Ubuntu
chromium-browser package

chromium-browser 52.0.2743.116-0ubuntu0.14.04.1.1134 source package in Ubuntu

Changelog

chromium-browser (52.0.2743.116-0ubuntu0.14.04.1.1134) trusty-security; urgency=medium

  * Upstream release 52.0.2743.116:
    - CVE-2016-5141 Address bar spoofing.
    - CVE-2016-5142 Use-after-free in Blink.
    - CVE-2016-5139 Heap overflow in pdfium.
    - CVE-2016-5140 Heap overflow in pdfium.
    - CVE-2016-5145 Same origin bypass for images in Blink.
    - CVE-2016-5143 Parameter sanitization failure in DevTools.
    - CVE-2016-5144 Parameter sanitization failure in DevTools.
    - CVE-2016-5146: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Exclude harfbuzz from system-library use.
  * Upstream release 52.0.2743.82:
    - CVE-2016-1706: Sandbox escape in PPAPI.
    - CVE-2016-1707: URL spoofing on iOS.
    - CVE-2016-1708: Use-after-free in Extensions.
    - CVE-2016-1709: Heap-buffer-overflow in sfntly.
    - CVE-2016-1710: Same-origin bypass in Blink.
    - CVE-2016-1711: Same-origin bypass in Blink.
    - CVE-2016-5127: Use-after-free in Blink.
    - CVE-2016-5128: Same-origin bypass in V8.
    - CVE-2016-5129: Memory corruption in V8.
    - CVE-2016-5130: URL spoofing.
    - CVE-2016-5131: Use-after-free in libxml.
    - CVE-2016-5132: Limited same-origin bypass in Service Workers.
    - CVE-2016-5133: Origin confusion in proxy authentication.
    - CVE-2016-5134: URL leakage via PAC script.
    - CVE-2016-5135: Content-Security-Policy bypass.
    - CVE-2016-5136: Use after free in extensions.
    - CVE-2016-5137: History sniffing with HSTS and CSP.
    - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
      initiatives
  * Upstream release 51.0.2704.106
  * Upstream release 51.0.2704.103:
    - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/control: remvove build-dep on clang.
  * Sync many things from debian:
    - No longer build remoting, or install its locale files.
    - Use many system libraries, adding build-dep on
        - libre2-dev,
        - yasm,
        - libopus-dev,
        - zlib1g-dev,
        - libspeex-dev,
        - libspeechd-dev,
        - libexpat1-dev,
        - libpng-dev,
        - libxml2-dev,
        - libjpeg-dev,
        - libwebp-dev,
        - libxslt-dev,
        - libsrtp-dev,
        - libjsoncpp-dev,
        - libevent-dev,
    - Clean up many parts of debian/rules, wrt variable names
    - Set hardening on.
    - Use gold linker.
    - Disable Google Now. Creepy. Might mean downloads of opaque programs too.
    - Disable Wallet service.
  * debian/compat: Use dh version 9.
  * debian/rules: Improve "cd;foo" logic.
  * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
    build failures in servers.
  * debian/rules: Move check steps into install steps. No need to be separate,
    and simplifies target names.
  * debian/rules: Make en-us locale files less magical, and simplify install.
  * debian/rules: Work around change to tar command param order with
    --exclude.
  * debian/rules: Don't use tcmalloc on armhf.
  * debian/rules: Remove precise-specific conditions. More simple.
  * debian/rules: In install-validation, don't use mktemp. Hard-code
    destination.
  * debian/patches/gsettings-display-scaling: Disable because code moved and
    needs refactoring.
  * debian/patches/display-scaling-default-value: Disable because probbly not
    needed any more.
  * debian/rules: widevine cdm is not really available in this source. No
    longer lie about that.
  * Set new GOOG keys to bisect service overuse problem.

 -- Chad MILLER <email address hidden>  Wed, 24 Aug 2016 13:30:26 -0400

Upload details

Uploaded by:
Chad Miller
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
armhf armel i386 amd64 all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
chromium-browser_52.0.2743.116.orig.tar.xz 436.9 MiB a194ae1edb041024b3d4b6ba438f32fefdb6f1ecb24a96c50248a486b237a101
chromium-browser_52.0.2743.116-0ubuntu0.14.04.1.1134.debian.tar.xz 528.2 KiB 5b84736a2f5a333a2a65fe3688724d78315937e5fd052e890f6cb351f4719d26
chromium-browser_52.0.2743.116-0ubuntu0.14.04.1.1134.dsc 3.0 KiB fb954515b316e735fd7e08ce2945c744ae74fadfe5838c84e264addce21ef299

View changes file

Binary packages built by this source

chromium-browser: Chromium web browser, open-source version of Chrome

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.

chromium-browser-dbgsym: debug symbols for package chromium-browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.

chromium-browser-l10n: chromium-browser language packages

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains language packages for 65 languages:
 am, ar, ast, bg, bn, bs, ca, ca@valencia, cs, da, de, el, en-AU, en-GB, eo,
 es-419, es, et, eu, fa, fil, fi, fr, gl, gu, he, hi, hr, hu, hy, ia, id, it,
 ja, ka, kn, ko, ku, kw, lt, lv, ml, mr, ms, nb, nl, pl, pt-BR, pt-PT, ro, ru,
 sk, sl, sr, sv, sw, ta, te, th, tr, ug, uk, vi, zh-CN, zh-TW

chromium-chromedriver: WebDriver driver for the Chromium Browser

 Chromedriver serves as a bridge between Chromium Browser and Selenium
 WebDriver.
 .
 See https://sites.google.com/a/chromium.org/chromedriver/ for details.

chromium-chromedriver-dbgsym: debug symbols for package chromium-chromedriver

 Chromedriver serves as a bridge between Chromium Browser and Selenium
 WebDriver.
 .
 See https://sites.google.com/a/chromium.org/chromedriver/ for details.

chromium-codecs-ffmpeg: Free ffmpeg codecs for the Chromium Browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additional codecs

chromium-codecs-ffmpeg-dbgsym: debug symbols for package chromium-codecs-ffmpeg

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additional codecs

chromium-codecs-ffmpeg-extra: Extra ffmpeg codecs for the Chromium Browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs

chromium-codecs-ffmpeg-extra-dbgsym: debug symbols for package chromium-codecs-ffmpeg-extra

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs