[Pkg-chromium-commit] [pkg-chromium] 03/03: Update changelog

Giuseppe Iuculano iuculano at moszumanska.debian.org
Fri Mar 21 16:22:13 UTC 2014 

This is an automated email from the git hooks/post-receive script.

iuculano pushed a commit to branch master
in repository pkg-chromium.

commit a24d36f6b63108ca261c8c3cb60215b8669d1d8f
Author: Giuseppe Iuculano <iuculano at debian.org>
Date:   Fri Mar 21 17:22:02 2014 +0100

    Update changelog
---
 debian/changelog | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f49e0ff..fe14a3d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
+chromium-browser (33.0.1750.152-1) unstable; urgency=high
+
+  * [641361a] Disable new GN stuff
+  * [43cea90] Refreshed patches
+  * New stable release:
+    - High CVE-2014-1713: Use-after-free in Blink bindings
+    - High CVE-2014-1714: Windows clipboard vulnerability
+    - High CVE-2014-1705: Memory corruption in V8
+    - High CVE-2014-1715: Directory traversal issue
+    - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
+    - High CVE-2014-1701: UXSS in events. Credit to aidanhs.
+    - High CVE-2014-1702: Use-after-free in web database.
+      Credit to Collin Payne.
+    - High CVE-2014-1703: Potential sandbox escape due to a use-after-free
+      in web sockets.
+    - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18
+    - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte
+      Kettunen of OUSPG.
+    - High CVE-2013-6664: Use-after-free in speech recognition.
+      Credit to Khalil Zhani.
+    - High CVE-2013-6665: Heap buffer overflow in software
+      rendering. Credit to cloudfuzzer.
+    - Medium CVE-2013-6666: Chrome allows requests in flash header request.
+      Credit to netfuzzerr.
+    - CVE-2013-6667: Various fixes from internal audits, fuzzing and other
+      initiatives.
+    - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10
+    - High CVE-2013-6653: Use-after-free related to web contents.
+      Credit to Khalil Zhani.
+    - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
+    - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
+    - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
+    - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil
+    - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
+    - Medium CVE-2013-6659: Issue with certificates validation in
+      TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
+      from Prosecco, Inria Paris.
+    - Low CVE-2013-6660: Information leak in drag and drop. Credit to
+      bishopjeffreys.
+    - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing
+      and other initiatives. Of these, seven are fixes for issues that could
+      have allowed for sandbox escapes from compromised renderers.
+
+ -- Giuseppe Iuculano <iuculano at debian.org>  Fri, 21 Mar 2014 17:20:44 +0100
+
 chromium-browser (32.0.1700.123-4) unstable; urgency=medium
 
   * Remove polymer.js.min.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git

More information about the Pkg-chromium-commit mailing list