-
chromium-browser (75.0.3770.90-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 75.0.3770.90
-- Olivier Tilloy <email address hidden> Thu, 13 Jun 2019 22:22:40 +0200
-
chromium-browser (74.0.3729.169-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 74.0.3729.169
* debian/patches/revert-gn-4960.patch: added
* debian/patches/revert-gn-4980.patch: added
* debian/tests/data/HTML5test/index.html: mock whichbrowser.net to remove
external test dependency
-- Olivier Tilloy <email address hidden> Wed, 22 May 2019 10:36:38 +0200
-
chromium-browser (73.0.3683.86-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 73.0.3683.86
-- Olivier Tilloy <email address hidden> Thu, 21 Mar 2019 09:17:57 +0100
-
chromium-browser (73.0.3683.75-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 73.0.3683.75
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
* debian/patches/additional-search-engines.patch: removed, no longer needed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: updated
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 12 Mar 2019 21:46:04 +0100
-
chromium-browser (72.0.3626.121-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 72.0.3626.121
- CVE-2019-5786: Use-after-free in FileReader
* debian/patches/gn-fix-link-pthread.patch: removed, no longer needed
-- Olivier Tilloy <email address hidden> Tue, 05 Mar 2019 16:04:35 +0100
-
chromium-browser (72.0.3626.119-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 72.0.3626.119
* debian/patches/gn-fix-link-pthread.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 12:00:37 +0100
-
chromium-browser (71.0.3578.98-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
* debian/patches/suppress-newer-clang-warning-flags.patch: added back
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 11:54:08 +0100
-
chromium-browser (71.0.3578.80-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:21:47 +0100
-
chromium-browser (70.0.3538.110-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:33:11 +0100
-
chromium-browser (70.0.3538.77-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 70.0.3538.77
-- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:01:26 +0200
-
chromium-browser (70.0.3538.67-0ubuntu1) cosmic; urgency=medium
* Upstream release: 70.0.3538.67
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.
* debian/rules:
- remove enable_google_now build flag
- remove use_gtk3 build flag
* debian/patches/arm-neon.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/swiftshader-default-visibility.patch: replaced by
debian/patches/swiftshader-upstream-entry-points.patch
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*:
- remove enable_google_now build flag
- remove use_gtk3 build flag
-- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:32:27 +0200
-
chromium-browser (70.0.3538.67-0ubuntu0.18.10.1) cosmic; urgency=medium
* debian/patches/swiftshader-upstream-entry-points.patch: renamed to
debian/patches/swiftshader-gl-entry-trampoline.patch and updated
-- Olivier Tilloy <email address hidden> Tue, 23 Oct 2018 10:03:06 +0200
-
chromium-browser (69.0.3497.100-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.100
-- Olivier Tilloy <email address hidden> Tue, 18 Sep 2018 08:54:33 +0200
-
chromium-browser (69.0.3497.92-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.92
- CVE-2018-XXXXX: Function signature mismatch in WebAssembly.
- CVE-2018-XXXXX: URL Spoofing in Omnibox.
* debian/rules: exclude more build artifacts from the binary package
-- Olivier Tilloy <email address hidden> Tue, 11 Sep 2018 22:45:34 +0200
-
chromium-browser (69.0.3497.81-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.81
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
* debian/control: add uuid-dev as a build dependency (needed by fontconfig)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/clang-601-atomics.patch: removed, no longer needed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-add-missing-arm-impl-files.patch: added
* debian/patches/last-commit-position: replaced by
debian/patches/gn-no-last-commit-position.patch
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/swiftshader-default-visibility.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 09:41:19 +0200
-
chromium-browser (68.0.3440.106-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.106
-- Olivier Tilloy <email address hidden> Wed, 08 Aug 2018 23:27:06 +0200
-
chromium-browser (68.0.3440.84-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.84
* debian/patches/add-missing-base-namespace.patch: removed, no longer needed
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Wed, 01 Aug 2018 08:16:10 +0200
-
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 09:22:28 +0200
-
chromium-browser (67.0.3396.99-0ubuntu1) cosmic; urgency=medium
* Upstream release: 67.0.3396.99
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6149: Out of bounds write in V8.
* debian/patches/clang-601-atomics.patch: added (LP: #1780747)
-- Olivier Tilloy <email address hidden> Mon, 09 Jul 2018 19:32:25 +0200
-
chromium-browser (67.0.3396.62-0ubuntu1) cosmic; urgency=medium
* Upstream release: 67.0.3396.62
- CVE-2018-6123: Use after free in Blink.
- CVE-2018-6124: Type confusion in Blink.
- CVE-2018-6125: Overly permissive policy in WebUSB.
- CVE-2018-6126: Heap buffer overflow in Skia.
- CVE-2018-6127: Use after free in indexedDB.
- CVE-2018-6128: uXSS in Chrome on iOS.
- CVE-2018-6129: Out of bounds memory access in WebRTC.
- CVE-2018-6130: Out of bounds memory access in WebRTC.
- CVE-2018-6131: Incorrect mutability protection in WebAssembly.
- CVE-2018-6132: Use of uninitialized memory in WebRTC.
- CVE-2018-6133: URL spoof in Omnibox.
- CVE-2018-6134: Referrer Policy bypass in Blink.
- CVE-2018-6135: UI spoofing in Blink.
- CVE-2018-6136: Out of bounds memory access in V8.
- CVE-2018-6137: Leak of visited status of page in Blink.
- CVE-2018-6138: Overly permissive policy in Extensions.
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
- CVE-2018-6141: Heap buffer overflow in Skia.
- CVE-2018-6142: Out of bounds memory access in V8.
- CVE-2018-6143: Out of bounds memory access in V8.
- CVE-2018-6144: Out of bounds memory access in PDFium.
- CVE-2018-6145: Incorrect escaping of MathML in Blink.
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views.
* debian/rules: stop installing an outdated chromium-browser.svg icon
(LP: #1771847)
* debian/chromium-browser.svg: removed (outdated)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/fix-crashpad-linux-compat.patch: added
* debian/patches/fix-extra-arflags.patch: added
* debian/patches/revert-clang-nostdlib++.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-disable-neon.patch: removed, no longer needed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/widevine-allow-enable.patch: added
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Wed, 30 May 2018 12:22:22 +0200
-
chromium-browser (66.0.3359.181-0ubuntu1) cosmic; urgency=medium
* Upstream release: 66.0.3359.181
-- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:20:10 +0200
-
chromium-browser (66.0.3359.170-0ubuntu1) cosmic; urgency=medium
* Upstream release: 66.0.3359.170
- CVE-2018-6121: Privilege Escalation in extensions.
- CVE-2018-6122: Type confusion in V8.
- CVE-2018-6120: Heap buffer overflow in PDFium.
-- Olivier Tilloy <email address hidden> Fri, 11 May 2018 14:57:36 +0200
-
chromium-browser (66.0.3359.139-0ubuntu1) cosmic; urgency=medium
* No-change rebuild for the Cosmic Cuttlefish (18.10)
-- Olivier Tilloy <email address hidden> Tue, 08 May 2018 21:59:31 +0200
-
chromium-browser (65.0.3325.181-0ubuntu1) bionic; urgency=medium
* Upstream release: 65.0.3325.181
-- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 11:27:29 +0100
