Back to chromium-browser PTS page

Accepted chromium-browser 44.0.2403.89-1~deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium-browser 44.0.2403.89-1~deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
From: Michael Gilbert <mgilbert@debian.org>
Date: Fri, 24 Jul 2015 16:47:32 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ZIg8C-0003Ta-2q@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Jul 2015 02:58:38 +0000
Source: chromium-browser
Binary: chromium chromium-dbg chromium-l10n chromium-inspector chromedriver
Architecture: source amd64 all
Version: 44.0.2403.89-1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support
 chromium   - web browser
 chromium-dbg - web browser - debugging symbols
 chromium-inspector - web browser - page inspection support
 chromium-l10n - web browser - language packs
Closes: 786909
Changes:
 chromium-browser (44.0.2403.89-1~deb8u1) jessie-security; urgency=high
 .
   * New upstream security release:
     - CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
     - CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
     - CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
     - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to
       Mike Ruddy.
     - CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen.
     - CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
     - CVE-2015-1272: Use-after-free related to unexpected GPU process
       termination. Credit to Chamal de Silva.
     - CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
     - CVE-2015-1274: Settings allowed executable files to run immediately after
       download. Credit to  andrewm.bpi.
     - CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte).
     - CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
     - CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
     - CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
     - CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
     - CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
     - CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
     - CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
     - CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa
       Sidhpurwala.
     - CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen.
     - CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
     - CVE-2015-1286: UXSS in blink. Credit to anonymous.
     - CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
     - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
       Mike Ruddy.
     - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
       initiatives.
     - Hotword extension disabled by default (closes: #786909).
Checksums-Sha1:
 615d34925c8d802a1bf88cfd53eed66047ba5780 4060 chromium-browser_44.0.2403.89-1~deb8u1.dsc
 cf3eb6f3c7499dc1bcfd7a2019e0ab70b250bcd3 296959120 chromium-browser_44.0.2403.89.orig.tar.xz
 9397db8445254c84ba9c88ae18d61e4804978746 178840 chromium-browser_44.0.2403.89-1~deb8u1.debian.tar.xz
 729d5692b62b8ee07290ca47fe4e345773507573 38272362 chromium_44.0.2403.89-1~deb8u1_amd64.deb
 0a10cf10befbf0f9953450bae485cacfe62ac5dc 619651636 chromium-dbg_44.0.2403.89-1~deb8u1_amd64.deb
 6ee275383f64faa86825c845f91dc9638c422166 3162932 chromium-l10n_44.0.2403.89-1~deb8u1_all.deb
 6a5d3219f85ceff4b72941f95384ecac1096a57a 913656 chromium-inspector_44.0.2403.89-1~deb8u1_all.deb
 c292260a87b7478d8b2af041380cd1b1369af555 2155678 chromedriver_44.0.2403.89-1~deb8u1_amd64.deb
Checksums-Sha256:
 c42f376a3348c59089e21f9a5e1864676fc74f93dff22c9c9a8003f2ee22dacf 4060 chromium-browser_44.0.2403.89-1~deb8u1.dsc
 e2f494deaad414445241ef196aa1e49f52c70a221c698da1d36b35982db64b7b 296959120 chromium-browser_44.0.2403.89.orig.tar.xz
 26a610e900d122e7998e85e0c999d9d58fefac023772460e6e7cd4547d0959d6 178840 chromium-browser_44.0.2403.89-1~deb8u1.debian.tar.xz
 fdd1333b96e7bb9d0ce8b0ca47d8f5abf443f07ffbac3b88bf19c14232844f96 38272362 chromium_44.0.2403.89-1~deb8u1_amd64.deb
 c0b3bf4492d21e18dae0ede6234919b2da9ef42b35b81b008d9dfe7bd311924b 619651636 chromium-dbg_44.0.2403.89-1~deb8u1_amd64.deb
 8de636e7d5a41c1ff4ded4cb4235b75db3cc1b8ee4422bb8a56a2d7874350067 3162932 chromium-l10n_44.0.2403.89-1~deb8u1_all.deb
 b7a680d8108749ac14ab16674a084153abc9f1573445b375b0b74c0bdd9ebb46 913656 chromium-inspector_44.0.2403.89-1~deb8u1_all.deb
 086956830d8d320140a7fe2282cf5e98d9912438039265445dd87d6b79000cf2 2155678 chromedriver_44.0.2403.89-1~deb8u1_amd64.deb
Files:
 fe0db55fd1d61b79c1355859eaf98b5a 4060 web optional chromium-browser_44.0.2403.89-1~deb8u1.dsc
 69a473b7276dbed7045c05600c24a01c 296959120 web optional chromium-browser_44.0.2403.89.orig.tar.xz
 8415bdb735af3261c303b2b794ec2fa3 178840 web optional chromium-browser_44.0.2403.89-1~deb8u1.debian.tar.xz
 280325dcc0d9140e60ab11d2b5dc6c9a 38272362 web optional chromium_44.0.2403.89-1~deb8u1_amd64.deb
 d3c437eb657f4cc7f2d325299d18faec 619651636 debug extra chromium-dbg_44.0.2403.89-1~deb8u1_amd64.deb
 af9a26ecbb4ecf0fdbd2c617c6160085 3162932 localization optional chromium-l10n_44.0.2403.89-1~deb8u1_all.deb
 112f08b62ba3cec2bedd1b5921981672 913656 web optional chromium-inspector_44.0.2403.89-1~deb8u1_all.deb
 dc3ce3a828add58759d47f3bb94addb6 2155678 web optional chromedriver_44.0.2403.89-1~deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJVrxrRAAoJELjWss0C1vRzZS4f/2x1m62BH88RAXZKXMdaNA/C
eLZxyKRwk8+yD5EDBVGoOViIOoSpr4m2e7PuYBTuVQasY3iHhnX2lLaQ2DRGHFaa
ABSgvLPz2Lucr9H/+3jpsQWs9NIgNDQhA9uHf/EAEb3VVsOAj0NPmXeP5WKUsOKu
CdsF7vFwNcbau78Lcy7tP/tdTVJLqDeydivg6tzqHI7KU32XAJktrtIdl2lA84T1
TeivE4rxXY82kmgDIvmB1uEzcF0kFKP4Dz83f8vmOHaM/LQ9zKZcYuhjqv/HMQmI
Fcz7NeLscuLL3TlXmFp6pCCuPpwAavP7x4gsuXPaDvkMYMdpwkkE4WU2SOFF2B1J
qK/gW0WYeZYzCiAbJtyohCeiOqcKiFCwrk5h63IzMK2ZTcejurDyWvbeJbfMH1i7
k2UBVniGPFBre2w0wCsRo8SzlYNIeKpU3EAg52tYLlzRPo21Y38/RYfKMW+kKC/p
seYpLwbKodeohvqi2+Waux0Tfgvyr6NISkCO5RLrf5P0dI9/X2KnfnOpG1ZorPHl
gqd7HBXFQpBG5jN7tFM3Uclcja4uttzubM3n6TcSCk3KYSx9tNRs5xqgi9ZzalVc
obSYk5ZmMV4UvTX5rv9iCXhrze0wdIom+DKj7doiAs9BhO+uGrJblIo/QPt8w1E5
HVW5m3nYU5ZPlc+DG/8mxV7oIhuTESq1cwEHFJm0v8Jda+TDr6O7mgs+mkzG56wE
ESWxd8OFn0gbf3GAfHtW2hfXoZOUxQqGI2a8lGKvTqGwUkZBeqrQaOgo+aNNILHb
w4qx/Tv+BgtOHUw4JU/NGVm19knpzqMfRuqMT5SLP90cBKqnYP2Wu/wu/adj+I6J
EMlFh51EysOYO8kcRObzKSx472w42NNavSZ0yAq/J2JNZh9FNfQE9F17j/uCvL+Q
979/P67gZQaWgUqs9SU14jrv2fovYjnhX+CzMPk9YrpM6JDZm5QumhGmAMEQAplm
Vz6uHXaifP5uAgOvuqVPa11XVCOjA9LoGWyphc/pCdcBXIstApZMWRxB2s1XhSZo
zPC+2oTdiyKAkvfSzosdWdRKB824VvdTFP/kwP9Jiw62X7XgIKyiTYAOR9t54lIF
f5PAOX5tzLqIqbCxlRToFV3sumlm1hW1ZgIXdAf5k02NgCNWFufoWgu/5ua4m0Qx
dtxf+ErXopw5bngHPVxZHweBk66+CBU1DOrgLYujQyhg5469GU/0wf0NSYkWD2iV
ZsaNewIgrzlPhH/0A99o5oXRHZSpluMjywIvIGOd05rSyFqCGNWEANf0G88lke5q
XnKB8Q3QjM78Ivv5sGutmy788O8l8CBmDApibtKF45hJZGiM145e0yvAW7CEsjU=
=r3T/
-----END PGP SIGNATURE-----