 1534602 web extra chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.ddeb
 2eb112e8e50a62dbd3ab8c17fc93d15b 802298 web optional chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb
 5a97277f9f2454d4dfdeeca2b459844d 490536 web optional chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_armhf.deb