[Pkg-chromium-maint] chromium-browser_24.0.1312.68-1_amd64.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Feb 6 17:53:41 UTC 2013



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 06 Feb 2013 15:34:17 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium chromium-dbg chromium-l10n chromium-inspector
Architecture: source all amd64
Version: 24.0.1312.68-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint at lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iuculano at debian.org>
Description: 
 chromium   - Google's open source chromium web browser
 chromium-browser - Chromium browser - transitional dummy package
 chromium-browser-dbg - chromium-browser debug symbols transitional dummy package
 chromium-browser-inspector - page inspector for the chromium-browser - transitional dummy pack
 chromium-browser-l10n - chromium-browser language packages - transitional dummy package
 chromium-dbg - Debugging symbols for the chromium web browser
 chromium-inspector - page inspector for the chromium browser
 chromium-l10n - chromium-browser language packages
Closes: 686561 695703
Changes: 
 chromium-browser (24.0.1312.68-1) unstable; urgency=high
 .
   * New stable release:
     - High CVE-2013-0839: Use-after-free in canvas font handling.
       Credit to Atte Kettunen of OUSPG.
     - Medium CVE-2013-0840: Missing URL validation when opening new
       windows.
     - High CVE-2013-0841: Unchecked array index in content blocking. Credit
       to Google Chrome Security Team (Chris Evans).
     - Medium CVE-2013-0842: Problems with NULL characters embedded in
       paths. Credit to Google Chrome Security Team (Jüri Aedla).
     - High CVE-2012-5145: Use-after-free in SVG layout. Credit to
       Atte Kettunen of OUSPG.
     - High CVE-2012-5146: Same origin policy bypass with malformed
       URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook.
     - High CVE-2012-5147: Use-after-free in DOM handling. Credit to
       José A. Vázquez.
     - Medium CVE-2012-5148: Missing filename sanitization in hyphenation
       support. Credit to Google Chrome Security Team (Justin Schuh).
     - High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to
       Google Chrome Security Team (Chris Evans).
     - High CVE-2012-5150: Use-after-free when seeking video. Credit to
       Google Chrome Security Team (Inferno).
     - High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to
       Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
       Security Team.
     - Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit
       to Google Chrome Security Team (Inferno).
     - High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to
       Andreas Rossberg of the Chromium development community.
     - High CVE-2013-0829: Corruption of database metadata leading to
       incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).
     - Low CVE-2013-0831: Possible path traversal from extension process.
       Credit to Google Chrome Security Team (Tom Sepez).
     - [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google
       Chrome Security Team (Cris Neckar).
     - Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to
       Google Chrome Security Team (Cris Neckar).
     - Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit
       to Google Chrome Security Team (Cris Neckar).
     - Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur
       Gerkis.
     - High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google
       Chrome Security Team (Cris Neckar).
     - Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom
       Nielsen.
     - Low CVE-2013-0838: Tighten permissions on shared memory
       segments. Credit to Google Chrome Security Team (Chris Palmer).
     - High CVE-2012-5139: Use-after-free with visibility events.
       Credit to Chamal de Silva.
     - High CVE-2012-5140: Use-after-free in URL loader. Credit to
       Chamal de Silva.
     - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation.
       Credit to Google Chrome Security Team (Jüri Aedla).
     - Critical CVE-2012-5142: Crash in history navigation. Credit to Michal
       Zalewski of Google Security Team.
     - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit
       to Google Chrome Security Team (Cris Neckar).
     - High CVE-2012-5144: Stack corruption in AAC decoding. Credit
       to pawlkt.
     - High CVE-2012-5138: Incorrect file path handling. Credit to Google
       Chrome Security Team (Jüri Aedla).
     - High CVE-2012-5137: Use-after-free in media source handling.
       Credit to Pinkie Pie.
     - High CVE-2012-5133: Use-after-free in SVG filters. Credit to
       miaubiz.
     - Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to
       Atte Kettunen of OUSPG.
     - Low CVE-2012-5132: Browser crash with chunked encoding. Credit to
       Attila Szász.
     - High CVE-2012-5134: Buffer underflow in libxml. Credit to Google
       Chrome Security Team (Jüri Aedla).
     - Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin
       Serna of Google Security Team.
     - Medium CVE-2012-5136: Bad cast in input element handling. Credit to
       Google Chrome Security Team (Inferno).
     - Medium CVE-2012-5127: Integer overflow leading to
       out-of-bounds read in WebP handling. Credit to Phil Turnbull.
     - [Linux 64-bit only] Medium CVE-2012-5120: Out-of-bounds array
       access in v8. Credit to Atte Kettunen of OUSPG.
     - High CVE-2012-5116: Use-after-free in SVG filter handling.
       Credit to miaubiz.
     - High CVE-2012-5121: Use-after-free in video layout. Credit to
       Atte Kettunen of OUSPG.
     - Low CVE-2012-5117: Inappropriate load of SVG subresource in img
       context. Credit to Felix Gröbert of the Google Security Team.
     - Medium CVE-2012-5119: Race condition in Pepper buffer handling.
       Credit to Fermin Serna of the Google Security Team.
     - Medium CVE-2012-5122: Bad cast in input handling. Credit to Google
       Chrome Security Team (Inferno).
     - Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to
       Google Chrome Security Team (Inferno).
     - High CVE-2012-5124: Memory corruption in texture handling. Credit to
       Al Patrick of the Chromium development community.
     - Medium CVE-2012-5125: Use-after-free in extension tab handling.
       Credit to Alexander Potapenko of the Chromium development community.
     - Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling.
       Credit to Google Chrome Security Team (Inferno).
     - High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security
       Team (Cris Neckar).
   * [574d76c] Override the lintian flag:
     embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec
   * [3105012] Updated changelog
   * [ac9c032] Use explicit library dependencies instead of dlopen
   * [1ad217c] Fixed CHANNELS_URL
   * [7c2d359] Drop SCM revision from the version
   * [ca31c0c] Install all chromium libs
   * [167aea7] Use internal copy of libpng. This is necessary because with
     system libpng render process is consuming 100% CPU
     (see http://code.google.com/p/chromium/issues/detail?id=174603)
   * [8742d82] debian/patches/pulse_ftbfs.patch: Fix FTBFS
   * [9e76ec7] Refreshed patches
   * [1c6f4c3] Use Debian api key
   * [cdf5c74] Refreshed patches
   * [ad9480c] Remove useless embedded copy of documentation from source
     containing non DFSG-compliant material:
     - src/native_client/toolchain/linux_x86/info
     - src/native_client/toolchain/linux_x86/man
     - src/native_client/toolchain/linux_x86/share/info
     - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info
     - src/native_client/toolchain/linux_x86_newlib/info
     - src/native_client/toolchain/linux_x86_newlib/man
     - src/native_client/toolchain/linux_x86_newlib/share/info
     (Closes: #695703)
   * [31ea388] Fixed Homepage field.
     Thanks to Dmitry Shachnev (Closes: #686561)
   * [d509e07] Override the lintian flag: embedded-library usr/lib/chromium/chromium: libpng
Checksums-Sha1: 
 78c4e9968beaa75b8cefb6c08dd5951046835f9b 2990 chromium-browser_24.0.1312.68-1.dsc
 77c08a7cb023ed34041b7af419c3c07888f7f06d 623055032 chromium-browser_24.0.1312.68.orig.tar.xz
 a779ddcf33b0b3d1efbe0cd66d6678fbc199b8df 254934 chromium-browser_24.0.1312.68-1.debian.tar.gz
 4de09f59bc8b100037a304bb0acd99cf30376efa 158954 chromium-browser_24.0.1312.68-1_all.deb
 06118bed7a0f10b8cbbdcb5586f35bcfa1361c28 158274 chromium-browser-dbg_24.0.1312.68-1_all.deb
 7270b89bd17b8588c4d91cb5f4bf22972685bca3 158402 chromium-browser-l10n_24.0.1312.68-1_all.deb
 8298d39fdf7322cea90b39fae83f22360abbabe1 158308 chromium-browser-inspector_24.0.1312.68-1_all.deb
 d935a1737dc58ec6f54f166038f58204de97538c 2525704 chromium-l10n_24.0.1312.68-1_all.deb
 b674a13e398c35cf33dea3db6f0052c60318ea61 788532 chromium-inspector_24.0.1312.68-1_all.deb
 61e76154643fc6f066adaff8a753dc6263bae1a0 37537604 chromium_24.0.1312.68-1_amd64.deb
 ae8f34926fa3f8b216ffa1fbaebd5a7b113608e0 397600554 chromium-dbg_24.0.1312.68-1_amd64.deb
Checksums-Sha256: 
 a2c24f6c79eaa1a32002f44bba43049ac21d0fe0229b9dd9547f9fdcf13177e0 2990 chromium-browser_24.0.1312.68-1.dsc
 51064d8cd3c858be45090f90c236612e59bd6d859b99b8cccd0f3657e6a8d560 623055032 chromium-browser_24.0.1312.68.orig.tar.xz
 c0f7a54608133102cc3d2c4eda6b3c338899f349d830b17bc578272bd0f73352 254934 chromium-browser_24.0.1312.68-1.debian.tar.gz
 a6ce97dad7de474fac7005b14dbca603d596d544eede06336aa8c46a9e544aa7 158954 chromium-browser_24.0.1312.68-1_all.deb
 7af693e68d3b98b458297faaf9f7b4298d878098b1fdd96bb23836fa043d315b 158274 chromium-browser-dbg_24.0.1312.68-1_all.deb
 5fea5e8c2f920e2746a80f44f66526e51bae839742961af5e6031eccba67df69 158402 chromium-browser-l10n_24.0.1312.68-1_all.deb
 9affac21ad3b9448f4f9fbead89d2b46243a986bb421e6627179441a7cb86bde 158308 chromium-browser-inspector_24.0.1312.68-1_all.deb
 700d9f0d9388f405a54483412576c2e1ad8c0cb2c6e3c6c0502646f7bcce2a5f 2525704 chromium-l10n_24.0.1312.68-1_all.deb
 ea645d37f157a9bfb34ae0406c808d5358d28ffe85bf532debebe47d1f92cac2 788532 chromium-inspector_24.0.1312.68-1_all.deb
 04021dbcc84630193aff74d4ba55803841dc4a05eb9144bc98311de6cad6a195 37537604 chromium_24.0.1312.68-1_amd64.deb
 6f9a010a064b95e0ef5fdf88c5dfb09944a5eaa9516f06ec9a9032f7b0a564f8 397600554 chromium-dbg_24.0.1312.68-1_amd64.deb
Files: 
 92575d846e8e9605c43551e1ffc605a6 2990 web optional chromium-browser_24.0.1312.68-1.dsc
 28f915793d464a775e21eb5494bed8d0 623055032 web optional chromium-browser_24.0.1312.68.orig.tar.xz
 059f0a18dd4879091823025b980e2c6f 254934 web optional chromium-browser_24.0.1312.68-1.debian.tar.gz
 fe681a88923bd8d47e4cce4ac1ea9e69 158954 oldlibs optional chromium-browser_24.0.1312.68-1_all.deb
 7081f7ed56e4b5b1f8a68fdda89211cc 158274 oldlibs extra chromium-browser-dbg_24.0.1312.68-1_all.deb
 35343a81f9778597026fa9916b52b94c 158402 oldlibs optional chromium-browser-l10n_24.0.1312.68-1_all.deb
 93c6a489be484109ee3700f4c9909195 158308 oldlibs optional chromium-browser-inspector_24.0.1312.68-1_all.deb
 564c1b838c37b1b6e7ca43e165a4e32f 2525704 web optional chromium-l10n_24.0.1312.68-1_all.deb
 80f23303b99eb7b0bc31a12d15a1c90d 788532 web optional chromium-inspector_24.0.1312.68-1_all.deb
 87948706eb50cda0f5fdf80ae3de7566 37537604 web optional chromium_24.0.1312.68-1_amd64.deb
 3526d93ee8260e5d570da10c9c72a6af 397600554 debug extra chromium-dbg_24.0.1312.68-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlESlcMACgkQNxpp46476aphZwCfThHbUUVkuu3ThRDQ44r25dwH
6DsAn0I5wGwU/JqcXOenSj/dq+Zzvii/
=ghnP
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-chromium-maint mailing list