chromium-browser (39.0.2171.65-0ubuntu0.14.10.1.1106) utopic-security; urgency=medium

  * Upstream release 39.0.2171.65:
    - CVE-2014-7899: Address bar spoofing.
    - CVE-2014-7900: Use-after-free in pdfium.
    - CVE-2014-7901: Integer overflow in pdfium.
    - CVE-2014-7902: Use-after-free in pdfium.
    - CVE-2014-7903: Buffer overflow in pdfium.
    - CVE-2014-7904: Buffer overflow in Skia.
    - CVE-2014-7905: Flaw allowing navigation to intents that do not have the
      BROWSABLE category.
    - CVE-2014-7906: Use-after-free in pepper plugins.
    - CVE-2014-0574: Double-free in Flash.
    - CVE-2014-7907: Use-after-free in blink.
    - CVE-2014-7908: Integer overflow in media.
    - CVE-2014-7909: Uninitialized memory read in Skia.
    - CVE-2014-7910: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/patches/search-credit.patch: Include "client" in google search
    prepopulated template's parameters.
  * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has
    parameter.
  * debian/source/lintian-overrides: Ignore android tools we don't use.
  * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we 
    configure to have no symbols in builder (because they are humongous
    otherwise).
  * debian/control: Bump standards version. Version dep "bash". Remove
    duplicate language from package descriptions.
  * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test 
    for dead NPAPI unity-webapps extension.

 -- Chad MILLER <chad.miller@canonical.com>  Sat, 22 Nov 2014 14:06:34 -0500

chromium-browser (38.0.2125.111-0ubuntu0.14.10.1.1103) utopic-security; urgency=medium

  * Upstream release 38.0.2125.111.
  * Upstream release 38.0.2125.104.
  * Upstream release 38.0.2125.101:  (LP: #1310163)
    - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
      IPC bugs that can lead to remote code execution outside of the sandbox.
    - CVE-2014-3189: Out-of-bounds read in PDFium.
    - CVE-2014-3190: Use-after-free in Events.
    - CVE-2014-3191: Use-after-free in Rendering.
    - CVE-2014-3192: Use-after-free in DOM.
    - CVE-2014-3193: Type confusion in Session Management.
    - CVE-2014-3194: Use-after-free in Web Workers.
    - CVE-2014-3195: Information Leak in V8.
    - CVE-2014-3196: Permissions bypass in Windows Sandbox.
    - CVE-2014-3197: Information Leak in XSS Auditor.
    - CVE-2014-3198: Out-of-bounds read in PDFium.
    - CVE-2014-3199: Release Assert in V8 bindings.
    - CVE-2014-3200: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 38).
  * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
  * Make the verification step in clean make more compare-able output.
  * debian/patches/configuration-directory.patch: Account for new location of
    policies directory in /etc . Change back. (LP: #1373802)
  * debian/patches/lp-translations-paths: Map old third_party filenames to
    new name after processor compiles.
  * debian/rules: Fix patch-translations rule, workflow.
  * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
  * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
    which has never worked. (LP: #1381644)
  * debian/patches/disable-sse: Disable more SSE #includes.
  * debian/rules: Omit unnecessary files from packaging.
  * debian/chromium-browser.sh.in: Fix variable name bug and suggest
    ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
  * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
    APIs.

 -- Chad MILLER <chad.miller@canonical.com>  Wed, 15 Oct 2014 14:22:55 -0400

chromium-browser (5.0.307.5~r37950-0ubuntu1) lucid; urgency=low

  * Add libxss-dev to Build-Depends, the new browser sync engine needs
    X11/extensions/scrnsaver.h
    - update debian/control
  * Add a safety net to get-orig-source when fetching sources for a channel
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 09 Feb 2010 17:07:18 +0100

chromium-browser (4.0.305.0~svn20100123r36929-0ubuntu1) lucid; urgency=low

  [ Fabien Tassin <fta@ubuntu.com> ]
  * Initial release. (Closes: #520324, LP: #387765)

  [ Alexander Sack <asac@ubuntu.com> ]
  * extensive license review; see copyright and copyright.problems;
    also see debian/licensecheck.pl for details how the copyright files are
    generated
  * address archive-admin comments:
    + add "Paul Hsieh's Public Domain Option" license snippet and mark
      net/disk_cache/hash.cc to be govered by that; recreate copyright*
      - add debian/licenses/LICENSE.Paul Hsieh's Public Domain Option
      - update debian/licensecheck.pl
      - update debian/copyright
      - update debian/copyright.problems

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 26 Jan 2010 17:43:19 +0100
