[Pkg-chromium-commit] [SCM] Git repository for pkg-chromium branch, master, updated. debian/21.0.1180.89_r154005-1-4-gf840af3
Giuseppe Iuculano
iuculano at debian.org
Mon Oct 1 14:00:27 UTC 2012
The following commit has been merged in the master branch:
commit f840af35d1bccf5ce0ad4550c37183b1eebbe834
Author: Giuseppe Iuculano <iuculano at debian.org>
Date: Mon Oct 1 16:01:54 2012 +0200
Updated changelog
diff --git a/debian/changelog b/debian/changelog
index 8a43403..a1f7f0a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,51 @@
+chromium-browser (22.0.1229.79~r158531-1) unstable; urgency=low
+
+ * New stable release:
+ - High CVE-2012-2889: UXSS in frame handling. Credit to
+ Sergey Glazunov.
+ - High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey
+ Glazunov.
+ - High CVE-2012-2881: DOM tree corruption with plug-ins. Credit
+ to Chamal de Silva.
+ - High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
+ Credit to Atte Kettunen of OUSPG.
+ - High CVE-2012-2883: Out-of-bounds write in Skia. Credit to
+ Atte Kettunen of OUSPG.
+ - High CVE-2012-2887: Use-after-free in onclick handling.
+ Credit to Atte Kettunen of OUSPG.
+ - High CVE-2012-2888: Use-after-free in SVG text references.
+ Credit to miaubiz.
+ - High CVE-2012-2894: Crash in graphics context handling.
+ Credit to Sławomir Błażek.
+ - Medium CVE-2012-2877: Browser crash with extensions and modal
+ dialogs. Credit to Nir Moshe.
+ - Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.
+ - Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to
+ Atte Kettunen of OUSPG.
+ - High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google
+ Chrome Security Team (Inferno).
+ - High CVE-2012-2878: Use-after-free in plug-in handling. Credit to
+ Fermin Serna of Google Security Team.
+ - Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit
+ to Google Chrome Security Team (Cris Neckar).
+ - High CVE-2012-2882: Wild pointer in OGG container handling. Credit to
+ Google Chrome Security Team (Inferno).
+ - Medium CVE-2012-2885: Possible double free on exit. Credit to the
+ Chromium development community.
+ - Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the
+ Chromium development community.
+ - Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome
+ Security Team (Cris Neckar).
+ - High CVE-2012-2893: Double free in XSL transforms. Credit to Google
+ Chrome Security Team (Cris Neckar).
+ * [3de18b6] Use zlib internal copy. This is necessary due to the CRIME work
+ around. We can use the system zlib when chrome will remove
+ SPDY 2/3 support.
+ * [3b9811a] Updated patches
+ * [152902d] Install libvpx_obj_int_extract
+
+ -- Giuseppe Iuculano <iuculano at debian.org> Mon, 01 Oct 2012 15:22:27 +0200
+
chromium-browser (21.0.1180.89~r154005-1) unstable; urgency=high
* New stable security release:
--
Git repository for pkg-chromium
More information about the Pkg-chromium-commit
mailing list