This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch jessie
in repository pkg-chromium.
commit 2f372e3b899db634adfd4179201e70a260c8557e
Author: Michael Gilbert <mgilbert at debian.org>
Date: Tue Aug 9 00:51:23 2016 +0000
release 52.0.2743.116-1~deb8u1
---
debian/changelog | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
debian/rules | 4 +++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index d93e157..a1b9939 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,51 @@
+chromium-browser (52.0.2743.116-1~deb8u1) jessie-security; urgency=medium
+
+ * New upstream security release:
+ - CVE-2016-5141 Address bar spoofing. Credit to Sergey Glazunov
+ - CVE-2016-5142 Use-after-free in Blink. Credit to Sergey Glazunov
+ - CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go
+ - CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu
+ - CVE-2016-5145 Same origin bypass for images in Blink. Credit to Sergey
+ Glazunov
+ - CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to
+ Gregory Panakkal
+ - CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to
+ Gregory Panakkal
+ - CVE-2016-5146: Various fixes from internal audits, fuzzing and other
+ initiatives.
+
+ -- Michael Gilbert <mgilbert at debian.org> Sun, 07 Aug 2016 03:16:44 +0000
+
+chromium-browser (52.0.2743.82-1~deb8u1) jessie-security; urgency=medium
+
+ * New upstream stable release:
+ - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
+ initiatives.
+ - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
+ initiatives.
+ - CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
+ - CVE-2016-1707: URL spoofing on iOS. Credit to xisigr.
+ - CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
+ - CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin.
+ - CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
+ - CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
+ - CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
+ - CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
+ - CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
+ - CVE-2016-5130: URL spoofing. Credit to Wadih Matar
+ - CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
+ - CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to
+ Ben Kelly
+ - CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch
+ Eudor
+ - CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone
+ - CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu
+ - CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
+ - CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu
+ * Use embedded harfbuzz.
+
+ -- Michael Gilbert <mgilbert at debian.org> Sun, 24 Jul 2016 19:04:43 +0000
+
chromium-browser (51.0.2704.79-1~deb8u1) jessie-security; urgency=medium
* New upstream security release:
diff --git a/debian/rules b/debian/rules
index 9fda7ef..9f77101 100755
--- a/debian/rules
+++ b/debian/rules
@@ -63,9 +63,11 @@ defines+=use_system_re2=1 \
use_system_libsrtp=1 \
use_system_jsoncpp=1 \
use_system_libevent=1 \
- use_system_harfbuzz=1 \
use_system_xdg_utils=1 \
+# need to use embedded harfbuzz to avoid division by zero
+defines+=use_system_harfbuzz=0 \
+
# enable proprietary codecs
defines+=proprietary_codecs=1 \
ffmpeg_branding=Chrome \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git