[Pkg-chromium-commit] [SCM] Git repository for pkg-chromium branch, master, updated. debian/14.0.835.157_r99685-1-6-gaab210f

Giuseppe Iuculano iuculano at debian.org
Sat Sep 17 19:52:55 UTC 2011 

The following commit has been merged in the master branch:
commit aab210ff2e5cfa9331130c5ba09aa03d82d9ae6d
Author: Giuseppe Iuculano <iuculano at debian.org>
Date:   Sat Sep 17 21:52:34 2011 +0200

    New stable version

diff --git a/debian/changelog b/debian/changelog
index 5725e68..5819324 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,73 @@
+chromium-browser (14.0.835.163~r101024-1) unstable; urgency=low
+
+  [ Matteo F. Vescovi ]
+  * [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099)
+
+  [ Giuseppe Iuculano ]
+  * [ac85d47] Use system ffmpeg and icu
+  * [b4fbcd0] debian/gbp.conf: Added conf for git-dch
+  * [a4f4ee1] Do not install ffmpeg internal copy
+  * New stable release:
+    - High CVE-2011-2835: Race condition in the certificate cache.
+      Credit to Ryan Sleevi of the Chromium development community.
+    - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid
+      click-free access to the system Flash. Credit to electronixtar.
+    - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
+    - Low CVE-2011-2838: Treat MIME type more authoritatively when loading
+      plug-ins. Credit to Michal Zalewski of the Google Security Team.
+    - High CVE-2011-2839: Crash in v8 script object wrappers.
+      Credit to Kostya Serebryany of the Chromium development community.
+    - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.
+      Credit to kuzzcc.
+    - Medium CVE-2011-2843: Out-of-bounds read with media buffers.
+      Credit to Kostya Serebryany of the Chromium development community.
+    - Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
+      Credit to Mario Gomes.
+    - High CVE-2011-2846: Use-after-free in unload event handling.
+      Credit to Arthur Gerkis.
+    - High CVE-2011-2847: Use-after-free in document loader.
+      Credit to miaubiz.
+    - Medium CVE-2011-2848: URL bar spoof with forward button.
+      Credit to Jordi Chancel.
+    - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
+      Credit to Arthur Gerkis.
+    - Medium CVE-2011-3234: Out-of-bounds read in box handling.
+      Credit to miaubiz.
+    - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
+      Credit to miaubiz.
+    - Medium CVE-2011-2851: Out-of-bounds read in video handling.
+      Credit to Google Chrome Security Team (Inferno).
+    - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
+    - High CVE-2011-2853: Use-after-free in plug-in handling.
+      Credit to Google Chrome Security Team (SkyLined).
+    - High CVE-2011-2854: Use-after-free in ruby / table style handing.
+      Credit to Sławomir Błażek, and independent later discoveries by miaubiz
+      and Google Chrome Security Team (Inferno).
+    - High CVE-2011-2855: Stale node in stylesheet handling.
+      Credit to Arthur Gerkis.
+    - High CVE-2011-2856: Cross-origin bypass in v8.
+      Credit to Daniel Divricean.
+    - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
+    - High CVE-2011-2834: Double free in libxml XPath handling.
+      Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
+      Academy of Sciences.
+    - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages.
+      Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
+    - High CVE-2011-2860: Use-after-free in table style handling.
+      Credit to miaubiz.
+    - High CVE-2011-2862: Unintended access to v8 built-in objects.
+      Credit to Sergey Glazunov.
+    - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters.
+      Credit to Google Chrome Security Team (Inferno).
+    - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. 
+      Credit to Google Chrome Security Team (Inferno).
+    - Low CVE-2011-2874: Failure to pin a self-signed cert for a session. 
+      Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
+    - High CVE-2011-2875: Type confusion in v8 object sealing.
+      Credit to Christian Holler.
+
+ -- Giuseppe Iuculano <iuculano at debian.org>  Sat, 17 Sep 2011 21:46:29 +0200
+
 chromium-browser (14.0.835.157~r99685-1) experimental; urgency=low
 
   * New beta release
diff --git a/debian/patches/series b/debian/patches/series
index 1baa641..35bfb2f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,4 +18,4 @@ webkit-version.patch
 cups1.5.patch
 system_v8.patch
 system_v8_i18n.patch
-protobuf.patch
+#protobuf.patch
diff --git a/debian/rules b/debian/rules
index add64fc..92a05ed 100755
--- a/debian/rules
+++ b/debian/rules
@@ -487,7 +487,7 @@ ifneq (i386,$(DEB_HOST_ARCH_CPU))
 	rm -rf $(CURDIR)/debian/tmp/$(LIB_DIR)/resources/inspector/*
 endif
 ifeq (1,$(USE_SYSTEM_FFMPEG))
-	 Install symlinks to system ffmpeg libs
+	# Install symlinks to system ffmpeg libs
 	ln -sf "/usr/lib/$(LIBAVCODEC_BASENAME)" \
 		"$(CURDIR)/debian/$(DEBIAN_NAME)/$(LIB_DIR)/$(LIBAVCODEC_BASENAME)"
 	ln -sf "/usr/lib/$(LIBAVFORMAT_BASENAME)" \

-- 
Git repository for pkg-chromium

More information about the Pkg-chromium-commit mailing list