[Pkg-chromium-commit] [pkg-chromium] 01/04: release 33.0.1750.152-1~deb7u1

Michael Gilbert mgilbert at moszumanska.debian.org
Sat May 17 19:48:53 UTC 2014 

This is an automated email from the git hooks/post-receive script.

mgilbert pushed a commit to branch wheezy
in repository pkg-chromium.

commit a705ab52b72ca6c824b2864172597d548600933a
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Sun Apr 13 20:23:09 2014 +0000

    release 33.0.1750.152-1~deb7u1
---
 debian/changelog | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ff75fbe..c4f63bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,45 @@
+chromium-browser (33.0.1750.152-1~deb7u1) stable-security; urgency=high
+
+  * New stable release:
+    - High CVE-2013-6653: Use-after-free related to web contents.
+      Credit to Khalil Zhani.
+    - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
+    - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
+    - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
+    - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil
+    - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
+    - Medium CVE-2013-6659: Issue with certificates validation in
+      TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
+      from Prosecco, Inria Paris.
+    - Low CVE-2013-6660: Information leak in drag and drop. Credit to
+      bishopjeffreys.
+    - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing
+      and other initiatives. Of these, seven are fixes for issues that could
+      have allowed for sandbox escapes from compromised renderers.
+    - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte
+      Kettunen of OUSPG.
+    - High CVE-2013-6664: Use-after-free in speech recognition.
+      Credit to Khalil Zhani.
+    - High CVE-2013-6665: Heap buffer overflow in software
+      rendering. Credit to cloudfuzzer.
+    - Medium CVE-2013-6666: Chrome allows requests in flash header request.
+      Credit to netfuzzerr.
+    - CVE-2013-6667: Various fixes from internal audits, fuzzing and other
+      initiatives.
+    - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10
+    - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
+    - High CVE-2014-1701: UXSS in events. Credit to aidanhs.
+    - High CVE-2014-1702: Use-after-free in web database.
+      Credit to Collin Payne.
+    - High CVE-2014-1703: Potential sandbox escape due to a use-after-free
+      in web sockets.
+    - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18
+    - High CVE-2014-1705: Memory corruption in V8
+    - High CVE-2014-1713: Use-after-free in Blink bindings
+    - High CVE-2014-1715: Directory traversal issue
+
+ -- Michael Gilbert <mgilbert at debian.org>  Sun, 23 Mar 2014 00:42:47 +0000
+
 chromium-browser (32.0.1700.123-1~deb7u1) stable-security; urgency=high
 
   * New ustream stable release:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git

More information about the Pkg-chromium-commit mailing list