* Upstream release 45.0.2454.85:
- CVE-2015-1291: Cross-origin bypass in DOM.
- CVE-2015-1292: Cross-origin bypass in ServiceWorker.
- CVE-2015-1293: Cross-origin bypass in DOM.
- CVE-2015-1294: Use-after-free in Skia.
- CVE-2015-1295: Use-after-free in Printing.
- CVE-2015-1296: Character spoofing in omnibox.
- CVE-2015-1297: Permission scoping error in WebRequest.
- CVE-2015-1298: URL validation error in extensions.
- CVE-2015-1299: Use-after-free in Blink.
- CVE-2015-1300: Information leak in Blink.
- CVE-2015-1301: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/search-credit.patch: Don't add GET param if search URL
doesn't already use them. (LP: #1490237)
* debian/source/lintian-overrides: Ignore new binaries in orig tar.
* debian/patches/gpu_default_disabled: No longer disable GPU rendering by
default.
* debian/patches/disable-sse2: SSE exclusion is smarter now. Re-include.
-- Chad MILLER <email address hidden> Mon, 14 Sep 2015 20:11:00 -0400
This bug was fixed in the package chromium-browser - 45.0.2454. 85-0ubuntu0. 15.04.1. 1181
--------------- 85-0ubuntu0. 15.04.1. 1181) vivid-security; urgency=medium
chromium-browser (45.0.2454.
* Upstream release 45.0.2454.85: patches/ search- credit. patch: Don't add GET param if search URL source/ lintian- overrides: Ignore new binaries in orig tar. patches/ gpu_default_ disabled: No longer disable GPU rendering by patches/ disable- sse2: SSE exclusion is smarter now. Re-include.
- CVE-2015-1291: Cross-origin bypass in DOM.
- CVE-2015-1292: Cross-origin bypass in ServiceWorker.
- CVE-2015-1293: Cross-origin bypass in DOM.
- CVE-2015-1294: Use-after-free in Skia.
- CVE-2015-1295: Use-after-free in Printing.
- CVE-2015-1296: Character spoofing in omnibox.
- CVE-2015-1297: Permission scoping error in WebRequest.
- CVE-2015-1298: URL validation error in extensions.
- CVE-2015-1299: Use-after-free in Blink.
- CVE-2015-1300: Information leak in Blink.
- CVE-2015-1301: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/
doesn't already use them. (LP: #1490237)
* debian/
* debian/
default.
* debian/
-- Chad MILLER <email address hidden> Mon, 14 Sep 2015 20:11:00 -0400