Changelog
chromium-browser (54.0.2840.101-1) unstable; urgency=medium
* New upstream stable release:
- CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go
- CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
- CVE-2016-5187: URL spoofing. Credit to Luan Herrera
- CVE-2016-5188: UI spoofing. Credit to Luan Herrera
- CVE-2016-5192: Cross-origin bypass in Blink. Credit to
<email address hidden>
- CVE-2016-5189: URL spoofing. Credit to xisigr
- CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman
Alqabandi
- CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
- CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen
- CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen
Security Lab
- CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
- CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
* Remove libxslt symlinks from the upstream taball.
* Drop cups patch that's been applied upstream.
* Build using gn and drop gyp dependency.
* Update debian/copyright.
-- Michael Gilbert <email address hidden> Fri, 18 Nov 2016 01:36:36 +0000