[Pkg-chromium-commit] [pkg-chromium] 02/02: release 31.0.1650.57-1~deb7u1
Michael Gilbert
mgilbert at moszumanska.debian.org
Sun Nov 24 01:09:12 UTC 2013
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to tag debian/31.0.1650.57-1_deb7u1
in repository pkg-chromium.
commit 637272321fce55c7b5d79ed6aeec024eaf4b760e
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sun Nov 17 03:10:38 2013 +0000
release 31.0.1650.57-1~deb7u1
---
debian/changelog | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index cd96ca3..7d0cdfa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,34 @@
+chromium-browser (31.0.1650.57-1~deb7u1) stable-security; urgency=high
+
+ * New upstream stable release:
+ - Medium-Critical CVE-2013-2931: Various fixes from internal audits,
+ fuzzing and other initiatives.
+ - Medium CVE-2013-6621: Use after free related to speech input elements.
+ Credit to Khalil Zhani.
+ - High CVE-2013-6622: Use after free related to media elements. Credit to
+ cloudfuzzer.
+ - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
+ - High CVE-2013-6624: Use after free related to “id” attribute strings.
+ Credit to Jon Butler.
+ - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
+ - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings.
+ Credit to Chamal de Silva.
+ - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to
+ skylined.
+ - Medium CVE-2013-6628: Issue with certificates not being checked during
+ TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan
+ Bhargavan from Prosecco of INRIA Paris.
+ - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and
+ libjpeg-turbo. Credit to Michal Zalewski of Google.
+ - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
+ Credit to Michal Zalewski of Google.
+ - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund
+ of the Chromium project.
+ - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to
+ Pinkie Pie.
+
+ -- Michael Gilbert <mgilbert at debian.org> Sat, 16 Nov 2013 23:15:30 +0000
+
chromium-browser (30.0.1599.101-1~deb7u1) stable-security; urgency=high
* New stable release:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list