lp://qastaging/~brandonsnider/chromium-browser/chromium-browser.stable
- Get this branch:
- bzr branch lp://qastaging/~brandonsnider/chromium-browser/chromium-browser.stable
Branch merges
- Chromium team: Pending requested
-
Diff: 11 lines (+1/-1)1 file modifieddebian/rules (+1/-1)
Branch information
Recent revisions
- 664. By Micah Gersten
-
* Merge from chromium-
browser. precise and exclude the xz deb change * New upstream release from the Stable Channel (LP: #881786)
- fix LP: #881607 - Error initializing NSS without a persistent database
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
* Refresh patches
- update debian/patches/ dlopen_ sonamed_ gl.patch
- update debian/patches/ webkit_ rev_parser. patch
* Dropped patches, fixed upstream
- remove debian/patches/ cups_1. 5_build_ fix.patch
- update debian/patches/ series
* Don't depend on cdbs being installed to create a tarball
- update debian/rules
- update debian/cdbs/tarball. mk
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control - 663. By Micah Gersten
-
Merge from chromium-
browser. precise
* Switch maintainer to Ubuntu Developers; Thanks to Fabien Tassin for all
his work on this package
- update debian/control
* Switch to internal libvpx; This makes updating easier after release
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control
* Switch to default libjpeg
- update debian/control
* Update Vcs-Bzr for precise
- update debian/control* Also fix Vcs-Bzr for the stable branch
- 662. By Chris Coulson
-
* Don't depend on cdbs being installed to create a tarball
- update debian/rules
- update debian/cdbs/tarball. mk
Branch metadata
- Branch format:
- Branch format 6
- Repository format:
- Bazaar pack repository format 1 (needs bzr 0.92)