* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
This bug was fixed in the package chromium-browser - 58.0.3029. 81-0ubuntu0. 14.04.1172
--------------- 81-0ubuntu0. 14.04.1172) trusty; urgency=medium
chromium-browser (58.0.3029.
* Upstream release: 58.0.3029.81 patches/ arm.patch: removed, no longer needed patches/ gtk-ui- stdmove: removed, no longer needed (upstreamed) patches/ screen_ capturer: removed, no longer needed (upstreamed) patches/ default- allocator: refreshed patches/ disable- sse2: refreshed patches/ enable- chromecast- by-default: refreshed patches/ fix_building_ widevinecdm_ with_chromium. patch: refreshed patches/ search- credit. patch: refreshed patches/ snapshot- library- link: refreshed patches/ title-bar- default- system. patch-v35: refreshed patches/ fix-gn- bootstrap. patch: added
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:56:01 +0200