Ubuntu
chromium-browser package

Branches for Lucid

Name Status Last Modified Last Commit
lp://staging/ubuntu/lucid-proposed/chromium-browser bug 2 Mature 2011-10-27 00:23:10 UTC
39. * New upstream release from the Stabl...

Author: Micah Gersten
Revision Date: 2011-10-27 00:23:10 UTC

* New upstream release from the Stable Channel (LP: #881786)
  This release fixes the following security issues:
  - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
    Jordi Chancel.
  - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
    to Jordi Chancel.
  - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
    download filenames. Credit to Marc Novak.
  - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
    Google Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - [94487] Medium CVE-2011-3878: Race condition in worker process
    initialization. Credit to miaubiz.
  - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
    to Vladimir Vorontsov, ONsec company.
  - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
    policy violations. Credit to Sergey Glazunov.
  - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
    Credit to Google Chrome Security Team (Inferno).
  - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
    miaubiz.
  - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
    Brian Ryner of the Chromium development community.
  - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
    style bugs leading to use-after-free. Credit to miaubiz.
  - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
    Christian Holler.
  - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
    Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - [99553] High CVE-2011-3890: Use-after-free in video source handling.
    Credit to Ami Fischman of the Chromium development community.
  - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.

[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
  - update debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/webkit_rev_parser.patch

[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
  - update debian/rules
* Do not install the pseudo_locales files in the debs
  - update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
  NaCl disabled, so this is a temporary workaround to unbreak the build, it
  must be fixed upstream
  - update debian/control
lp://staging/ubuntu/lucid-security/chromium-browser bug 2 Mature 2011-10-28 14:53:27 UTC
39. * New upstream release from the Stabl...

Author: Micah Gersten
Revision Date: 2011-10-27 00:23:10 UTC

* New upstream release from the Stable Channel (LP: #881786)
  This release fixes the following security issues:
  - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
    Jordi Chancel.
  - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
    to Jordi Chancel.
  - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
    download filenames. Credit to Marc Novak.
  - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
    Google Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - [94487] Medium CVE-2011-3878: Race condition in worker process
    initialization. Credit to miaubiz.
  - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
    to Vladimir Vorontsov, ONsec company.
  - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
    policy violations. Credit to Sergey Glazunov.
  - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
    Credit to Google Chrome Security Team (Inferno).
  - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
    miaubiz.
  - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
    Brian Ryner of the Chromium development community.
  - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
    style bugs leading to use-after-free. Credit to miaubiz.
  - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
    Christian Holler.
  - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
    Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - [99553] High CVE-2011-3890: Use-after-free in video source handling.
    Credit to Ami Fischman of the Chromium development community.
  - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.

[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
  - update debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/webkit_rev_parser.patch

[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
  - update debian/rules
* Do not install the pseudo_locales files in the debs
  - update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
  NaCl disabled, so this is a temporary workaround to unbreak the build, it
  must be fixed upstream
  - update debian/control
lp://staging/ubuntu/lucid-updates/chromium-browser bug 2 Mature 2011-10-28 14:56:23 UTC
39. * New upstream release from the Stabl...

Author: Micah Gersten
Revision Date: 2011-10-27 00:23:10 UTC

* New upstream release from the Stable Channel (LP: #881786)
  This release fixes the following security issues:
  - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
    Jordi Chancel.
  - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
    to Jordi Chancel.
  - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
    download filenames. Credit to Marc Novak.
  - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
    Google Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - [94487] Medium CVE-2011-3878: Race condition in worker process
    initialization. Credit to miaubiz.
  - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
    to Vladimir Vorontsov, ONsec company.
  - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
    policy violations. Credit to Sergey Glazunov.
  - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
    Credit to Google Chrome Security Team (Inferno).
  - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
    miaubiz.
  - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
    Brian Ryner of the Chromium development community.
  - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
    style bugs leading to use-after-free. Credit to miaubiz.
  - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
    Christian Holler.
  - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
    Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - [99553] High CVE-2011-3890: Use-after-free in video source handling.
    Credit to Ami Fischman of the Chromium development community.
  - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.

[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
  - update debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/webkit_rev_parser.patch

[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
  - update debian/rules
* Do not install the pseudo_locales files in the debs
  - update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
  NaCl disabled, so this is a temporary workaround to unbreak the build, it
  must be fixed upstream
  - update debian/control
lp://staging/ubuntu/lucid/chromium-browser bug 1 Development 2010-04-17 18:28:46 UTC
11. [ Fabien Tassin <fta@ubuntu.com> ] * ...

Author: Fabien Tassin
Revision Date: 2010-04-16 17:36:29 UTC

[ Fabien Tassin <fta@ubuntu.com> ]
* Mention 'Chrome' in the main package description (LP: #561667)
  - update debian/control
* When 'gclient update' fails, clear up the cache and retry. This helps
  the channels updates often failing with a "Can't switch the checkout" error
  - update debian/rules

[ Chris Coulson <chris.coulson@canonical.com> ]
* Update the default search URL
  - update debian/rules
14 of 4 results FirstPreviousNextLast