-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 17 Sep 2011 21:46:29 +0200 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium chromium-dbg chromium-l10n chromium-inspector Architecture: source all amd64 Version: 14.0.835.163~r101024-1 Distribution: unstable Urgency: low Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Giuseppe Iuculano <iuculano@debian.org> Description: chromium - Google's open source chromium web browser chromium-browser - Chromium browser - transitional dummy package chromium-browser-dbg - chromium-browser debug symbols transitional dummy package chromium-browser-inspector - page inspector for the chromium-browser - transitional dummy pack chromium-browser-l10n - chromium-browser language packages - transitional dummy package chromium-dbg - Debugging symbols for the chromium web browser chromium-inspector - page inspector for the chromium browser chromium-l10n - chromium-browser language packages Closes: 641099 Changes: chromium-browser (14.0.835.163~r101024-1) unstable; urgency=low . [ Matteo F. Vescovi ] * [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099) . [ Giuseppe Iuculano ] * [ac85d47] Use system ffmpeg and icu * [b4fbcd0] debian/gbp.conf: Added conf for git-dch * [a4f4ee1] Do not install ffmpeg internal copy * New stable release: - High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community. - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar. - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team. - High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community. - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community. - Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler. - High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs. - High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. - High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid). - High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. Checksums-Sha1: 0a7f8c23c8d67b006dbb899aa9adbc0f227a0204 2572 chromium-browser_14.0.835.163~r101024-1.dsc c278fe923c9e60f0ad083ca5eaa21200232c4eca 232737451 chromium-browser_14.0.835.163~r101024.orig.tar.bz2 35306ecd6e403202ac624fc84560bb2863fea2c4 236425 chromium-browser_14.0.835.163~r101024-1.debian.tar.gz 9f2760ba3b04d6351c91d96c6674bcf9ffc9145e 175368 chromium-browser_14.0.835.163~r101024-1_all.deb 878cb66c8fba81b32d5e40b268bab368f1f3dec2 174452 chromium-browser-dbg_14.0.835.163~r101024-1_all.deb 143e97374e4651959974ed1348467cd98d683acf 174600 chromium-browser-l10n_14.0.835.163~r101024-1_all.deb 1e311dddfb096773d0c7c08bf05ac80dbb91045e 174470 chromium-browser-inspector_14.0.835.163~r101024-1_all.deb 1dee60247d87833fea0b10edce5b4b1fc60812a2 5148234 chromium-l10n_14.0.835.163~r101024-1_all.deb 4bf4a156472c23b3200073faa6dbc2e66340e1ac 769282 chromium-inspector_14.0.835.163~r101024-1_all.deb 9a215b4e7e5cc48db007045a1eef2e761c5e1cbe 21863532 chromium_14.0.835.163~r101024-1_amd64.deb 0ca7ed63b4cd7cd58063f568f14b76fe7552db34 386858818 chromium-dbg_14.0.835.163~r101024-1_amd64.deb Checksums-Sha256: 77b2ce1f38a409f173a16981fb7f6c74ad9635e33da1512bdd643a11c4952506 2572 chromium-browser_14.0.835.163~r101024-1.dsc d4f21a24bdc6ca96de94299f6eea4a3acc3e1b998db20bff38de88bfdd2b11f6 232737451 chromium-browser_14.0.835.163~r101024.orig.tar.bz2 516ce670aa90ac770c97f636a57b55d18276ebbe5936586813dce645afa0be77 236425 chromium-browser_14.0.835.163~r101024-1.debian.tar.gz 5cc4bc54e4e3430153b2925cf927e0868469fafa5e52e0db8b9cfdf6a0f9c53f 175368 chromium-browser_14.0.835.163~r101024-1_all.deb 45a8246d815f5fb77c88e695c69122f57691f1f74f2359e86b1da57fc6a6642c 174452 chromium-browser-dbg_14.0.835.163~r101024-1_all.deb 1d753388f13f02931e18995e1e457bc7bb5a7ffe360954b843afcb2d72f981e8 174600 chromium-browser-l10n_14.0.835.163~r101024-1_all.deb 79f04dc82642cc1f511eccf063241de6c988f8d40970d82056d25fee02505136 174470 chromium-browser-inspector_14.0.835.163~r101024-1_all.deb 339d8bd812e564ba96dda6e0a0c4eb33e20d7c9e88483ad30639c1bb0caacd5d 5148234 chromium-l10n_14.0.835.163~r101024-1_all.deb 23925575beba51d40d39ec80a231034c5dda3ed6a306665ad4306978c528c5ad 769282 chromium-inspector_14.0.835.163~r101024-1_all.deb bfa4e32630e5d702a28fe515634129fad3f9dcbb7afd8169e30516d8f6f1db84 21863532 chromium_14.0.835.163~r101024-1_amd64.deb 8fe0b089cdbaeaa7ca538070cbf94fe5d09198d8a4d0630147a089fce4d475aa 386858818 chromium-dbg_14.0.835.163~r101024-1_amd64.deb Files: e022ae2e04a9371d2cb45b4b70e3463d 2572 web optional chromium-browser_14.0.835.163~r101024-1.dsc 5fb53e7586f942612a61392bc3c33bb1 232737451 web optional chromium-browser_14.0.835.163~r101024.orig.tar.bz2 e85bed08e045071ad1d9675355615abe 236425 web optional chromium-browser_14.0.835.163~r101024-1.debian.tar.gz a02bb36a28ebbf15bacc47fa95d5201b 175368 oldlibs optional chromium-browser_14.0.835.163~r101024-1_all.deb 030d64457a30de75e19798fcb8dc8f7e 174452 oldlibs extra chromium-browser-dbg_14.0.835.163~r101024-1_all.deb f25aff3e909c1a25c7199dbabad8de90 174600 oldlibs optional chromium-browser-l10n_14.0.835.163~r101024-1_all.deb 6e93e70a2088711282b050e337a94319 174470 oldlibs optional chromium-browser-inspector_14.0.835.163~r101024-1_all.deb 5b97722abbabafc2951fcd34e6f26e62 5148234 web optional chromium-l10n_14.0.835.163~r101024-1_all.deb 5410a02c9cec2c76d7dc397f42a58b19 769282 web optional chromium-inspector_14.0.835.163~r101024-1_all.deb 26df50a53c5049d0c3dd38586db31424 21863532 web optional chromium_14.0.835.163~r101024-1_amd64.deb 23eaf219b859de30b2fa625df35d908c 386858818 debug extra chromium-dbg_14.0.835.163~r101024-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk51l9kACgkQNxpp46476arXFQCdFVp5n0f5Z8Iyc8P8QXga7JGo jZ4An3SKrzHESkPgtY7HOFdJ97WtukFT =NDFY -----END PGP SIGNATURE----- Accepted: chromium-browser-dbg_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-browser-dbg_14.0.835.163~r101024-1_all.deb chromium-browser-inspector_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-browser-inspector_14.0.835.163~r101024-1_all.deb chromium-browser-l10n_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-browser-l10n_14.0.835.163~r101024-1_all.deb chromium-browser_14.0.835.163~r101024-1.debian.tar.gz to main/c/chromium-browser/chromium-browser_14.0.835.163~r101024-1.debian.tar.gz chromium-browser_14.0.835.163~r101024-1.dsc to main/c/chromium-browser/chromium-browser_14.0.835.163~r101024-1.dsc chromium-browser_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-browser_14.0.835.163~r101024-1_all.deb chromium-browser_14.0.835.163~r101024.orig.tar.bz2 to main/c/chromium-browser/chromium-browser_14.0.835.163~r101024.orig.tar.bz2 chromium-dbg_14.0.835.163~r101024-1_amd64.deb to main/c/chromium-browser/chromium-dbg_14.0.835.163~r101024-1_amd64.deb chromium-inspector_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-inspector_14.0.835.163~r101024-1_all.deb chromium-l10n_14.0.835.163~r101024-1_all.deb to main/c/chromium-browser/chromium-l10n_14.0.835.163~r101024-1_all.deb chromium_14.0.835.163~r101024-1_amd64.deb to main/c/chromium-browser/chromium_14.0.835.163~r101024-1_amd64.deb