[Pkg-chromium-commit] [pkg-chromium] 02/02: release 44.0.2403.89-1~deb8u1

Sat Sep 5 17:42:06 UTC 2015

This is an automated email from the git hooks/post-receive script.

mgilbert pushed a commit to annotated tag debian/44.0.2403.89-1_deb8u1
in repository pkg-chromium.

commit 77fc33612fc6778228528e520c5023babe411d73
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Thu Jul 23 18:35:26 2015 -0400

    release 44.0.2403.89-1~deb8u1
---
 debian/changelog                   | 59 ++++++++++++++++++++++++++++++++++++++
 debian/chromium.install            |  1 -
 debian/patches/clang.patch         |  2 +-
 debian/patches/disable/promo.patch |  2 +-
 debian/patches/manpage.patch       |  2 +-
 debian/patches/nspr.patch          |  2 +-
 debian/patches/series              |  1 -
 debian/patches/system-speech.patch |  2 +-
 8 files changed, 64 insertions(+), 7 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 9d82f4e..57321b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,62 @@
+chromium-browser (44.0.2403.89-1~deb8u1) jessie-security; urgency=high
+
+  * New upstream security release:
+    - CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
+    - CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
+    - CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
+    - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to
+      Mike Ruddy.
+    - CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen.
+    - CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
+    - CVE-2015-1272: Use-after-free related to unexpected GPU process
+      termination. Credit to Chamal de Silva.
+    - CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
+    - CVE-2015-1274: Settings allowed executable files to run immediately after
+      download. Credit to  andrewm.bpi.
+    - CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte).
+    - CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
+    - CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
+    - CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
+    - CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
+    - CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
+    - CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
+    - CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
+    - CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa
+      Sidhpurwala.
+    - CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen.
+    - CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
+    - CVE-2015-1286: UXSS in blink. Credit to anonymous.
+    - CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
+    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
+      Mike Ruddy.
+    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
+      initiatives.
+    - Hotword extension disabled by default (closes: #786909).
+
+ -- Michael Gilbert <mgilbert at debian.org>  Wed, 22 Jul 2015 02:58:38 +0000
+
+chromium-browser (43.0.2357.65-1~deb8u1) jessie-security; urgency=medium
+
+  * New upstream stable release:
+    - CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
+    - CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
+    - CVE-2015-1254: Cross-origin bypass in Editing. Credit to
+      armin at rawsec.net.
+    - CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
+    - CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen.
+    - CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined.
+    - CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
+    - CVE-2015-1258: Negative-size parameter in Libvpx.  Credit to cloudfuzzer
+    - CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen.
+    - CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
+    - CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
+    - CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
+    - CVE-2015-1263: Insecure download of spellcheck dictionary.  Credit to
+      Mike Ruddy.
+    - CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
+
+ -- Michael Gilbert <mgilbert at debian.org>  Thu, 21 May 2015 04:38:13 +0000
+
 chromium-browser (42.0.2311.135-1~deb8u1) jessie-security; urgency=high
 
   * New upstream stable release:
diff --git a/debian/chromium.install b/debian/chromium.install
index d0e0b59..05da0c2 100644
--- a/debian/chromium.install
+++ b/debian/chromium.install
@@ -1,7 +1,6 @@
 out/Release/chromium usr/lib/chromium
 out/Release/chrome-sandbox usr/lib/chromium
 
-out/Release/*.so usr/lib/chromium
 out/Release/*.bin usr/lib/chromium
 out/Release/*.pak usr/lib/chromium
 out/Release/icudtl.dat usr/lib/chromium
diff --git a/debian/patches/clang.patch b/debian/patches/clang.patch
index 4e1378e..6dcc55d 100644
--- a/debian/patches/clang.patch
+++ b/debian/patches/clang.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
 
 --- a/build/common.gypi
 +++ b/build/common.gypi
-@@ -5772,8 +5772,8 @@
+@@ -5860,8 +5860,8 @@
      ['clang==1 and ((OS!="mac" and OS!="ios") or clang_xcode==0) '
          'and OS!="win"', {
        'make_global_settings': [
diff --git a/debian/patches/disable/promo.patch b/debian/patches/disable/promo.patch
index eb5931f..04a0250 100644
--- a/debian/patches/disable/promo.patch
+++ b/debian/patches/disable/promo.patch
@@ -4,7 +4,7 @@ bug-debian: http://bugs.debian.org/634101
 
 --- a/chrome/browser/ui/app_list/app_list_service.cc
 +++ b/chrome/browser/ui/app_list/app_list_service.cc
-@@ -152,7 +152,7 @@ void AppListService::RegisterPrefs(PrefR
+@@ -153,7 +153,7 @@ void AppListService::RegisterPrefs(PrefR
  
    // Identifies whether we should show the app launcher promo or not. This
    // becomes false when the user dismisses the promo.
diff --git a/debian/patches/manpage.patch b/debian/patches/manpage.patch
index 796cdd3..499fc88 100644
--- a/debian/patches/manpage.patch
+++ b/debian/patches/manpage.patch
@@ -42,7 +42,7 @@ Author: Daniel Echeverry <epsilon77 at gmail.com>
  .SH ENVIRONMENT
 --- a/chrome/chrome_exe.gypi
 +++ b/chrome/chrome_exe.gypi
-@@ -136,7 +136,7 @@
+@@ -137,7 +137,7 @@
                  }, { # else branding!="Chrome"
                    'variables': {
                      'name': 'Chromium',
diff --git a/debian/patches/nspr.patch b/debian/patches/nspr.patch
index f4b5af1..a3f946e 100644
--- a/debian/patches/nspr.patch
+++ b/debian/patches/nspr.patch
@@ -2,7 +2,7 @@ Include system copy of prtime.h
 
 --- a/base/base.gypi
 +++ b/base/base.gypi
-@@ -597,8 +597,6 @@
+@@ -613,8 +613,6 @@
            'third_party/dmg_fp/g_fmt.cc',
            'third_party/icu/icu_utf.cc',
            'third_party/icu/icu_utf.h',
diff --git a/debian/patches/series b/debian/patches/series
index dbb09fe..f9f4f7b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,4 +10,3 @@ system-speech.patch
 third-party-cookies-off-by-default.patch
 ps-print.patch
 chromedriver-revision.patch
-
diff --git a/debian/patches/system-speech.patch b/debian/patches/system-speech.patch
index e977e62..e318ad0 100644
--- a/debian/patches/system-speech.patch
+++ b/debian/patches/system-speech.patch
@@ -42,7 +42,7 @@ description: use system speex
  namespace {
 --- a/content/content_browser.gypi
 +++ b/content/content_browser.gypi
-@@ -1987,7 +1987,7 @@
+@@ -2008,7 +2008,7 @@
      ['enable_web_speech==1', {
        'dependencies': [
          '../third_party/flac/flac.gyp:libflac',

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git

