[Pkg-chromium-commit] chromium-browser/chromium-browser.sid: 665 * Upload to unstable, this release fixes the following security issue:

Giuseppe Iuculano iuculano at debian.org
Tue Sep 7 16:49:29 UTC 2010 

Branch name: chromium-browser/chromium-browser.sid
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.sid
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 665
Revision Id: iuculano at debian.org-20100907164929-34z0egt8q1syzxrl
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : * Upload to unstable, this release fixes the following security issue:
  - [34414] Low Pop-up blocker bypass with blank frame target. Credit to
    Google Chrome Security Team (Inferno) and “ironfist99”.
  - [37201] Medium URL bar visual spoofing with homographic sequences. Credit
    to Chris Weber of Casaba Security.
  - [41654] Medium Apply more restrictions on setting clipboard content.
    Credit to Brook Novak.
  - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of
    the Google Security Team.
  - [45876] Medium Possible installed extension enumeration. Credit to
    Lostmon.
  - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google
    Chrome Security Team (SkyLined), Google Chrome Security Team
    (Justin Schuh) and Keith Campbell.
  - [50386] High Use-after-free in Notifications presenter. Credit to Sergey
    Glazunov.
  - [50839] High Notification permissions memory corruption. Credit to Michal
    Zalewski of the Google Security Team and Google Chrome Security Team
    (SkyLined).
  - [51630] [51739] High Integer errors in WebSockets. Credit to
    Keith Campbell and Google Chrome Security Team (Cris Neckar).
  - [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
  - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google
    Chrome Security Team (Inferno).
  - [52443] High Stale pointer in focus handling. Credit to VUPEN
    Vulnerability Research Team (VUPEN-SR-2010-249).
  - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh
    Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
  - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
 * Provide gnome-www-browser (Closes: #594057)
 * use startup-notification correctly (Closes: #581347)
 * the main scrollbar doesn'have anymore low contrast (Closes: #582648)
 * check DISPLAY envvar (Closes: #587398)
 * Doesn't segfault with cups (Closes: #593748)


--------------------------------------------------------
  ** Modified :
        - debian/changelog

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2010-09-04 06:28:51 +0000
+++ b/debian/changelog	2010-09-07 16:49:29 +0000
@@ -1,3 +1,42 @@
+chromium-browser (6.0.472.53~r57914-3) UNRELEASED; urgency=low
+
+  * Upload to unstable, this release fixes the following security issue:
+    - [34414] Low Pop-up blocker bypass with blank frame target. Credit to
+      Google Chrome Security Team (Inferno) and “ironfist99”.
+    - [37201] Medium URL bar visual spoofing with homographic sequences. Credit
+      to Chris Weber of Casaba Security.
+    - [41654] Medium Apply more restrictions on setting clipboard content.
+      Credit to Brook Novak.
+    - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of
+      the Google Security Team.
+    - [45876] Medium Possible installed extension enumeration. Credit to
+      Lostmon.
+    - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google
+      Chrome Security Team (SkyLined), Google Chrome Security Team
+      (Justin Schuh) and Keith Campbell.
+    - [50386] High Use-after-free in Notifications presenter. Credit to Sergey
+      Glazunov.
+    - [50839] High Notification permissions memory corruption. Credit to Michal
+      Zalewski of the Google Security Team and Google Chrome Security Team
+      (SkyLined).
+    - [51630] [51739] High Integer errors in WebSockets. Credit to
+      Keith Campbell and Google Chrome Security Team (Cris Neckar).
+    - [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
+    - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google
+      Chrome Security Team (Inferno).
+    - [52443] High Stale pointer in focus handling. Credit to VUPEN
+      Vulnerability Research Team (VUPEN-SR-2010-249).
+    - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh
+      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
+    - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
+   * Provide gnome-www-browser (Closes: #594057)
+   * use startup-notification correctly (Closes: #581347)
+   * the main scrollbar doesn'have anymore low contrast (Closes: #582648)
+   * check DISPLAY envvar (Closes: #587398)
+   * Doesn't segfault with cups (Closes: #593748)
+
+ -- Giuseppe Iuculano <iuculano at debian.org>  Tue, 07 Sep 2010 18:35:50 +0200
+
 chromium-browser (6.0.472.53~r57914-2) experimental; urgency=low
 
   * Do not install libppapi_tests.so and DumpRenderTree_resources/

More information about the Pkg-chromium-commit mailing list