lp://qastaging/debian/chromium-browser
- Get this branch:
- bzr branch lp://qastaging/debian/chromium-browser
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 55. By Giuseppe Iuculano
-
[ Matteo F. Vescovi ]
* [fb744c6] debian/control: cosmetic typo corrections (Closes: #644386)[ Giuseppe Iuculano ]
* New stable release:
- High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi
Chancel.
- Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to
Jordi Chancel.
- Low CVE-2011-3876: Avoid stripping whitespace at the end of download
filenames. Credit to Marc Novak.
- Low CVE-2011-3877: XSS in appcache internals page. Credit to Google
Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- Medium CVE-2011-3878: Race condition in worker process initialization.
Credit to miaubiz.
- Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to
Vladimir Vorontsov, ONsec company.
- High CVE-2011-3881: Cross-origin policy violations.
Credit to Sergey Glazunov.
- High CVE-2011-3882: Use-after-free in media buffer handling. Credit to
Google Chrome Security Team (Inferno).
- High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
- High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian
Ryner of the Chromium development community.
- High CVE-2011-3885: Stale style bugs leading to use-after-free.
Credit to miaubiz.
- High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
- Medium CVE-2011-3887: Cookie theft with javascript URIs.
Credit to Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- High CVE-2011-3890: Use-after-free in video source handling. Credit to
Ami Fischman of the Chromium development community.
- High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
* [62dfe31] Refreshed patches
* [ebe38a0] Added scons, libelf-dev, and python-simplejson in Build-Depends
* [301651c] Use icu and libv8 private copy and disable nacl[ Jonathan Nieder ]
* [59f4ae6] debian/licenses: add Ms-PL license snippet.
Thanks to Alexander Reichle-Schmehl (Closes: #647528) - 54. By Giuseppe Iuculano
-
[ Michael Gilbert ]
* [0e3387d] Remove unneeded shlibs:Depends
* [d7d8b22] Support libav's transition to multiarch
* [3211a33] Use url to writable git repo in vcs-git field
* [1c83896] Use relative symlinks to ffmpeg libraries[ Giuseppe Iuculano ]
* New stable release:
- High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
- High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.
- Critical CVE-2011-3873: Memory corruption in shader translator. - 53. By Giuseppe Iuculano
-
[ Matteo F. Vescovi ]
* [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099)[ Giuseppe Iuculano ]
* [ac85d47] Use system ffmpeg and icu
* [b4fbcd0] debian/gbp.conf: Added conf for git-dch
* [a4f4ee1] Do not install ffmpeg internal copy
* New stable release:
- High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi of the Chromium development community.
- Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid
click-free access to the system Flash. Credit to electronixtar.
- Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
- Low CVE-2011-2838: Treat MIME type more authoritatively when loading
plug-ins. Credit to Michal Zalewski of the Google Security Team.
- High CVE-2011-2839: Crash in v8 script object wrappers.
Credit to Kostya Serebryany of the Chromium development community.
- Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.
Credit to kuzzcc.
- Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany of the Chromium development community.
- Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
Credit to Mario Gomes.
- High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- High CVE-2011-2847: Use-after-free in document loader.
Credit to miaubiz.
- Medium CVE-2011-2848: URL bar spoof with forward button.
Credit to Jordi Chancel.
- Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- Medium CVE-2011-3234: Out-of-bounds read in box handling.
Credit to miaubiz.
- Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
- High CVE-2011-2853: Use-after-free in plug-in handling.
Credit to Google Chrome Security Team (SkyLined).
- High CVE-2011-2854: Use-after-free in ruby / table style handing.
Credit to Sławomir Błażek, and independent later discoveries by miaubiz
and Google Chrome Security Team (Inferno).
- High CVE-2011-2855: Stale node in stylesheet handling.
Credit to Arthur Gerkis.
- High CVE-2011-2856: Cross-origin bypass in v8.
Credit to Daniel Divricean.
- High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
- High CVE-2011-2834: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
- Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages.
Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
- High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
- High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters.
Credit to Google Chrome Security Team (Inferno).
- Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- Low CVE-2011-2874: Failure to pin a self-signed cert for a session.
Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
- High CVE-2011-2875: Type confusion in v8 object sealing.
Credit to Christian Holler. - 52. By Giuseppe Iuculano
-
[ Giuseppe Iuculano ]
* Fixed the dummy chromium-browser- l10n dependency (Closes: 639126)
* New stable release:
- Revoked trust for SSL certificates issued by DigiNotar-controlled
intermediate CAs used by the Dutch PKIoverheid program.[ Jonathan Nieder ]
* Add a replace and breaks entry to reflect the compatibility symlinks
having moved to the chromium-browser package.[ Michael Gilbert ]
* Fix lintian warning.
* Fix manpage comment characters.
* Strip the Native Client Integrated RunTime (NaCl IRT) libraries.
* Objectify an old changelog entry (closes: #606261). - 51. By Giuseppe Iuculano
-
[ Michael Gilbert ]
* Remove all automatically generated files during clean up (this makes
it possible to build from source twice in a row now).
* Bump standards version to 3.9.2.
* Fix an obsolete character encoding in debian/copyright.
* Fix build failure with cups >= 1.5.0.
* Don't support lenny's cups anymore.
* Use system config.guess and config.sub for yasm's autotools files.
* Add chromium-browser. png symlink so old menu entries keep their icons
(closes: #622841).
* Add chromium-browser manpage symlink.
* Clean up package short descriptions.[ Giuseppe Iuculano ]
* Move the compatibility symlinks to the chromium-browser package
* Fix the Vcs-Browser control field
* New stable release:
- High CVE-2011-2823: Use-after-free in line box handling. Credit to Google
Chrome Security Team (SkyLined) and independent later discovery
by miaubiz.
- High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
- High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of
team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later
discovery by miaubiz.
- High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
- High CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
- High CVE-2011-2828: Out-of-bounds write in v8.
Credit to Google Chrome Security Team (SkyLined).
- High CVE-2011-2829: Integer overflow in uniform arrays.
Credit to Sergey Glazunov.
* Added autotools-dev in Build-Depends - 50. By Giuseppe Iuculano
-
* New stable version
- Medium CVE-2011-2358: Always confirm an extension install via a browser
dialog. Credit to Sergey Glazunov.
- High CVE-2011-2359: Stale pointer due to bad line box tracking in
rendering. Credit to miaubiz and Martin Barbella.
- Low CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- Low CVE-2011-2361: Improve designation of strings in the basic auth
dialog. Credit to kuzzcc.
- Medium CVE-2011-2782: File permissions error with drag and drop.
Credit to Evan Martin of the Chromium development community.
- Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension
install via a browser dialog. Credit to Sergey Glazunov.
- Low CVE-2011-2784: Local file path disclosure via GL program log.
Credit to kuzzcc.
- Low CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- Low CVE-2011-2786: Make sure the speech input bubble is always on-screen.
Credit to Olli Pettay of Mozilla.
- Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue.
Credit to kuzzcc.
- Low CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation.
Credit to Mario Gomes and kuzzcc.
- High CVE-2011-2790: Use-after-free with floating styles.
Credit to miaubiz.
- High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning
from NCNIPC, Graduate University of Chinese Academy of Sciences.
- High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
- High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
- Medium CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
- High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome
Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
- Low CVE-2011-2798: Prevent a couple of internal schemes from being web
accessible. Credit to sirdarckcat of the Google Security Team.
- High CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- Medium CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- High CVE-2011-2802: v8 crash with const lookups.
Credit to Christian Holler.
- Medium CVE-2011-2803: Out-of-bounds read in Skia paths.
Credit to Google Chrome Security Team (Inferno).
- High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
- High CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- High CVE-2011-2805: Cross-origin script injection.
Credit to Sergey Glazunov.
- [90222] High CVE-2011-2819: Cross-origin violation in base URI handling.
Credit to Sergey Glazunov.
* Re-added binutils-gold in Build-depends
* Refreshed patches
* Switch to git
* Use system vpx, flac, webp, speex libs
* Build-depens on gyp >= 0.1~svn971
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library
(Thanks to Fabien Tassin)
* Install the NaCL IRT files
* Added a lintian override for the NaCL IRT files - 49. By Giuseppe Iuculano
-
* New stable micro release
- [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling.
Credit to Philippe Arteau.
- [84355] High CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High CVE-2011-2347: Memory corruption in CSS parsing.
Credit to miaubiz.
- [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser.
Credit to miaubiz.
- [85177] High CVE-2011-2348: Bad bounds check in v8.
Credit to Aki Helin of OUSPG.
- [85211] High CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High CVE-2011-2349: Use-after-free in text selection.
Credit to miaubiz.
* Do not use the experimental gold linker - 48. By Giuseppe Iuculano
-
* New stable major release (Closes: 630548)
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues
in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass.
Credit to kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79362] Medium CVE-2011-1814: Read from uninitialized pointer.
Credit to Eric Roman of the Chromium development community.
- [79862] Low CVE-2011-1815: Extension script injection into new tab page.
Credit to kuzzcc.
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools.
Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [81949] High CVE-2011-1818: Use-after-free in image loader.
Credit to miaubiz.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8.
Credit to Sergey Glazunov.
- [83743] High CVE-2011-2342: Same origin bypass in DOM.
Credit to Sergey Glazunov.
* Refreshed patches.
* Use internal libv8 copy
* Use internal protobuf copy
* Remove armel from archs, too many toolchain issues and we want chromium in
testing.
* Override the embedded-library error, chromium uses a modified sqlite copy. - 47. By Giuseppe Iuculano
-
* New Stable release:
- [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva
- [82546] High CVE-2011-1804: Stale pointer in floats rendering.
Credit to Martin Barbella.
- [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer.
Credit to Google Chrome Security Team (Cris Neckar).
- [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the
Chromium development community.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)