From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 19 Sep 2014 04:51:23 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: <20140919045122.GA24295@gitery.altlinux.org> Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p6/branch packages: +2 (11679) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2014 04:51:24 -0000 Archived-At: List-Archive: 2 UPDATED packages chromium - An open source web browser developed by Google [523M] * Fri Sep 12 2014 Andrey Cherepanov 37.0.2062.94-alt0.M60P.1 - Backport new version to p6 branch * Fri Aug 29 2014 Andrey Cherepanov 37.0.2062.94-alt0.M70P.1 - Backport new version to p7 branch * Wed Aug 27 2014 Andrey Cherepanov 37.0.2062.94-alt1 - New version - Security fixes: - Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - High CVE-2014-3168: Use-after-free in SVG. - High CVE-2014-3169: Use-after-free in DOM. - High CVE-2014-3170: Extension permission dialog spoofing. - High CVE-2014-3171: Use-after-free in bindings. - Medium CVE-2014-3172: Issue related to extension debugging. - Medium CVE-2014-3173: Uninitialized memory read in WebGL. - Medium CVE-2014-3174: Uninitialized memory read in Web Audio. * Fri Aug 22 2014 Andrey Cherepanov 36.0.1985.143-alt0.M70P.1 - Backport new version to p7 branch * Mon Aug 18 2014 Andrey Cherepanov 36.0.1985.143-alt1 - New version - Security fixes: - High CVE-2014-3165: Use-after-free in web sockets. - High CVE-2014-3166: Information disclosure in SPDY. * Fri Jul 25 2014 Andrey Cherepanov 36.0.1985.125-alt1.M70P.1 - Backport new version to p7 branch * Fri Jul 25 2014 Andrey Cherepanov 36.0.1985.125-alt2 - Fix small user interface fonts (see https://code.google.com/p/chromium/issues/detail?id=375824) * Fri Jul 25 2014 Andrey Cherepanov 36.0.1985.125-alt0.M70P.1 - Backport new version to p7 branch * Thu Jul 17 2014 Andrey Cherepanov 36.0.1985.125-alt1 - New version - Security fixes: - Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. - Fix wrong Russian translation (ALT #30182) - Add flags to avoid memory exhaustion while linking on i586 - Use internal version of v8 library * Mon Jul 14 2014 Andrey Cherepanov 35.0.1916.153-alt1 - New version - Security fixes: - High CVE-2014-3154: Use-after-free in filesystem api. - High CVE-2014-3155: Out-of-bounds read in SPDY. - Medium CVE-2014-3156: Buffer overflow in clipboard. - CVE-2014-3157: Heap overflow in media. * Wed May 21 2014 Andrey Cherepanov 35.0.1916.114-alt1 - New version - Security fixes: - High CVE-2014-1743: Use-after-free in styles. - High CVE-2014-1744: Integer overflow in audio. - High CVE-2014-1745: Use-after-free in SVG. - Medium CVE-2014-1746: Out-of-bounds read in media filters. - Medium CVE-2014-1747: UXSS with local MHTML file. - Medium CVE-2014-1748: UI spoofing with scrollbar. * Wed May 14 2014 Andrey Cherepanov 34.0.1847.137-alt0.M60P.1 - Backport new version to p6 branch - Add support for playing mp3 and mpeg4 - Revert use new Gnome Keyring API * Wed May 14 2014 Andrey Cherepanov 34.0.1847.137-alt1 - New version - Security fixes: - High CVE-2014-1740: Use-after-free in WebSockets. - High CVE-2014-1741: Integer overflow in DOM ranges. - High CVE-2014-1742: Use-after-free in editing. * Fri May 02 2014 Andrey Cherepanov 34.0.1847.132-alt2 - Add support for playing mp3 and mpeg4 (ALT #27863) - Package icudtl.dat * Wed Apr 30 2014 Andrey Cherepanov 34.0.1847.132-alt1 - New version - Security fixes: - High CVE-2014-1731: Type confusion in DOM. - Medium CVE-2014-1732: Use-after-free in Speech Recognition. - Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. * Tue Apr 15 2014 Andrey Cherepanov 34.0.1847.116-alt1 - New version - Security fixes: - High CVE-2014-1718: Integer overflow in compositor. - High CVE-2014-1719: Use-after-free in web workers. - High CVE-2014-1720: Use-after-free in DOM. - High CVE-2014-1722: Use-after-free in rendering. - High CVE-2014-1723: Url confusion with RTL characters. - High CVE-2014-1724: Use-after-free in speech. - Medium CVE-2014-1725: OOB read with window property. - Medium CVE-2014-1726: Local cross-origin bypass. - Medium CVE-2014-1727: Use-after-free in forms. - Package depot-tools to correct build - Do not show apps shortcut button on bookmark bar by default - Switch build from make to ninja-build * Wed Mar 19 2014 Andrey Cherepanov 33.0.1750.152-alt0.M70P.1 - Backport new version to p7 branch * Tue Mar 18 2014 Andrey Cherepanov 33.0.1750.152-alt1 - New version - Security fixes: - High CVE-2014-1713: Use-after-free in Blink bindings - High CVE-2014-1705: Memory corruption in V8 - High CVE-2014-1715: Directory traversal issue * Thu Mar 13 2014 Andrey Cherepanov 33.0.1750.149-alt0.M70P.1 - Backport new version to p7 branch * Wed Mar 12 2014 Andrey Cherepanov 33.0.1750.149-alt1 - New version - Security fixes: - High CVE-2014-1700: Use-after-free in speech. - High CVE-2014-1701: UXSS in events. - High CVE-2014-1702: Use-after-free in web database. * Tue Mar 04 2014 Andrey Cherepanov 33.0.1750.146-alt1 - New version - Security fixes: - High CVE-2013-6663: Use-after-free in svg images. - High CVE-2013-6664: Use-after-free in speech recognition. - High CVE-2013-6665: Heap buffer overflow in software rendering. - Medium CVE-2013-6666: Chrome allows requests in flash header request. * Fri Feb 21 2014 Andrey Cherepanov 33.0.1750.117-alt1 - New version - Security fixes: - High CVE-2013-6653: Use-after-free related to web contents. - High CVE-2013-6654: Bad cast in SVG. - High CVE-2013-6655: Use-after-free in layout. - High CVE-2013-6656: Information leak in XSS auditor. - Medium CVE-2013-6657: Information leak in XSS auditor. - Medium CVE-2013-6658: Use-after-free in layout. - Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. - Low CVE-2013-6660: Information leak in drag and drop. - Update patches from SUSE, Debian and Arch * Wed Jan 29 2014 Andrey Cherepanov 32.0.1700.102-alt0.M70P.1 - Backport new version to p7 branch * Tue Jan 28 2014 Andrey Cherepanov 32.0.1700.102-alt1 - New version - Security fixes: - High CVE-2013-6649: Use-after-free in SVG images. - Fixes: - Mouse Pointer disappears after exiting full-screen mode. (317496) - Drag and drop files into Chrome may not work properly. (332579) - Quicktime Plugin crashes in Chrome. (308466) - Chrome becomes unresponsive. (335248) - Trackpad users may not be able to scroll horizontally. (332797) - Scrolling does not work in combo box. (334454) - Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword. (333035) * Fri Jan 24 2014 Andrey Cherepanov 32.0.1700.77-alt0.M70P.1 - Backport to p7 branch * Tue Jan 21 2014 Andrey Cherepanov 32.0.1700.77-alt1 - New version - Security fixes: - High CVE-2013-6646: Use-after-free in web workers. - High CVE-2013-6641: Use-after-free related to forms. - High CVE-2013-6643: Unprompted sync with an attacker's Google account. - Medium CVE-2013-6645 Use-after-free related to speech input elements. - Set interpreter /bin/bash for main executable for correct ulimit call * Mon Dec 09 2013 Andrey Cherepanov 31.0.1650.63-alt0.M70P.1 - Backport to p7 branch * Thu Dec 05 2013 Andrey Cherepanov 31.0.1650.63-alt1 - New version - Security fixes: - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. - High CVE-2013-6635: Use-after-free in editing. - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. - Increase default nproc limit from 1024 to 1536 - Remove SVN commit from release number * Sat Nov 16 2013 Andrey Cherepanov 31.0.1650.57-alt0.r235101.M70P.1 - Backport to p7 branch * Fri Nov 15 2013 Andrey Cherepanov 31.0.1650.57-alt1.r235101 - New version - Security fixes: - Critical CVE-2013-6632: Multiple memory corruption issues * Thu Nov 14 2013 Andrey Cherepanov 31.0.1650.48-alt0.r233213.M70P.1 - Backport to p7 branch * Wed Nov 13 2013 Andrey Cherepanov 31.0.1650.48-alt1.r233213 - New version - Security fixes: - Medium CVE-2013-6621: Use after free related to speech input elements. - High CVE-2013-6622: Use after free related to media elements. - High CVE-2013-6623: Out of bounds read in SVG. - High CVE-2013-6624: Use after free related to "id" attribute strings. - High CVE-2013-6625: Use after free in DOM ranges. - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. - High CVE-2013-6627: Out of bounds read in HTTP parsing. - Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. * Fri Oct 25 2013 Andrey Cherepanov 30.0.1599.114-alt1.r229842 - New version - Move chrome_sandbox to %_libdir/chromium/chrome-sandbox * Fri Oct 11 2013 Andrey Cherepanov 30.0.1599.66-alt1.r225456 - New version - Security fixes: - Medium CVE-2013-2906: Races in Web Audio. - Medium CVE-2013-2907: Out of bounds read in Window.prototype object. - Medium CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code. - High CVE-2013-2909: Use after free in inline-block rendering. - Medium CVE-2013-2910: Use-after-free in Web Audio. - High CVE-2013-2911: Use-after-free in XSLT. - High CVE-2013-2912: Use-after-free in PPAPI. - High CVE-2013-2913: Use-after-free in XML document parsing. - Low CVE-2013-2915: Address bar spoofing via a malformed scheme. - High CVE-2013-2916: Address bar spoofing related to the "204 No Content" status code. - Medium CVE-2013-2917: Out of bounds read in Web Audio. - High CVE-2013-2918: Use-after-free in DOM. - High CVE-2013-2919: Memory corruption in V8. - Medium CVE-2013-2920: Out of bounds read in URL parsing. - High CVE-2013-2921: Use-after-free in resource loader. - High CVE-2013-2922: Use-after-free in template element. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives. * Fri Sep 27 2013 Andrey Cherepanov 29.0.1547.76-alt1.r223446.M70P.1 - Backport to p7 branch * Wed Sep 25 2013 Andrey Cherepanov 29.0.1547.76-alt2.r223446 - New version 29.0.1547.76 * Tue Sep 03 2013 Andrey Cherepanov 29.0.1547.65-alt1.r220622 - New version 29.0.1547.62 - Security fixes: - High CVE-2013-2900: Incomplete path sanitization in file handling. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. - High CVE-2013-2901: Integer overflow in ANGLE. - High CVE-2013-2902: Use after free in XSLT. - High CVE-2013-2903: Use after free in media element. - High CVE-2013-2904: Use after free in document parsing. - Improved Omnibox suggestions based on the recency of sites you have visited - Ability to reset your profile back to its original state - Many new apps and extensions APIs - Lots of stability and performance improvements - Fix an issue with printing from Google Docs applications - Fix an issue with Sync * Wed Jul 31 2013 Dmitriy Kulik 28.0.1500.95-alt2.r213514 - rebuild with versioned v8 * Wed Jul 31 2013 Andrey Cherepanov 28.0.1500.95-alt1.r213514 - New version 28.0.1500.95 - Security fixes: - Medium CVE-2013-2881: Origin bypass in frame handling. - High CVE-2013-2883: Use-after-free in MutationObserver. - High CVE-2013-2884: Use-after-free in DOM. - High CVE-2013-2885: Use-after-free in input handling. * Wed Jul 24 2013 Andrey Cherepanov 28.0.1500.71-alt1.r209842 - New version 28.0.1500.71 - Security fixes: - High CVE-2013-2879: Confusion setting up sign-in and sync. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. - Critical CVE-2013-2870: Use-after-free with network sockets. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. - High CVE-2013-2871: Use-after-free in input handling. - High CVE-2013-2873: Use-after-free in resource loading. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. - None: Remove the "viewsource" attribute on iframes. - Medium CVE-2013-2878: Out-of-bounds read in text handling. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives * Wed Jun 05 2013 Andrey Cherepanov 27.0.1453.110-alt1.r202711 - New version 27.0.1453.110 - Security fixes: - Critical CVE-2013-2863: Memory corruption in SSL socket handling. - High CVE-2013-2856: Use-after-free in input handling. - High CVE-2013-2857: Use-after-free in image handling. - High CVE-2013-2858: Use-after-free in HTML5 Audio. - High CVE-2013-2859: Cross-origin namespace pollution. - High CVE-2013-2860: Use-after-free with workers accessing database APIs. - High CVE-2013-2861: Use-after-free with SVG. - High CVE-2013-2862: Memory corruption in Skia GPU handling. - High CVE-2013-2864: Bad free in PDF viewer. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-2855: Memory corruption in dev tools API. * Thu May 30 2013 Andrey Cherepanov 27.0.1453.93-alt1.r200836 Note: changelog entry for 27.0.1453.110-alt0.M60P.1.r202711 not found. quagga - Quagga routing suite (a fork of the GNU Zebra) * Wed Sep 03 2014 Sergey Y. Afonin 0.99.23.1-alt0.M60T.1 - branch t6 backport * Mon Sep 01 2014 Sergey Y. Afonin 0.99.23.1-alt1 - new version * Fri Apr 12 2013 Sergey Y. Afonin 0.99.22.1-alt1 - new version * Sat Mar 02 2013 Sergey Y. Afonin 0.99.22-alt1 Note: changelog entry for 0.99.22.1-alt0.M60P.1 not found. Total 11679 source packages.