Format: 1.8
Date: Sat, 17 Dec 2016 12:05:53 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: armhf
Version: 55.0.2883.87-0ubuntu0.16.04.1263
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-042.buildd>
Changed-By: Chad MILLER <chad.miller@canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (55.0.2883.87-0ubuntu0.16.04.1263) xenial-security; urgency=medium
 .
   * debian/rules: Build extra codecs as part of main chromium program,
     and libre/crippled/h.264less on its own. Seems to make h.264 work
     again. Weird.
   * debian/chromium-browser.links: Make link to ./ instead of / to fix
     path problems that codec-using other apps might see.
   * Upstream release of 55.0.2883.87:
     - Change Flash running default to important content only.
   * debian/chromium-browser.sh.in: Insert the Flash version if empty and
     detectable.
   * debian/rules, debian/control: Use gcc/g++ 4.8 to build.
   * Upstream release of 55.0.2883.75:
     - CVE-2016-9651: Private property access in V8.
     - CVE-2016-5208: Universal XSS in Blink.
     - CVE-2016-5207: Universal XSS in Blink.
     - CVE-2016-5206: Same-origin bypass in PDFium.
     - CVE-2016-5205: Universal XSS in Blink.
     - CVE-2016-5204: Universal XSS in Blink.
     - CVE-2016-5209: Out of bounds write in Blink.
     - CVE-2016-5203: Use after free in PDFium.
     - CVE-2016-5210: Out of bounds write in PDFium.
     - CVE-2016-5212: Local file disclosure in DevTools.
     - CVE-2016-5211: Use after free in PDFium.
     - CVE-2016-5213: Use after free in V8.
     - CVE-2016-5214: File download protection bypass.
     - CVE-2016-5216: Use after free in PDFium.
     - CVE-2016-5215: Use after free in Webaudio.
     - CVE-2016-5217: Use of unvalidated data in PDFium.
     - CVE-2016-5218: Address spoofing in Omnibox.
     - CVE-2016-5219: Use after free in V8.
     - CVE-2016-5221: Integer overflow in ANGLE.
     - CVE-2016-5220: Local file access in PDFium.
     - CVE-2016-5222: Address spoofing in Omnibox.
     - CVE-2016-9650: CSP Referrer disclosure.
     - CVE-2016-5223: Integer overflow in PDFium.
     - CVE-2016-5226: Limited XSS in Blink.
     - CVE-2016-5225: CSP bypass in Blink.
     - CVE-2016-5224: Same-origin bypass in SVG
     - CVE-2016-9652: Various fixes from internal audits, fuzzing and other
       initiatives
   * Upstream release of 54.0.2840.100:
     - CVE-2016-5199: Heap corruption in FFmpeg.
     - CVE-2016-5200: Out of bounds memory access in V8.
     - CVE-2016-5201: Info leak in extensions.
     - CVE-2016-5202: Various fixes from internal audits, fuzzing and other
       initiatives
   * Move to using GN to build chromium.
     - debian/known_gn_gen_args
     - debian/rules
     patches
   * debian/rules, lintians, installs, script: Move component libs out of
     libs/, to /usr/lib/chromium-browser/ only.
   * debian/patches/do-not-use-bundled-clang: Use clang from path.
   * debian/control: Express that binary packages could be on "any"
     architecture.
   * debian/control: additionally build-dep on libgtk-3-dev
   * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
   * Upstrem release of 54.0.2840.59:
     - CVE-2016-5181: Universal XSS in Blink.
     - CVE-2016-5182: Heap overflow in Blink.
     - CVE-2016-5183: Use after free in PDFium.
     - CVE-2016-5184: Use after free in PDFium.
     - CVE-2016-5185: Use after free in Blink.
     - CVE-2016-5187: URL spoofing.
     - CVE-2016-5188: UI spoofing.
     - CVE-2016-5192: Cross-origin bypass in Blink.
     - CVE-2016-5189: URL spoofing.
     - CVE-2016-5186: Out of bounds read in DevTools.
     - CVE-2016-5191: Universal XSS in Bookmarks.
     - CVE-2016-5190: Use after free in Internals.
     - CVE-2016-5193: Scheme bypass.
     - CVE-2016-5194: Various fixes from internal audits, fuzzing and other
       initiatives
   * debian/patches/allow-component-build: Hard-code, override
     release -> no component logic.
   * debian/known_gyp_flags: Remove old GYP known-flags list.
   * debian/default-allocator: Insist on not using tcmalloc allocator.
   * debian/rules: Set LDFLAGS to limit memory usage.
   * debian/control: Remove extraneous dependencies.
Checksums-Sha1:
 2f00714a327196673ecace48e94e5d1919a1aaea 51556092 chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 ff27a2ec290a2fc9fddf1580e00298e4cfdbdd14 51191612 chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 bc41d07f73c295dfefa8ccf67ef62c066408861a 150878 chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 3eb1479add4b0d328bd55a5dca73078b8d3adb29 372158 chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 78e8b288f655ac3bed400cf58e5d6d2985327147 88690 chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 d0d259e00a49071a968c006ada37326cf2c0d8c6 142572 chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 f6a203915cc79a673d264b5184553573eda89278 794710 chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 61386a38068aaa4584c0c2bf5caa21b7437210f5 483776 chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
Checksums-Sha256:
 4e0831c6e2a12278ddae8ab8df7f4aaa51afb7d1d0724b7e93a4940c28c8727b 51556092 chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 d3bb258f92bcc15a6dda2d82482bee4b6b3f2d4f7678f1c08b92306fcaf9de7e 51191612 chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 74bf842df0d39aa593d5910baf4048add9557b22174052c18dfa11df615fa41f 150878 chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 ef22df49d05a1e64bfd514a9e929bcc058d582e7c46cdddd6e3f6579638e4a29 372158 chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 8fcf5181eab38d6f55c6b00e628f4dd503114a524868b92bcb50e41988e5ea8f 88690 chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 8ee115a38dc5187b1b587c449f0d94f2a3df1d9f9bbdf47551a4fb6f63677c9e 142572 chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 d7bf05959ce0269d51fd7ceb99091e69991516e13c0faa2e945e304bf13fac4a 794710 chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 312ac705e7df5a48c34304a0d476808cb1186c3a7bd5a0098939fc72596864a5 483776 chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
Files:
 639c3bed124d13a6f4ee5a63fe5c30d5 51556092 web extra chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 f34393b21761ec7aec171e4cc9be11c9 51191612 web optional chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 77c7f0248986289c180cb888299ede91 150878 web extra chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 977355d0644d325e2d0deb91936310b1 372158 web optional chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 5b3314c3fb4746e0bca1c8be5aca2fce 88690 web extra chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 0dd3bedd602d9f4513407cbfc134ef7e 142572 web extra chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_armhf.ddeb
 812bf90772bef7f7fcffa6aa28cd79b5 794710 web optional chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb
 070700d3984503a9cdb1dae86661dc67 483776 web optional chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_armhf.deb