lp://qastaging/debian/chromium-browser

Created by James Westby and last modified
Get this branch:
bzr branch lp://qastaging/debian/chromium-browser
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

55. By Giuseppe Iuculano

[ Matteo F. Vescovi ]
* [fb744c6] debian/control: cosmetic typo corrections (Closes: #644386)

[ Giuseppe Iuculano ]
* New stable release:
- High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi
  Chancel.
- Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to
  Jordi Chancel.
- Low CVE-2011-3876: Avoid stripping whitespace at the end of download
  filenames. Credit to Marc Novak.
- Low CVE-2011-3877: XSS in appcache internals page. Credit to Google
  Chrome Security Team (Tom Sepez) plus independent discovery by
  Juho Nurminen.
- Medium CVE-2011-3878: Race condition in worker process initialization.
  Credit to miaubiz.
- Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
  Masato Kinugawa.
- Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to
  Vladimir Vorontsov, ONsec company.
- High CVE-2011-3881: Cross-origin policy violations.
  Credit to Sergey Glazunov.
- High CVE-2011-3882: Use-after-free in media buffer handling. Credit to
  Google Chrome Security Team (Inferno).
- High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
- High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian
  Ryner of the Chromium development community.
- High CVE-2011-3885: Stale style bugs leading to use-after-free.
  Credit to miaubiz.
- High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
- Medium CVE-2011-3887: Cookie theft with javascript URIs.
  Credit to Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
  Credit to miaubiz.
- High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- High CVE-2011-3890: Use-after-free in video source handling. Credit to
  Ami Fischman of the Chromium development community.
- High CVE-2011-3891: Exposure of internal v8 functions. Credit to
  Steven Keuchel of the Chromium development community plus independent
  discovery by Daniel Divricean.
* [62dfe31] Refreshed patches
* [ebe38a0] Added scons, libelf-dev, and python-simplejson in Build-Depends
* [301651c] Use icu and libv8 private copy and disable nacl

[ Jonathan Nieder ]
* [59f4ae6] debian/licenses: add Ms-PL license snippet.
  Thanks to Alexander Reichle-Schmehl (Closes: #647528)

54. By Giuseppe Iuculano

[ Michael Gilbert ]
* [0e3387d] Remove unneeded shlibs:Depends
* [d7d8b22] Support libav's transition to multiarch
* [3211a33] Use url to writable git repo in vcs-git field
* [1c83896] Use relative symlinks to ffmpeg libraries

[ Giuseppe Iuculano ]
* New stable release:
  - High CVE-2011-2876: Use-after-free in text line box handling.
    Credit to miaubiz.
  - High CVE-2011-2877: Stale font in SVG text handling. Credit to
    miaubiz.
  - High CVE-2011-2878: Inappropriate cross-origin access to the
    window prototype. Credit to Sergey Glazunov.
  - High CVE-2011-2879: Lifetime and threading issues in audio node
    handling. Credit to Google Chrome Security Team (Inferno).
  - High CVE-2011-2880: Use-after-free in the v8
    bindings. Credit to Sergey Glazunov.
  - High CVE-2011-2881: Memory corruption with v8 hidden objects.
    Credit to Sergey Glazunov.
  - Critical CVE-2011-3873: Memory corruption in shader translator.

53. By Giuseppe Iuculano

[ Matteo F. Vescovi ]
* [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099)

[ Giuseppe Iuculano ]
* [ac85d47] Use system ffmpeg and icu
* [b4fbcd0] debian/gbp.conf: Added conf for git-dch
* [a4f4ee1] Do not install ffmpeg internal copy
* New stable release:
  - High CVE-2011-2835: Race condition in the certificate cache.
    Credit to Ryan Sleevi of the Chromium development community.
  - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid
    click-free access to the system Flash. Credit to electronixtar.
  - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
  - Low CVE-2011-2838: Treat MIME type more authoritatively when loading
    plug-ins. Credit to Michal Zalewski of the Google Security Team.
  - High CVE-2011-2839: Crash in v8 script object wrappers.
    Credit to Kostya Serebryany of the Chromium development community.
  - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.
    Credit to kuzzcc.
  - Medium CVE-2011-2843: Out-of-bounds read with media buffers.
    Credit to Kostya Serebryany of the Chromium development community.
  - Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
    Credit to Mario Gomes.
  - High CVE-2011-2846: Use-after-free in unload event handling.
    Credit to Arthur Gerkis.
  - High CVE-2011-2847: Use-after-free in document loader.
    Credit to miaubiz.
  - Medium CVE-2011-2848: URL bar spoof with forward button.
    Credit to Jordi Chancel.
  - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
    Credit to Arthur Gerkis.
  - Medium CVE-2011-3234: Out-of-bounds read in box handling.
    Credit to miaubiz.
  - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
    Credit to miaubiz.
  - Medium CVE-2011-2851: Out-of-bounds read in video handling.
    Credit to Google Chrome Security Team (Inferno).
  - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
  - High CVE-2011-2853: Use-after-free in plug-in handling.
    Credit to Google Chrome Security Team (SkyLined).
  - High CVE-2011-2854: Use-after-free in ruby / table style handing.
    Credit to Sławomir Błażek, and independent later discoveries by miaubiz
    and Google Chrome Security Team (Inferno).
  - High CVE-2011-2855: Stale node in stylesheet handling.
    Credit to Arthur Gerkis.
  - High CVE-2011-2856: Cross-origin bypass in v8.
    Credit to Daniel Divricean.
  - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
  - High CVE-2011-2834: Double free in libxml XPath handling.
    Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
    Academy of Sciences.
  - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages.
    Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
  - High CVE-2011-2860: Use-after-free in table style handling.
    Credit to miaubiz.
  - High CVE-2011-2862: Unintended access to v8 built-in objects.
    Credit to Sergey Glazunov.
  - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters.
    Credit to Google Chrome Security Team (Inferno).
  - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
    Credit to Google Chrome Security Team (Inferno).
  - Low CVE-2011-2874: Failure to pin a self-signed cert for a session.
    Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
  - High CVE-2011-2875: Type confusion in v8 object sealing.
    Credit to Christian Holler.

52. By Giuseppe Iuculano

[ Giuseppe Iuculano ]
* Fixed the dummy chromium-browser-l10n dependency (Closes: 639126)
* New stable release:
  - Revoked trust for SSL certificates issued by DigiNotar-controlled
    intermediate CAs used by the Dutch PKIoverheid program.

[ Jonathan Nieder ]
* Add a replace and breaks entry to reflect the compatibility symlinks
  having moved to the chromium-browser package.

[ Michael Gilbert ]
* Fix lintian warning.
* Fix manpage comment characters.
* Strip the Native Client Integrated RunTime (NaCl IRT) libraries.
* Objectify an old changelog entry (closes: #606261).

51. By Giuseppe Iuculano

[ Michael Gilbert ]
* Remove all automatically generated files during clean up (this makes
  it possible to build from source twice in a row now).
* Bump standards version to 3.9.2.
* Fix an obsolete character encoding in debian/copyright.
* Fix build failure with cups >= 1.5.0.
* Don't support lenny's cups anymore.
* Use system config.guess and config.sub for yasm's autotools files.
* Add chromium-browser.png symlink so old menu entries keep their icons
  (closes: #622841).
* Add chromium-browser manpage symlink.
* Clean up package short descriptions.

[ Giuseppe Iuculano ]
* Move the compatibility symlinks to the chromium-browser package
* Fix the Vcs-Browser control field
* New stable release:
  - High CVE-2011-2823: Use-after-free in line box handling. Credit to Google
    Chrome Security Team (SkyLined) and independent later discovery
    by miaubiz.
  - High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
  - High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of
    team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later
    discovery by miaubiz.
  - High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang
    Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  - High CVE-2011-2826: Cross-origin violation with empty origins.
    Credit to Sergey Glazunov.
  - High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
  - High CVE-2011-2828: Out-of-bounds write in v8.
    Credit to Google Chrome Security Team (SkyLined).
  - High CVE-2011-2829: Integer overflow in uniform arrays.
    Credit to Sergey Glazunov.
* Added autotools-dev in Build-Depends

50. By Giuseppe Iuculano

* New stable version
  - Medium CVE-2011-2358: Always confirm an extension install via a browser
    dialog. Credit to Sergey Glazunov.
  - High CVE-2011-2359: Stale pointer due to bad line box tracking in
    rendering. Credit to miaubiz and Martin Barbella.
  - Low CVE-2011-2360: Potential bypass of dangerous file prompt.
    Credit to kuzzcc.
  - Low CVE-2011-2361: Improve designation of strings in the basic auth
    dialog. Credit to kuzzcc.
  - Medium CVE-2011-2782: File permissions error with drag and drop.
    Credit to Evan Martin of the Chromium development community.
  - Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension
    install via a browser dialog. Credit to Sergey Glazunov.
  - Low CVE-2011-2784: Local file path disclosure via GL program log.
    Credit to kuzzcc.
  - Low CVE-2011-2785: Sanitize the homepage URL in extensions.
    Credit to kuzzcc.
  - Low CVE-2011-2786: Make sure the speech input bubble is always on-screen.
    Credit to Olli Pettay of Mozilla.
  - Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue.
    Credit to kuzzcc.
  - Low CVE-2011-2788: Buffer overflow in inspector serialization.
    Credit to Mikołaj Małecki.
  - Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation.
    Credit to Mario Gomes and kuzzcc.
  - High CVE-2011-2790: Use-after-free with floating styles.
    Credit to miaubiz.
  - High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning
    from NCNIPC, Graduate University of Chinese Academy of Sciences.
  - High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
  - High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
  - Medium CVE-2011-2794: Out-of-bounds read in text iteration.
    Credit to miaubiz.
  - Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
  - High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome
    Security Team (Inferno) and Kostya Serebryany of the Chromium
    development community.
  - High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
  - Low CVE-2011-2798: Prevent a couple of internal schemes from being web
    accessible. Credit to sirdarckcat of the Google Security Team.
  - High CVE-2011-2799: Use-after-free in HTML range handling.
    Credit to miaubiz.
  - Medium CVE-2011-2800: Leak of client-side redirect target.
    Credit to Juho Nurminen.
  - High CVE-2011-2802: v8 crash with const lookups.
    Credit to Christian Holler.
  - Medium CVE-2011-2803: Out-of-bounds read in Skia paths.
    Credit to Google Chrome Security Team (Inferno).
  - High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
  - High CVE-2011-2818: Use-after-free in display box rendering.
    Credit to Martin Barbella.
  - High CVE-2011-2805: Cross-origin script injection.
    Credit to Sergey Glazunov.
  - [90222] High CVE-2011-2819: Cross-origin violation in base URI handling.
    Credit to Sergey Glazunov.
* Re-added binutils-gold in Build-depends
* Refreshed patches
* Switch to git
* Use system vpx, flac, webp, speex libs
* Build-depens on gyp >= 0.1~svn971
* Run the gclient hooks when creating the source tarball, as we need files
  from the Native Client's integrated runtime (IRT) library
  (Thanks to Fabien Tassin)
* Install the NaCL IRT files
* Added a lintian override for the NaCL IRT files

49. By Giuseppe Iuculano

* New stable micro release
- [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling.
  Credit to Philippe Arteau.
- [84355] High CVE-2011-2346: Use-after-free in SVG font handling.
  Credit to miaubiz.
- [85003] High CVE-2011-2347: Memory corruption in CSS parsing.
  Credit to miaubiz.
- [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser.
  Credit to miaubiz.
- [85177] High CVE-2011-2348: Bad bounds check in v8.
  Credit to Aki Helin of OUSPG.
- [85211] High CVE-2011-2351: Use-after-free with SVG use element.
  Credit to miaubiz.
- [85418] High CVE-2011-2349: Use-after-free in text selection.
  Credit to miaubiz.
* Do not use the experimental gold linker

48. By Giuseppe Iuculano

* New stable major release (Closes: 630548)
  - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues
    in float handling. Credit to miaubiz.
  - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
    Credit to Google Chrome Security Team (SkyLined).
  - [75643] Low CVE-2011-1810: Visit history information leak in CSS.
    Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research
  - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
    Credit to “DimitrisV22”.
  - [77026] Medium CVE-2011-1812: Extensions permission bypass.
    Credit to kuzzcc.
  - [78516] High CVE-2011-1813: Stale pointer in extension framework.
    Credit to Google Chrome Security Team (Inferno).
  - [79362] Medium CVE-2011-1814: Read from uninitialized pointer.
    Credit to Eric Roman of the Chromium development community.
  - [79862] Low CVE-2011-1815: Extension script injection into new tab page.
    Credit to kuzzcc.
  - [80358] Medium CVE-2011-1816: Use-after-free in developer tools.
    Credit to kuzzcc.
  - [81916] Medium CVE-2011-1817: Browser memory corruption in history
    deletion. Credit to Collin Payne.
  - [81949] High CVE-2011-1818: Use-after-free in image loader.
    Credit to miaubiz.
  - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
    Credit to Vladislavas Jarmalis, plus subsequent independent discovery
    by Sergey Glazunov.
  - [83275] High CVE-2011-2332: Same origin bypass in v8.
    Credit to Sergey Glazunov.
  - [83743] High CVE-2011-2342: Same origin bypass in DOM.
    Credit to Sergey Glazunov.
* Refreshed patches.
* Use internal libv8 copy
* Use internal protobuf copy
* Remove armel from archs, too many toolchain issues and we want chromium in
  testing.
* Override the embedded-library error, chromium uses a modified sqlite copy.

47. By Giuseppe Iuculano

* New Stable release:
- [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva
- [82546] High CVE-2011-1804: Stale pointer in floats rendering.
  Credit to Martin Barbella.
- [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer.
  Credit to Google Chrome Security Team (Cris Neckar).
- [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling.
  Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the
  Chromium development community.

46. By Giuseppe Iuculano

Use the experimental gold linker

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers