chromium-browser (49.0.2623.87-0ubuntu1.1232) xenial; urgency=medium

  * debian/patches/system-xdg-settings: Insist on using system xdg utilities.
  * Upstream release 49.0.2623.87:
    - CVE-2016-1643: Type confusion in Blink.
    - CVE-2016-1644: Use-after-free in Blink.
    - CVE-2016-1645: Out-of-bounds write in PDFium.
  * Upstream release 49.0.2623.75:
    - CVE-2016-1630: Same-origin bypass in Blink.
    - CVE-2016-1631: Same-origin bypass in Pepper Plugin.
    - CVE-2016-1632: Bad cast in Extensions.
    - CVE-2016-1633: Use-after-free in Blink.
    - CVE-2016-1634: Use-after-free in Blink.
    - CVE-2016-1635: Use-after-free in Blink.
    - CVE-2016-1636: SRI Validation Bypass.
    - CVE-2015-8126: Out-of-bounds access in libpng.
    - CVE-2016-1637: Information Leak in Skia.
    - CVE-2016-1638: WebAPI Bypass.
    - CVE-2016-1639: Use-after-free in WebRTC.
    - CVE-2016-1640: Origin confusion in Extensions UI. 
    - CVE-2016-1641: Use-after-free in Favicon.
    - CVE-2016-1642: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
      (currently 4.9.385.26).
  * debian/rules: No longer fabricate snap package as side effect.
  * debian/control: build-dep on libffi-dev, mesa-common-dev.
  * debian/patches/format-flag: Remove patch.

 -- Chad MILLER <chad.miller@canonical.com>  Tue, 15 Mar 2016 09:42:48 -0400
