[Pkg-chromium-commit] [pkg-chromium] 04/04: release 30.0.1599.101-1~deb7u1

Michael Gilbert mgilbert at alioth.debian.org
Sun Oct 27 02:25:38 UTC 2013 

This is an automated email from the git hooks/post-receive script.

mgilbert pushed a commit to branch wheezy
in repository pkg-chromium.

commit 12e6b91a9f3d59d60d4f588c954f43f856533bef
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Sat Oct 26 22:36:04 2013 -0400

    release 30.0.1599.101-1~deb7u1
---
 debian/changelog |   53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1b090af..cd96ca3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,56 @@
+chromium-browser (30.0.1599.101-1~deb7u1) stable-security; urgency=high
+
+  * New stable release:
+    - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of
+      OUSPG.
+    - High CVE-2013-2926: Use after free in editing. Credit to
+      cloudfuzzer.
+    - High CVE-2013-2927: Use after free in forms. Credit to
+      cloudfuzzer.
+    - CVE-2013-2928: Various fixes from internal audits, fuzzing and other
+      initiatives.
+    - Medium CVE-2013-2906: Races in Web Audio.
+      Credit to Atte Kettunen of OUSPG.
+    - Medium CVE-2013-2907: Out of bounds read in Window.prototype object.
+      Credit to Boris Zbarsky.
+    - Medium CVE-2013-2908: Address bar spoofing related to the "204
+      No Content" status code. Credit to Chamal de Silva.
+    - High CVE-2013-2909: Use after free in inline-block
+      rendering. Credit to Atte Kettunen of OUSPG.
+    - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to
+      Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
+    - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte
+      Kettunen of OUSPG.
+    - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal
+      de Silva and 41.w4r10r(at)garage4hackers.com.
+    - High CVE-2013-2913: Use-after-free in XML document parsing.
+      Credit to cloudfuzzer.
+    - High CVE-2013-2914: Use after free in the Windows color
+      chooser dialog. Credit to Khalil Zhani.
+    - Low CVE-2013-2915: Address bar spoofing via a malformed scheme.
+      Credit to Wander Groeneveld.
+    - High CVE-2013-2916: Address bar spoofing related to the "204
+      No Content” status code. Credit to Masato Kinugawa.
+    - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit
+      to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
+      Security Center (GTISC).
+    - High CVE-2013-2918: Use-after-free in DOM. Credit to
+      Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
+    - High CVE-2013-2919: Memory corruption in V8. Credit to Adam
+      Haile of Concrete Data.
+    - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to
+      Atte Kettunen of OUSPG.
+    - High CVE-2013-2921: Use-after-free in resource loader. Credit
+      to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
+      Security Center (GTISC).
+    - High CVE-2013-2922: Use-after-free in template element. Credit
+      to Jon Butler.
+    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
+      initiatives (Chrome 30).
+    - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.
+
+ -- Michael Gilbert <mgilbert at debian.org>  Thu, 24 Oct 2013 04:12:35 +0000
+
 chromium-browser (29.0.1547.57-1~deb7u1) stable-security; urgency=high
 
   * New upstream stable release:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git

More information about the Pkg-chromium-commit mailing list