-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 21 Oct 2013 13:06:14 +0200 Source: chromium-browser Binary: chromium chromium-dbg chromium-l10n chromium-inspector Architecture: source all amd64 Version: 30.0.1599.101-1 Distribution: unstable Urgency: low Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Giuseppe Iuculano <iuculano@debian.org> Description: chromium - Google's open source chromium web browser chromium-dbg - Debugging symbols for the chromium web browser chromium-inspector - page inspector for the chromium browser chromium-l10n - chromium-browser language packages Changes: chromium-browser (30.0.1599.101-1) unstable; urgency=low . [ Giuseppe Iuculano ] * New stable release: - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. - High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer. - CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. - Medium CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code. Credit to Chamal de Silva. - High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com. - High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer. - High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani. - Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld. - High CVE-2013-2916: Address bar spoofing related to the "204 No Content” status code. Credit to Masato Kinugawa. - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data. - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here. . * [6651f1c] Added chrpath to build-depends * [3c88b20] Refreshed Patches for version 30 * [743a0a6] Make default of third-party cookies the most secure for users. Thanks to Chad Miller * [9507f07] Do not install remoting_locales/en-US.pak * [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file . [ Shawn Landden ] * [6d027f1] rules: dpkg compresses .deb files with xz by default now . [ Michael Gilbert ] * [18341ce] add some TODO tasks Checksums-Sha1: f8835471dc196d9c92b617867f1a98c511836bc6 2598 chromium-browser_30.0.1599.101-1.dsc cd0cddd9792bc971957075350cd6e32d2c380b5f 619355960 chromium-browser_30.0.1599.101.orig.tar.xz 1faa40b06cf57115083ab3e6e04362ba9a1a924b 254610 chromium-browser_30.0.1599.101-1.debian.tar.gz f9643406f7ed1ecb62b2138ff14d9f5ed2a3aded 2839640 chromium-l10n_30.0.1599.101-1_all.deb eb83ae3cfa10bcef5861f5ffa384e23850aac005 690140 chromium-inspector_30.0.1599.101-1_all.deb b0a29944800969905576e45cdb83ddeae25334f4 36552562 chromium_30.0.1599.101-1_amd64.deb ea9e133e74cf9bd113fb49cc49758d5992707532 489722330 chromium-dbg_30.0.1599.101-1_amd64.deb Checksums-Sha256: 01e3700f34ce5bd8a0dae80e8a4dca2952c1eb7016f1b4832dc2a50f3fe735dc 2598 chromium-browser_30.0.1599.101-1.dsc 270731d645cb06c1a4403231c7a9d40d6ea708581473c1ec79988182d590a125 619355960 chromium-browser_30.0.1599.101.orig.tar.xz d67da253d74936a133ca3d72e65df96a3e40553eb6ff9860f475fef42e8952e3 254610 chromium-browser_30.0.1599.101-1.debian.tar.gz 12ccaec0d4df7469252c2c53311ce940581fad5c196959a51accd1edd583431a 2839640 chromium-l10n_30.0.1599.101-1_all.deb a80e23936d57f24266a90568bede2da052667ce8a4e1c3effce57d26797222cc 690140 chromium-inspector_30.0.1599.101-1_all.deb e3ef8e3a8d152116ca38b848f5232b00de393479136e20c5abdd4fed6cd73067 36552562 chromium_30.0.1599.101-1_amd64.deb 78ab8e239b6fec86d6cb66d5b85542ae45c442702690f5691e3d89ef9c6f68ac 489722330 chromium-dbg_30.0.1599.101-1_amd64.deb Files: 198d3d8d8a2ac8ae196866a965500eef 2598 web optional chromium-browser_30.0.1599.101-1.dsc ce6eefe72b0a483197dd82ab87c7e1db 619355960 web optional chromium-browser_30.0.1599.101.orig.tar.xz f70c879906e1f5a1450dac66fddd36fc 254610 web optional chromium-browser_30.0.1599.101-1.debian.tar.gz a2113514fae0892d358b1d90ece15e58 2839640 web optional chromium-l10n_30.0.1599.101-1_all.deb 5622b1dc9bc596dcd00f9d17632ed5ca 690140 web optional chromium-inspector_30.0.1599.101-1_all.deb 6545521700e1f6b1c7e52e5d1854b37e 36552562 web optional chromium_30.0.1599.101-1_amd64.deb 152b96a293763a36e6c13f3332d91972 489722330 debug extra chromium-dbg_30.0.1599.101-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlJlLM4ACgkQNxpp46476aqoFgCfddG/1GMj971ARkWNx9Rv9yI8 3I0AnjyjOsw+PP99x9SypAGqSJb/Z/0l =XEk/ -----END PGP SIGNATURE-----