[Pkg-chromium-commit] [pkg-chromium] 01/04: release 33.0.1750.152-1~deb7u1
Michael Gilbert
mgilbert at moszumanska.debian.org
Sat May 17 19:48:53 UTC 2014
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch wheezy
in repository pkg-chromium.
commit a705ab52b72ca6c824b2864172597d548600933a
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sun Apr 13 20:23:09 2014 +0000
release 33.0.1750.152-1~deb7u1
---
debian/changelog | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index ff75fbe..c4f63bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,45 @@
+chromium-browser (33.0.1750.152-1~deb7u1) stable-security; urgency=high
+
+ * New stable release:
+ - High CVE-2013-6653: Use-after-free related to web contents.
+ Credit to Khalil Zhani.
+ - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
+ - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
+ - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
+ - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil
+ - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
+ - Medium CVE-2013-6659: Issue with certificates validation in
+ TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
+ from Prosecco, Inria Paris.
+ - Low CVE-2013-6660: Information leak in drag and drop. Credit to
+ bishopjeffreys.
+ - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing
+ and other initiatives. Of these, seven are fixes for issues that could
+ have allowed for sandbox escapes from compromised renderers.
+ - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte
+ Kettunen of OUSPG.
+ - High CVE-2013-6664: Use-after-free in speech recognition.
+ Credit to Khalil Zhani.
+ - High CVE-2013-6665: Heap buffer overflow in software
+ rendering. Credit to cloudfuzzer.
+ - Medium CVE-2013-6666: Chrome allows requests in flash header request.
+ Credit to netfuzzerr.
+ - CVE-2013-6667: Various fixes from internal audits, fuzzing and other
+ initiatives.
+ - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10
+ - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
+ - High CVE-2014-1701: UXSS in events. Credit to aidanhs.
+ - High CVE-2014-1702: Use-after-free in web database.
+ Credit to Collin Payne.
+ - High CVE-2014-1703: Potential sandbox escape due to a use-after-free
+ in web sockets.
+ - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18
+ - High CVE-2014-1705: Memory corruption in V8
+ - High CVE-2014-1713: Use-after-free in Blink bindings
+ - High CVE-2014-1715: Directory traversal issue
+
+ -- Michael Gilbert <mgilbert at debian.org> Sun, 23 Mar 2014 00:42:47 +0000
+
chromium-browser (32.0.1700.123-1~deb7u1) stable-security; urgency=high
* New ustream stable release:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list