Format: 1.8
Date: Sat, 17 Dec 2016 12:05:53 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: i386
Version: 55.0.2883.87-0ubuntu0.16.04.1263
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-02.buildd>
Changed-By: Chad MILLER <chad.miller@canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (55.0.2883.87-0ubuntu0.16.04.1263) xenial-security; urgency=medium
 .
   * debian/rules: Build extra codecs as part of main chromium program,
     and libre/crippled/h.264less on its own. Seems to make h.264 work
     again. Weird.
   * debian/chromium-browser.links: Make link to ./ instead of / to fix
     path problems that codec-using other apps might see.
   * Upstream release of 55.0.2883.87:
     - Change Flash running default to important content only.
   * debian/chromium-browser.sh.in: Insert the Flash version if empty and
     detectable.
   * debian/rules, debian/control: Use gcc/g++ 4.8 to build.
   * Upstream release of 55.0.2883.75:
     - CVE-2016-9651: Private property access in V8.
     - CVE-2016-5208: Universal XSS in Blink.
     - CVE-2016-5207: Universal XSS in Blink.
     - CVE-2016-5206: Same-origin bypass in PDFium.
     - CVE-2016-5205: Universal XSS in Blink.
     - CVE-2016-5204: Universal XSS in Blink.
     - CVE-2016-5209: Out of bounds write in Blink.
     - CVE-2016-5203: Use after free in PDFium.
     - CVE-2016-5210: Out of bounds write in PDFium.
     - CVE-2016-5212: Local file disclosure in DevTools.
     - CVE-2016-5211: Use after free in PDFium.
     - CVE-2016-5213: Use after free in V8.
     - CVE-2016-5214: File download protection bypass.
     - CVE-2016-5216: Use after free in PDFium.
     - CVE-2016-5215: Use after free in Webaudio.
     - CVE-2016-5217: Use of unvalidated data in PDFium.
     - CVE-2016-5218: Address spoofing in Omnibox.
     - CVE-2016-5219: Use after free in V8.
     - CVE-2016-5221: Integer overflow in ANGLE.
     - CVE-2016-5220: Local file access in PDFium.
     - CVE-2016-5222: Address spoofing in Omnibox.
     - CVE-2016-9650: CSP Referrer disclosure.
     - CVE-2016-5223: Integer overflow in PDFium.
     - CVE-2016-5226: Limited XSS in Blink.
     - CVE-2016-5225: CSP bypass in Blink.
     - CVE-2016-5224: Same-origin bypass in SVG
     - CVE-2016-9652: Various fixes from internal audits, fuzzing and other
       initiatives
   * Upstream release of 54.0.2840.100:
     - CVE-2016-5199: Heap corruption in FFmpeg.
     - CVE-2016-5200: Out of bounds memory access in V8.
     - CVE-2016-5201: Info leak in extensions.
     - CVE-2016-5202: Various fixes from internal audits, fuzzing and other
       initiatives
   * Move to using GN to build chromium.
     - debian/known_gn_gen_args
     - debian/rules
     patches
   * debian/rules, lintians, installs, script: Move component libs out of
     libs/, to /usr/lib/chromium-browser/ only.
   * debian/patches/do-not-use-bundled-clang: Use clang from path.
   * debian/control: Express that binary packages could be on "any"
     architecture.
   * debian/control: additionally build-dep on libgtk-3-dev
   * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
   * Upstrem release of 54.0.2840.59:
     - CVE-2016-5181: Universal XSS in Blink.
     - CVE-2016-5182: Heap overflow in Blink.
     - CVE-2016-5183: Use after free in PDFium.
     - CVE-2016-5184: Use after free in PDFium.
     - CVE-2016-5185: Use after free in Blink.
     - CVE-2016-5187: URL spoofing.
     - CVE-2016-5188: UI spoofing.
     - CVE-2016-5192: Cross-origin bypass in Blink.
     - CVE-2016-5189: URL spoofing.
     - CVE-2016-5186: Out of bounds read in DevTools.
     - CVE-2016-5191: Universal XSS in Bookmarks.
     - CVE-2016-5190: Use after free in Internals.
     - CVE-2016-5193: Scheme bypass.
     - CVE-2016-5194: Various fixes from internal audits, fuzzing and other
       initiatives
   * debian/patches/allow-component-build: Hard-code, override
     release -> no component logic.
   * debian/known_gyp_flags: Remove old GYP known-flags list.
   * debian/default-allocator: Insist on not using tcmalloc allocator.
   * debian/rules: Set LDFLAGS to limit memory usage.
   * debian/control: Remove extraneous dependencies.
Checksums-Sha1:
 47bc5cf3bbc47893143b3330788a9506a8b8a342 49459432 chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 c2d766f8b721e2776d4534c738b86b840b9a0a18 60084096 chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 d6411d75ab025df82c7d3c45f54a54f6b3317fa1 136562 chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 fb651cfc336d0e414a67a1fb547df7318a7a0e32 391016 chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 b628e7c32cfe16c2a19b19e7423fc823febfd4c4 70166 chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 ccf734537cd5419136b46956d0b565591aa48b59 117174 chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 b688d779f920d0ce47d154507ec896c59009349d 900256 chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 7699bb91288b0b8f7f7a5766a08791d5d11e7684 551602 chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
Checksums-Sha256:
 cd1b58b418b9983dcd55e238b6e91fcce0c1f1282e513729d0e0d667408317e2 49459432 chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 dd5c5e1cc341c3ae15d8b6ca83ef6b071809bf352837a14c8a30b2dbdd90a1ec 60084096 chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 58f355b9ca1dee723c69bcbef82afc6576f84b35c790b654300b1b0bfb2416c2 136562 chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 7f11967c0adb501d58f936b262e919f6ad3ebb14a0902d617e95f69288cf8f0c 391016 chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 8cd5366f1ad39791ad1f5a732f6bb68614ccb1f1cc65c879baa4ba1defc4ace8 70166 chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 440a4b36003c198e1f0a5451947f31c61060920542adbadf963345121b9463cd 117174 chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 ff5b8b882d2b8ea84c5dea741edb92dbc0c3372d49eecd2651bcde6f8925a263 900256 chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 8b770196844d7e209f32c1203f55cfe31466a53bc707f44ad06af7cf846ac3da 551602 chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
Files:
 cf09904e8389f6b772f548d86490d003 49459432 web extra chromium-browser-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 ad4b91f49c1529d99955d016bec2ba81 60084096 web optional chromium-browser_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 9f78c30baeae05e0782f2ef76bba5095 136562 web extra chromium-chromedriver-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 b400dfdeba9a438097b1f1a352b6a3d5 391016 web optional chromium-chromedriver_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 9e476d9b180df65fcdbc5e0c48e94e63 70166 web extra chromium-codecs-ffmpeg-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 7c8dc2c8cb0ce34bf7a98445d61beb8f 117174 web extra chromium-codecs-ffmpeg-extra-dbgsym_55.0.2883.87-0ubuntu0.16.04.1263_i386.ddeb
 d9959b3b9cab6966f33a7c603c7fd09e 900256 web optional chromium-codecs-ffmpeg-extra_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb
 b6b37d5fd292ac1d66fe3d92b36f6d56 551602 web optional chromium-codecs-ffmpeg_55.0.2883.87-0ubuntu0.16.04.1263_i386.deb