-
chromium-browser (70.0.3538.110-1~deb9u1) stretch-security; urgency=medium
* New upstream security release.
- CVE-2018-17479: Use-after-free in GPU.
-- Michael Gilbert <email address hidden> Wed, 21 Nov 2018 02:17:45 +0000
-
chromium-browser (69.0.3497.92-1~deb9u1) stretch-security; urgency=medium
* New upstream security release.
- Function signature mismatch in WebAssembly. Reported by Kevin Cheung
- URL Spoofing in Omnibox. Reported by evi1m0
-- Michael Gilbert <email address hidden> Fri, 14 Sep 2018 00:48:39 +0000
-
chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
- CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
- CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
- CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
- CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
- CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
- CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
Viktor Brange
- CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
- CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
Max May
- CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
Arvind Shah
- CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
Jun Kokatsu
- CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
Greg Hudson
- CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
- CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
- CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
by Junaid Farhan
-- Michael Gilbert <email address hidden> Sun, 03 Dec 2017 15:26:02 +0000
-
chromium-browser (62.0.3202.89-1~deb9u1) stretch-security; urgency=medium
* New upstream security release.
- CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned
Williamson
- CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun
-- Michael Gilbert <email address hidden> Wed, 08 Nov 2017 01:29:57 +0000
-
chromium-browser (61.0.3163.100-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release
- CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn
- CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein
- CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu
- CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini
- CVE-2017-5116: Type confusion in V8. Reported by Anonymous
- CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias
Klein
- CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by
WenXu Wu
- CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
Reported by Xiaoyin Liu
- CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet
- CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han
-- Michael Gilbert <email address hidden> Wed, 27 Sep 2017 02:03:41 +0000
-
chromium-browser (59.0.3071.86-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun
- CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han
- CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora
- CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani
- CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous
- CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel
Gil Peyrot
- CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb
- CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip
- CVE-2017-5078: Possible command injection in mailto handling. Reported
by Jose Carlos Exposito Bueno
- CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani
- CVE-2017-5080: Use after free in credit card autofill. Reported by
Khalil Zhani
- CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev
- CVE-2017-5082: Insufficient hardening in credit card editor. Reported by
Nightwatch Cybersecurity Research
- CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani
- CVE-2017-5085: Inappropriate javascript execution on WebUI pages.
Reported by Zhiyang Zeng
- CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora
-- Michael Gilbert <email address hidden> Mon, 05 Jun 2017 23:09:28 +0000
-
chromium-browser (58.0.3029.96-1) unstable; urgency=medium
* New upstream security release.
- CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke
-- Michael Gilbert <email address hidden> Sun, 07 May 2017 00:36:22 +0000
-
chromium-browser (58.0.3029.81-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong.
- CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil
Zhani
- CVE-2017-5059: Type confusion in Blink. Credit to SkyLined
- CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
- CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang
- CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
- CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
- CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
- CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
- CVE-2017-5066: Incorrect signature handing in Networking. Credit to
chenchu
- CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
- CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
-- Michael Gilbert <email address hidden> Wed, 19 Apr 2017 23:20:29 +0000
-
chromium-browser (57.0.2987.133-1) unstable; urgency=medium
* New upstream security update.
- CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
- CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar
- CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
- CVE-2017-5056: Use after free in Blink. Credit to anonymous
- CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper
-- Michael Gilbert <email address hidden> Fri, 07 Apr 2017 01:07:17 +0000
-
chromium-browser (57.0.2987.98-1) unstable; urgency=medium
* New upstream stable release.
- CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
- CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
- CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari
- CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
- CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu
- CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
- CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to
Yongke Wang
- CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
- CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
- CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
- CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to
Nicolai Grødum
- CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike
Ruddy
- CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
- CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah
- CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval
Kapil
- CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
* Drop arm and MADV_FREE patches, which are now applied upstream.
-- Michael Gilbert <email address hidden> Fri, 10 Mar 2017 22:00:06 +0000
-
chromium-browser (56.0.2924.76-5) unstable; urgency=medium
* Configure with fieldtrial_testing_like_official_build=true to avoid
building with experimental features enabled (closes: #855434).
* Do not disable background networking when remote extensions are enabled,
since that option also blocks updates to extensions (closes: #841401).
- Thanks to Tarmo Huuhka.
-- Michael Gilbert <email address hidden> Sat, 25 Feb 2017 21:41:02 +0000
-
chromium-browser (56.0.2924.76-4) unstable; urgency=medium
* Do not create a dbgsym package for widevine (closes: #855529).
-- Michael Gilbert <email address hidden> Sun, 19 Feb 2017 20:17:38 +0000
-
chromium-browser (55.0.2883.75-6) unstable; urgency=medium
* Organize patches.
* Move widevine package to contrib (closes: #851917).
* Conflict with very old versions of libsecret (closes: #838864).
* Support --enable-remote-extensions option passed through CHROMIUM_FLAGS
(closes: #851927).
-- Michael Gilbert <email address hidden> Sun, 22 Jan 2017 00:47:28 +0000
-
chromium-browser (55.0.2883.75-3) unstable; urgency=medium
* Merge experimental branch.
* Respect parallel setting in DEB_BUILD_OPTIONS while bootstrapping gn.
* Conflict libnettle4 rather than depend on libnettle6 (closes: #841213).
* Disable builtin media router since it only works with official Google
Chrome builds, not chromium (closes: #833477).
-- Michael Gilbert <email address hidden> Sun, 18 Dec 2016 23:14:18 +0000
-
chromium-browser (53.0.2785.143-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-5177: Use after free in V8. Credit to Anonymous
- CVE-2016-5178: Various fixes from internal audits, fuzzing and other
initiatives.
* Change StartupWMClass in the desktop file to chromium (closes: #813079).
* Support building with cups 2.2 (closes: #839377).
* Update debian/copyright.
-- Michael Gilbert <email address hidden> Sat, 01 Oct 2016 11:08:42 +0000
-
chromium-browser (53.0.2785.113-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-5170: Use after free in Blink. Credit to Anonymous
- CVE-2016-5171: Use after free in Blink. Credit to Anonymous
- CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han
- CVE-2016-5173: Extension resource access. Credit to Anonymous
- CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev
- CVE-2016-5175: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Tue, 13 Sep 2016 23:12:03 +0000
-
chromium-browser (52.0.2743.116-2) unstable; urgency=medium
* Fix syntax error in debian/copyright.
* Include compiler info in the build log.
* Add information about debugging to README.debian.
* Build with gcc 5 during the gcc 6 transition (closes: #833501).
-- Michael Gilbert <email address hidden> Sun, 07 Aug 2016 01:05:40 +0000
-
chromium-browser (52.0.2743.82-4) unstable; urgency=medium
* Remove menu file.
* Build with fastbuild=2.
* Disable background networking features.
* Link against system harfbuzz library again.
-- Michael Gilbert <email address hidden> Sat, 30 Jul 2016 21:25:30 +0000
-
chromium-browser (52.0.2743.82-2) unstable; urgency=medium
* Bump standards version.
* Drop no longer needed speechd patch.
* Build complete debugging symbols again.
* Link against libusb 1.0 (closes: #810403).
* Fix path to master_preferences (closes: #830274).
* Add an explicit dependency on libnettle6 (closes: #832125).
-- Michael Gilbert <email address hidden> Sun, 24 Jul 2016 22:02:56 +0000
-
chromium-browser (51.0.2704.79-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to
anonymous.
- CVE-2016-1697: Cross-origin bypass in Blink. Credit to
Mariusz Mlynski.
- CVE-2016-1698: Information leak in Extension bindings. Credit to
Rob Wu.
- CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to
Gregory Panakkal.
- CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
- CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
- CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
-- Michael Gilbert <email address hidden> Thu, 02 Jun 2016 23:55:13 +0000
-
chromium-browser (50.0.2661.94-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen.
- CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih
Matar.
- CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous.
- CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
- CVE-2016-1665: Information leak in V8. Credit to gksgudtjr456.
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sat, 30 Apr 2016 03:39:44 +0000
-
chromium-browser (49.0.2623.108-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu.
- CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
- CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
- CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt.
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sat, 12 Mar 2016 20:12:03 +0000
-
chromium-browser (49.0.2623.87-1) unstable; urgency=medium
* New upstream security release:
- CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
- CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen.
- CVE-2016-1645: Out-of-bounds write in PDFium.
-- Michael Gilbert <email address hidden> Wed, 09 Mar 2016 02:27:50 +0000
-
chromium-browser (49.0.2623.75-2) unstable; urgency=medium
* Update standards version.
* Add libffi-dev build dependency.
-- Michael Gilbert <email address hidden> Fri, 04 Mar 2016 00:14:12 +0000
-
chromium-browser (48.0.2564.116-1) unstable; urgency=medium
* New stable security release:
- CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
- CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
- CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
- CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous.
- CVE-2016-1627: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2016-1628: Out-of-bounds read in PDFium. Credit to anonymous.
- CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome.
Credit to anonymous.
-- Michael Gilbert <email address hidden> Fri, 12 Feb 2016 02:53:42 +0000
-
chromium-browser (47.0.2526.80-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- Multiple vulnerabilities fixed in libv8 4.7.80.23.
- CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
- CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
- CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De
Ceukelaire.
- CVE-2015-6791: Various fixes from internal audits, fuzzing and other
initiatives.
-- Michael Gilbert <email address hidden> Sun, 13 Dec 2015 04:30:55 +0000
-
chromium-browser (46.0.2490.71-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous.
- CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne.
- CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG.
- CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki
Nishimura.
- CVE-2015-6760: Improper error handling in libANGLE. Credit to Ronald
Crane, an independent security researcher.
- CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura.
- CVE-2015-6763: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch
(currently 4.6.85.23).
-- Michael Gilbert <email address hidden> Fri, 16 Oct 2015 01:43:28 +0000
-
chromium-browser (45.0.2454.101-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.
-- Michael Gilbert <email address hidden> Sat, 26 Sep 2015 15:57:23 +0000
-
chromium-browser (45.0.2454.85-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
- CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz
Mlynski.
- CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
- CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
- CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
- CVE-2015-1297: Permission scoping error in WebRequest. Credit to
Alexander Kashev.
- CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
- CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
- CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.
- CVE-2015-1301: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in the libv8 library (updated to 4.5.103.29).
-- Michael Gilbert <email address hidden> Tue, 01 Sep 2015 22:07:59 +0000
-
chromium-browser (44.0.2403.107-1) unstable; urgency=medium
* New upstream stable release.
* More updates to debian/copyright.
-- Michael Gilbert <email address hidden> Sun, 26 Jul 2015 01:41:55 +0000
-
chromium-browser (44.0.2403.89-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen.
- CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination. Credit to Chamal de Silva.
- CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
- CVE-2015-1274: Settings allowed executable files to run immediately after
download. Credit to andrewm.bpi.
- CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte).
- CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
- CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
- CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
- CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
- CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
- CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
- CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
- CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa
Sidhpurwala.
- CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen.
- CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
- CVE-2015-1286: UXSS in blink. Credit to anonymous.
- CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
Mike Ruddy.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* Remove hotword patch, now disabled by default upstream.
-- Michael Gilbert <email address hidden> Tue, 21 Jul 2015 22:33:06 +0000
-
chromium-browser (43.0.2357.130-1) unstable; urgency=medium
* New upstream security release:
- CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
- CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
- CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to
Mike Ruddy.
* Don't build the Google Now extension.
* More updates to debian/copyright.
-- Michael Gilbert <email address hidden> Tue, 23 Jun 2015 21:43:54 +0000
-
chromium-browser (43.0.2357.65-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
- CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
- CVE-2015-1254: Cross-origin bypass in Editing. Credit to
<email address hidden>.
- CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
- CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen.
- CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined.
- CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
- CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
- CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen.
- CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
- CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
- CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
- CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to
Mike Ruddy.
- CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
- Fix for gzip file downloading (closes: #677948).
- Fix for bookmark navigation (closes: #756211).
* Enable HiDPI (closes: #763421).
* Make chromium-l10n binnmuable.
* Fix Built-Using fields.
-- Michael Gilbert <email address hidden> Sat, 09 May 2015 22:37:06 +0000
-
chromium-browser (42.0.2311.135-2) unstable; urgency=medium
* Remove src/ prefix in debian/copyright.
* Fix path to default configuration files.
* Describe omnibox search in README.debian (closes: 781591).
* Fix application name in the launcher script (closes: #783858).
* Set CHROME_WRAPPER to /usr/bin/chromium by default (closes: #783097).
-- Michael Gilbert <email address hidden> Sat, 09 May 2015 14:53:34 +0000
-
chromium-browser (42.0.2311.135-1) unstable; urgency=medium
[ Michael Gilbert ]
* Remove some unneeded files from the upstream tarball.
* Move default configuration files to /usr/share/chromium.
* New upstream stable release:
- CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei.
- CVE-2015-1250: Various fixes from internal audits, fuzzing and other
initiatives.
[ Shawn Landden ]
* Supress first run welcome page.
* Turn off safebrowsing.
* Turn off pinging Google on 404 and other HTTP errors.
-- Michael Gilbert <email address hidden> Thu, 30 Apr 2015 01:08:53 +0000
