This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.12.04.3 --------------- chromium-browser (30.0.1599.114-0ubuntu0.12.04.3) precise-security; urgency=low * debian/patches/menu-bar-visible.patch: Variable is the object itself, not a reference needed to ".get" it. chromium-browser (30.0.1599.114-0ubuntu0.12.04.2) precise-security; urgency=low * Test the compiler for "-m32" support as the canonical test of support. Only a problem on ARM. chromium-browser (30.0.1599.114-0ubuntu0.12.04.1) precise-updates; urgency=low * New release 30.0.1599.114. * New release 30.0.1599.101: - CVE-2013-2925: Use after free in XHR. - CVE-2013-2926: Use after free in editing. - CVE-2013-2927: Use after free in forms. * New release 29.0.1547.76. * New release 30.0.1599.66: - CVE-2013-2906: Races in Web Audio. - CVE-2013-2907: Out of bounds read in Window.prototype object. - CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2909: Use after free in inline-block rendering. - CVE-2013-2910: Use-after-free in Web Audio. - CVE-2013-2911: Use-after-free in XSLT. - CVE-2013-2912: Use-after-free in PPAPI. - CVE-2013-2913: Use-after-free in XML document parsing. - CVE-2013-2914: Use after free in the Windows color chooser dialog. - CVE-2013-2915: Address bar spoofing via a malformed scheme. - CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2917: Out of bounds read in Web Audio. - CVE-2013-2918: Use-after-free in DOM. - CVE-2013-2919: Memory corruption in V8. - CVE-2013-2920: Out of bounds read in URL parsing. - CVE-2013-2921: Use-after-free in resource loader. - CVE-2013-2922: Use-after-free in template element. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - CVE-2013-2924: Use-after-free in ICU. * debian/tests/...: Make first real tests using sikuli. Probably quite fragile on changes to upstream. (LP: #1222895) * debian/patches/4-chromeless-window-launch-option.patch: Make new windows use their own state instead of checking the parameters of the instance that started all processes for whether a window has chrome or not. (LP: #1223855) * Update autopkgtest tests. * debian/patches/series: Drop comment references to old patches. Remove files. * debian/rules: Don't build 'reliability_tests' any more. It's deprecated upstream and we don't use it anyway. * debian/rules: debian/chromium-browser.install: Handle sandbox compilation configuration changes by stopping our special handling and using the default, and "you have to change the underscore from the build target into a hyphen". * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out. (LP: #1226143) * debian/testing/driver: Cheap run test to make sure chromedriver runs. (LP: #1226143) * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that caused extensions to fail. (LP: #1232575) * debian/rules: Use runtime linker for all architectures, not just 64-bit. Component builds everywhere, now. More than 4GB is too much to expect. * debian/rules: clean up packaging comparison code. chromium-browser (29.0.1547.65-0ubuntu0.12.04.2) precise-security; urgency=low * Make chromium-browser-l10n Replaces chromium-browser so that new translations that were added in v28 packaging are now in the correct -l10n package. (LP: #1222488) * Disable autopkgtest "smoketest" failure until its misbehavior on some environments can be diagnosed from log files. chromium-browser (29.0.1547.65-0ubuntu0.12.04.1) precise-security; urgency=low * New release 29.0.1547.65. * New release 29.0.1547.62. * New release 29.0.1547.57: (LP: #1215361) - CVE-2013-2900: Incomplete path sanitization in file handling. - CVE-2013-2905: Information leak via overly broad permissions on shared memory files. - CVE-2013-2901: Integer overflow in ANGLE. - CVE-2013-2902: Use after free in XSLT. - CVE-2013-2903: Use after free in media element. - CVE-2013-2904: Use after free in document parsing. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine list. [Caine Tighe <~caine>] * debian/patches/search-credit.patch: Update URLs. * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch, debian/patches/wehkit_rev_parser.patch, No longer necessary. Deleted. * debian/chromium-browser.sh.in: Include command-line parameters for registered plugins. * Since we include remoting locales too, also split its locales info into the -l10n package correctly. * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND breaks build right now. * debian/rules: Fix packaging-completeness checker. * debian/rules: Break long expressions into discrete parts in packaging completeness checker. * debian/rules: - Make unused-file matches simpler, and install rule more descriptive. - get-orig-source has to make the directory for the orig contents. * debian/source/lintian-overrides: - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib - Fix setuid-binary to be "source". Seems like it should be "binary". :( * debian/checkout-orig-source.mk: Remove tests and add unofficialness marker file to orig tarball when we can't use upstream orig releases. * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser, expmplary for extension placement. * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that is named with our package, not "chromium". Withouth this, we force global extensions to violate FHS. chromium-browser (28.0.1500.95-0ubuntu0.12.04.2) precise-security; urgency=low * debian/control: Set VCS URL to be accurate. * New release 28.0.1500.95: - CVE-2013-2881: Origin bypass in frame handling. - CVE-2013-2882: Type confusion in V8. - CVE-2013-2883: Use-after-free in MutationObserver. - CVE-2013-2884: Use-after-free in DOM. - CVE-2013-2885: Use-after-free in input handling. - CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: - Keepalive in tests rule, to keep builder machines from reaping. - Further exclude a few tests that interact with fakeroot, ReadOnlyFileUtilTest. * debian/rules: - Disable logging calls in chromium binary to save several MB of executable size. * debian/patches/linker-asneeded-bug.patch: - Add patch to work around linker bug. * debian/keep-alive.sh: - Treat disappearing /proc as error, and quit. -- Chad MILLER