chromium-browser 23.0.1271.97-0ubuntu0.10.04.1 source package in Ubuntu
Changelog
chromium-browser (23.0.1271.97-0ubuntu0.10.04.1) lucid-security; urgency=low * Omit resources/extension/demo files from any packaging verification because they're unwanted. * Update README.source to include some of these changes. * Make most patches follow a common format (no timestamps), to avoid future churn. * debian/patches/chromium_useragent.patch.in renamed to drop ".in", OS "Ubuntu" hardcoded with no compilation-release name, and patch refreshed to follow new location of source. * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;", to be safer and faster. * Put REMOVED files in parent of "src", to be more certain of avoiding name collisions. * Also don't include python bytecode or cache files in orig tarball, and clean then up on "clean" rule. * Fix dpkg-source warning: Clean up python cached bytecode files. * Fix dpkg-source warning: Remove autoconf cache. * Override lintian complaints ancient-autotools-helper-file and unused-build-dependency-on-cdbs. * debian/patches/arm-neon.patch added to get ARM w/o Neon support. (LP: #1084852) * In debian/rules, avoid creating invalid subst expression in sed of DEBIAN* vars into files. * Remove unnecessary glib-header-single-entry.patch . * Add patches/struct-siginfo.patch to work around source bug in dereferencing internal stuct instead of public type. * New upstream version 23.0.1271.97 - CVE-2012-5139: Use-after-free with visibility events. - CVE-2012-5140: Use-after-free in URL loader. - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers. - CVE-2012-5144: Stack corruption in AAC decoding. chromium-browser (23.0.1271.95-0ubuntu0.10.04.1) lucid-security; urgency=low [ Micah Gersten <email address hidden> ] * New upstream version 23.0.1271.95 (LP: #1086613) - CVE-2012-5138: Incorrect file path handling. - CVE-2012-5137: Use-after-free in media source handling. * Hardcode Ubuntu in Chromium user agent patch; Drop release specific part similar to what was done with Firefox; Drop from subst_files in rules - rename debian/patches/chromium_useragent.patch.in => debian/patches/chromium_useragent.patch - update debian/patches/chromium_useragent.patch - update debian/rules * Disable user agent patch for the moment as it doesn't apply cleanly - update debian/patches/series * Drop Pre-Depends: lzma since we switched to bzip2 binary compression - update debian/control [ Chad Miller <email address hidden> ] * Add localization support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms. * No longer include Launchpad-generated translations. * No longer expect unpacked tarball to contain "build-tree". * Fix build warning about missing debian/source/format. Set to "3.0 (quilt)". * Make system-v8 patch use "type none" instead of "type settings".; Leave Patch disabled * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the executing program is not dpkg-buildpackage. * Make rules file generate LASTCHANGE file at new location. * Switch to bzip2 binary compression * Change get-sources command to kill script when it fails to disable gyp-chromium run from DEPS. Never fail silently again. * Drop SCM revision from the version. * New upstream version 23.0.1271.91 - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia. - CVE-2012-5132: Browser crash with chunked encoding. - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. * Includes CVE fixes for 23.0.1271.64 - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. - CVE-2012-5120: Out-of-bounds array access in v8. - CVE-2012-5116: Use-after-free in SVG filter handling. - CVE-2012-5121: Use-after-free in video layout. - CVE-2012-5117: Inappropriate load of SVG subresource in img context. - CVE-2012-5119: Race condition in Pepper buffer handling. - CVE-2012-5122: Bad cast in input handling. - CVE-2012-5123: Out-of-bounds reads in Skia. - CVE-2012-5124: Memory corruption in texture handling. - CVE-2012-5125: Use-after-free in extension tab handling. - CVE-2012-5126: Use-after-free in plug-in placeholder handling. - CVE-2012-5128: Bad write in v8. * Includes CVE fixes for 22.0.1229.94 - CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. * Includes CVE fixes for 22.0.1229.92 - CVE-2012-2900: Crash in Skia text rendering. - CVE-2012-5108: Race condition in audio device handling. - CVE-2012-5109: OOB read in ICU regex. - CVE-2012-5110: Out-of-bounds read in compositor. - CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. * Includes CVE fixes for 22.0.1229.79 - CVE-2012-2889: UXSS in frame handling. - CVE-2012-2886: UXSS in v8 bindings. - CVE-2012-2881: DOM tree corruption with plug-ins. - CVE-2012-2876: Buffer overflow in SSE2 optimizations. - CVE-2012-2883: Out-of-bounds write in Skia. - CVE-2012-2887: Use-after-free in onclick handling. - CVE-2012-2888: Use-after-free in SVG text references. - CVE-2012-2894: Crash in graphics context handling. - CVE-2012-2877: Browser crash with extensions and modal dialogs. - CVE-2012-2879: DOM topology corruption. - CVE-2012-2884: Out-of-bounds read in Skia. - CVE-2012-2874: Out-of-bounds write in Skia. - CVE-2012-2878: Use-after-free in plug-in handling. - CVE-2012-2880: Race condition in plug-in paint buffer. - CVE-2012-2882: Wild pointer in OGG container handling. - CVE-2012-2885: Possible double free on exit. - CVE-2012-2891: Address leak over IPC. - CVE-2012-2892: Pop-up block bypass. - CVE-2012-2893: Double free in XSL transforms. * Includes CVE fixes for 21.0.1180.89 - CVE-2012-2865: Out-of-bounds read in line breaking. - CVE-2012-2866: Bad cast with run-ins. - CVE-2012-2867: Browser crash with SPDY. - CVE-2012-2868: Race condition with workers and XHR. - CVE-2012-2869: Avoid stale buffer in URL loading. - CVE-2012-2870: Lower severity memory management issues in XPath. - CVE-2012-2871: Bad cast in XSL transforms. - CVE-2012-2872: XSS in SSL interstitial. * Includes CVE fixes for 21.0.1180.57 - CVE-2012-2846: Cross-process interference in renderers. - CVE-2012-2847: Missing re-prompt to user upon excessive downloads. - CVE-2012-2848: Overly broad file access granted after drag+drop. - CVE-2012-2849: Off-by-one read in GIF decoder. - CVE-2012-2853: webRequest can interfere with the Chrome Web Store. - CVE-2012-2854: Leak of pointer values to WebUI renderers. - CVE-2012-2857: Use-after-free in CSS DOM. - CVE-2012-2858: Buffer overflow in WebP decoder. - CVE-2012-2859: Crash in tab handling. - CVE-2012-2860: Out-of-bounds access when clicking in date picker. * Includes CVE fixes for 20.0.1132.57 - CVE-2012-2842: Use-after-free in counter handling. - CVE-2012-2843: Use-after-free in layout height tracking. * Includes CVE fixes for 20.0.1132.43 - CVE-2012-2815: Leak of iframe fragment id. - CVE-2012-2817: Use-after-free in table section handling. - CVE-2012-2818: Use-after-free in counter layout. - CVE-2012-2819: Crash in texture handling. - CVE-2012-2820: Out-of-bounds read in SVG filter handling. - CVE-2012-2821: Autofill display problem. - CVE-2012-2823: Use-after-free in SVG resource handling. - CVE-2012-2824: Use-after-free in SVG painting. - CVE-2012-2826: Out-of-bounds read in texture conversion. - CVE-2012-2829: Use-after-free in first-letter handling - CVE-2012-2830: Wild pointer in array value setting. - CVE-2012-2831: Use-after-free in SVG reference handling. - CVE-2012-2834: Integer overflow in Matroska container. - CVE-2012-2825: Wild read in XSL handling. - CVE-2012-2807: Integer overflows in libxml. * Includes CVE fixes for 19.0.1084.52: - CVE-2011-3103: Crashes in v8 garbage collection. - CVE-2011-3104: Out-of-bounds read in Skia. - CVE-2011-3105: Use-after-free in first-letter handling. - CVE-2011-3106: Browser memory corruption with websockets over SSL. - CVE-2011-3107: Crashes in the plug-in JavaScript bindings. - CVE-2011-3108: Use-after-free in browser cache. - CVE-2011-3109: Bad cast in GTK UI. - CVE-2011-3111: Invalid read in v8. - CVE-2011-3115: Type corruption in v8. * Includes CVE fixes for initial Chromium 19 release: - CVE-2011-3083: Browser crash with video + FTP. - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corruption with long autofilled values. - CVE-2011-3086: Use-after-free with style element. - CVE-2011-3087: Incorrect window navigation. - CVE-2011-3088: Out-of-bounds read in hairline drawing. - CVE-2011-3089: Use-after-free in table handling. - CVE-2011-3090: Race condition with workers. - CVE-2011-3091: Use-after-free with indexed DB. - CVE-2011-3092: Invalid write in v8 regex. - CVE-2011-3093: Out-of-bounds read in glyph handling. - CVE-2011-3094: Out-of-bounds read in Tibetan handling. - CVE-2011-3095: Out-of-bounds write in OGG container. - CVE-2011-3096: Use-after-free in GTK omnibox handling. - CVE-2011-3100: Out-of-bounds read drawing dash paths. - CVE-2011-3101: Work around Linux Nvidia driver bug. - CVE-2011-3102: Off-by-one out-of-bounds write in libxml. -- Chad Miller <email address hidden> Sat, 12 Jan 2013 19:07:36 -0600
Upload details
- Uploaded by:
- Chad Miller
- Sponsored by:
- Jamie Strandboge
- Uploaded to:
- Lucid
- Original maintainer:
- Fabien Tassin
- Architectures:
- i386 amd64 all
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
chromium-browser_23.0.1271.97.orig.tar.xz | 302.4 MiB | 80b87ccd08a12eed5fece39be49e8b14bebb0afe09597ca3181f0c235d2894a3 |
chromium-browser_23.0.1271.97-0ubuntu0.10.04.1.debian.tar.gz | 209.6 KiB | f9beaac80accb83736b3a45bc10ba0065c0b387fa015ce882c1c346cacced561 |
chromium-browser_23.0.1271.97-0ubuntu0.10.04.1.dsc | 2.7 KiB | 003abac5158f391406c7be7f5d464fb642529e651a3ea44b4a0222e7b041ce60 |
Available diffs
Binary packages built by this source
- chromium-browser: No summary available for chromium-browser in ubuntu lucid.
No description available for chromium-browser in ubuntu lucid.
- chromium-browser-dbg: No summary available for chromium-browser-dbg in ubuntu lucid.
No description available for chromium-
browser- dbg in ubuntu lucid.
- chromium-browser-inspector: No summary available for chromium-browser-inspector in ubuntu lucid.
No description available for chromium-
browser- inspector in ubuntu lucid.
- chromium-browser-l10n: No summary available for chromium-browser-l10n in ubuntu lucid.
No description available for chromium-
browser- l10n in ubuntu lucid.
- chromium-codecs-ffmpeg: No summary available for chromium-codecs-ffmpeg in ubuntu lucid.
No description available for chromium-
codecs- ffmpeg in ubuntu lucid.
- chromium-codecs-ffmpeg-dbg: No summary available for chromium-codecs-ffmpeg-dbg in ubuntu lucid.
No description available for chromium-
codecs- ffmpeg- dbg in ubuntu lucid.
- chromium-codecs-ffmpeg-extra: No summary available for chromium-codecs-ffmpeg-extra in ubuntu lucid.
No description available for chromium-
codecs- ffmpeg- extra in ubuntu lucid.
- chromium-codecs-ffmpeg-extra-dbg: No summary available for chromium-codecs-ffmpeg-extra-dbg in ubuntu lucid.
No description available for chromium-
codecs- ffmpeg- extra-dbg in ubuntu lucid.