chromium-browser (42.0.2311.135-1ubuntu1.1160) wily; urgency=medium

  * Upstream release 42.0.2311.135:
    - CVE-2015-1243: Use-after-free in DOM.
    - CVE-2015-1250: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 42.0.2311.90:
    - CVE-2015-1235: Cross-origin-bypass in HTML parser.
    - CVE-2015-1236: Cross-origin-bypass in Blink.
    - CVE-2015-1237: Use-after-free in IPC.
    - CVE-2015-1238: Out-of-bounds write in Skia.
    - CVE-2015-1240: Out-of-bounds read in WebGL.
    - CVE-2015-1241: Tap-Jacking.
    - CVE-2015-1242: Type confusion in V8.
    - CVE-2015-1244: HSTS bypass in WebSockets.
    - CVE-2015-1245: Use-after-free in PDFium.
    - CVE-2015-1247: Scheme issues in OpenSearch.
    - CVE-2015-1248: SafeBrowsing bypass.
  * Upstream release 41.0.2272.118:
    - CVE-2015-1233: A special thanks to Anonymous for a combination of V8,
      Gamepad and IPC bugs that can lead to remote code execution outside of
      the sandbox. 
    - CVE-2015-1234: Buffer overflow via race condition in GPU.
  * Change assumed X-resource DPI from 108 to 96. That's closer to 100.
  * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val
    nonzero on failure.
  * debian/generate-snappy.mk, debian/rules: Start to generate snap packages
    if available.
  * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it.
  * debian/chromium-browser.sh.in,
    debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users
    to update flash player.
  * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one
    flash-player start param to chromium. Prefer the new one.
  * debian/patches/arm-neon.patch: exclude new armv7=neon assumptions.
  * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all
    contribute to the largest crash report in errors.ubuntu.com. Let's disable
    GPUs for now.

 -- Chad MILLER <chad.miller@canonical.com>  Mon, 04 May 2015 12:09:02 -0400
