chromium-browser (44.0.2403.89-1~deb8u1) jessie-security; urgency=high

  * New upstream security release:
    - CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
    - CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
    - CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
    - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to
      Mike Ruddy.
    - CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen.
    - CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination. Credit to Chamal de Silva.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
    - CVE-2015-1274: Settings allowed executable files to run immediately after
      download. Credit to  andrewm.bpi.
    - CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte).
    - CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
    - CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
    - CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
    - CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
    - CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
    - CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
    - CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa
      Sidhpurwala.
    - CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen.
    - CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
    - CVE-2015-1286: UXSS in blink. Credit to anonymous.
    - CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to
      Mike Ruddy.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Hotword extension disabled by default (closes: #786909).

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 22 Jul 2015 02:58:38 +0000

chromium-browser (43.0.2357.65-1~deb8u1) jessie-security; urgency=medium

  * New upstream stable release:
    - CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
    - CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
    - CVE-2015-1254: Cross-origin bypass in Editing. Credit to
      armin@rawsec.net.
    - CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
    - CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen.
    - CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined.
    - CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
    - CVE-2015-1258: Negative-size parameter in Libvpx.  Credit to cloudfuzzer
    - CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen.
    - CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
    - CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
    - CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
    - CVE-2015-1263: Insecure download of spellcheck dictionary.  Credit to
      Mike Ruddy.
    - CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 21 May 2015 04:38:13 +0000

chromium-browser (42.0.2311.135-1~deb8u1) jessie-security; urgency=high

  * New upstream stable release:
    - CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei.
    - CVE-2015-1250: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 30 Apr 2015 23:32:05 +0000

chromium-browser (42.0.2311.90-1~deb8u1) jessie-security; urgency=high

  * New upstream stable release:
    - CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
    - CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
    - CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
    - CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
    - CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
    - CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston.
    - CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
    - CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
    - CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
    - CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen.
    - CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
    - CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta.
    - CVE-2015-1249: Various fixes from internal audits, fuzzing and other
      initiatives.  Also multiple issues in v8 4.2.77.14.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 19 Apr 2015 23:21:40 +0000

chromium-browser (41.0.2272.118-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that can lead
      to remote code execution outside of the sandbox.
    - CVE-2015-1234: Buffer overflow via race condition in GPU. Credit to
      lokihardt working with Pwn2Own and HP’s Zero Day Initiative.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 02 Apr 2015 00:33:12 +0000

chromium-browser (41.0.2272.76-2) unstable; urgency=medium

  * Install v8 natives and snapshot blob files (closes: #779717).
    - Thanks to Jason Rhinelander.

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 06 Mar 2015 00:59:50 +0000

chromium-browser (41.0.2272.76-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous.
    - CVE-2015-1213: Out-of-bounds write in skia filters. Credit to
      cloudfuzzer.
    - CVE-2015-1214: Out-of-bounds write in skia filters. Credit to
      cloudfuzzer.
    - CVE-2015-1215: Out-of-bounds write in skia filters. Credit to
      cloudfuzzer.
    - CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous.
    - CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous.
    - CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer.
    - CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang.
    - CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin.
    - CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne.
    - CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne.
    - CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl.
    - CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin.
    - CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer.
    - CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu.
    - CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl.
    - CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz.
    - CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy.
    - CVE-2015-1230: Type confusion in v8. Credit to Skylined.
    - CVE-2015-1231: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 04 Mar 2015 00:11:46 +0000

chromium-browser (40.0.2214.111-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl.
    - CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
    - CVE-2015-1211: Privilege escalation using service workers.  Credit to
      anonymous.
    - CVE-2015-1212: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 13 Feb 2015 02:32:16 +0000

chromium-browser (40.0.2214.91-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
    - CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
    - CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
    - CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
    - CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
    - CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
    - CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
    - CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
    - CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
    - CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen.
    - CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
    - CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
    - CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
    - CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
    - CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen.
    - CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen.
    - CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
    - CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
    - CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen and
      Christoph Diehl.
    - CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
    - CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen.
    - CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
    - CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
    - CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
    - CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
    - CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
    - CVE-2015-1205: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 22 Jan 2015 04:42:18 +0000

chromium-browser (39.0.2171.71-2) unstable; urgency=medium

  * Add missing test to chromium.preinst (closes: #771684).

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 02 Dec 2014 01:30:33 +0000

chromium-browser (39.0.2171.71-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2014-3566: SSLv3 support is now disabled by default.
    - CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
    - CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen.
    - CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
    - CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
    - CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
    - CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen.
    - CVE-2014-7905: Flaw allowing navigation to intents that do not have the
      BROWSABLE category. Credit to WangTao(neobyte).
    - CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang.
    - CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
    - CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang.
    - CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
    - CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.
  * Display info about upstream ending support for non-sse2 (closes: #769836).
  * Remove non-free RFCs from the upstream tarball (closes: #771640).
  * Include a conf file for Google's API keys (closes: #748867).
  * Handle dangling chromium icon directory (closes: #766420).
  * Install icons into the correct path (closes: #767697).

 -- Michael Gilbert <mgilbert@debian.org>  Mon, 01 Dec 2014 01:13:44 +0000

chromium-browser (38.0.2125.101-3) unstable; urgency=medium

  * Ignore dpkg files in /etc/chromium.d (closes: #765959).
  * Remove trailing maintscript arguments (closes: #765528).
  * Use libjpeg-dev instead of libjpeg8-dev (closes: #765821).

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 17 Oct 2014 21:27:05 +0000

chromium-browser (38.0.2125.101-2) unstable; urgency=medium

  * Disable HiDPI (closes: #764883).
  * Fix conffile handling (closes: #764769).
  * Correct icon installation logic (closes: #764828).
  * Use embedded protobuf code copy (closes: #764911).
  * Support larger set of html5 video formats again (closes: #764793).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 12 Oct 2014 21:34:26 +0000

chromium-browser (38.0.2125.101-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8
      and IPC bugs that can lead to remote code execution outside of the
      sandbox.
    - CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
    - CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen
      Zhang.
    - CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
    - CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
    - CVE-2014-3193: Type confusion in Session Management.  Credit to miaubiz.
    - CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
    - CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
    - CVE-2014-3196: Permissions bypass in Windows Sandbox.  Credit to James
      Forshaw.
    - CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi
      Terada.
    - CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen.
    - CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
    - CVE-2014-3200: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 38).
    - Improved support for HiDPI displays (closes: #763421).
  * Add libgnome-keyring-dev build dependency (closes: #764548).
  * Install desktop file and icons again (closes: #764373).
  * Correctly handle old conffiles (closes: #764180).

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 10 Oct 2014 00:49:02 +0000

chromium-browser (37.0.2062.120-4) unstable; urgency=medium

  * Merge changes from the experimental branch.
  * Install chromium menu entry (closes: #752855).
  * Use /etc/chromium.d for preferences (closes: #762574).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 28 Sep 2014 17:39:41 +0000

chromium-browser (37.0.2062.120-3) unstable; urgency=medium

  * Build with clang 3.5.
  * Enable support for HiDPI displays (closes: #763421).
  * Document debian-specific command-line options (closes: #755401).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 28 Sep 2014 17:39:41 +0000

chromium-browser (37.0.2062.120-2) unstable; urgency=medium

  * Build with clang instead of gcc.
  * Add libexif-dev build dependency.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 21 Sep 2014 22:57:11 +0000

chromium-browser (37.0.2062.120-1) unstable; urgency=medium

  * New upstream stable release (closes: #761090):
    - CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian
      Schneider.
    - CVE-2014-3162: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne.
    - CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine
      Delignat-Lavaud.
    - CVE-2014-3167: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.
    - CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.
    - CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.
    - CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.
    - CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey.
    - CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar.
    - CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte
      Kettunen from OUSPG.
    - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3176: A special reward to lokihardt@asrt for a combination of
      bugs in V8, IPC, sync, and extensions that can lead to remote code
      execution outside of the sandbox.
    - CVE-2014-3177: A special reward to lokihardt@asrt for a combination of
      bugs in V8, IPC, sync, and extensions that can lead to remote code
      execution outside of the sandbox.
    - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
    - CVE-2014-3179: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Fixes segfault in angle with gcc 4.9 (closes: #751652).
    - Includes an embedded pdf viewer (closes: #667591).
  * Use pristine upstream that doesn't have pre-built nacl (closes: #753761).
  * Correct webbrowser spelling in the desktop file (closes: #758143).
  * Remove leftover conffiles (closes: #751848).
  * Build using gcc 4.9 (closes: #754182).

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 13 Aug 2014 22:56:16 +0000

chromium-browser (36.0.1985.125-0) experimental; urgency=medium

  * New upstream beta release.
  * Remove more files from the upstream tarball.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 16 Jul 2014 00:49:19 +0000

chromium-browser (36.0.1985.103-1) experimental; urgency=medium

  * New upstream beta release.
  * Remove android folders.

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 12 Jul 2014 21:38:26 +0000

chromium-browser (36.0.1985.98-1) experimental; urgency=medium

  * New upstream beta release.
  * Remove more files from the upstream tarball.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 06 Jul 2014 04:05:56 +0000

chromium-browser (36.0.1985.97-1) experimental; urgency=medium

  * New upstream beta release.
  * Use system srtp, modpbase64, zlib, and minizip.
  * Remove srtp files from the upstream tarball (closes: #753826).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 06 Jul 2014 00:06:57 +0000

chromium-browser (36.0.1985.84-1) experimental; urgency=medium

  * New upstream beta release.
  * Remove more files from the upstream tarball.

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 21 Jun 2014 23:41:14 +0000

chromium-browser (36.0.1985.67-1) experimental; urgency=medium

  * New upstream beta release.
  * More verbose linking output.
  * Fix unwanted output (closes: #751359).
  * More robust fix for older processors (closes: #750361).

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 18 Jun 2014 00:18:47 +0000

chromium-browser (36.0.1985.49-1) experimental; urgency=medium

  * New upstream beta release.
  * Remove more files from the upstream tarball.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 08 Jun 2014 01:49:51 +0000

chromium-browser (36.0.1985.36-1) experimental; urgency=medium

  * Use system libre2.
  * Remove more files from the upstream tarball.
  * Don't set sse2 compiler flags on i386 (closes: #750361).

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 07 Jun 2014 22:00:14 +0000

chromium-browser (36.0.1985.35-1) experimental; urgency=medium

  * Remove more files from the upstream tarball.
  * Only include TODO.Debian once (closes: #750568).

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 05 Jun 2014 20:21:28 +0000

chromium-browser (36.0.1985.32-1) experimental; urgency=medium

  * New upstream beta release.
  * Add icon to menu entry (closes: #703307).
  * Remove third_party/wtl (closes: #647529).
  * Update package descriptions (closes: #749673).

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 31 May 2014 19:05:32 +0000

chromium-browser (36.0.1985.18-2) experimental; urgency=medium

  * Add libexif-dev build dependency.
  * Add flags to avoid memory exhaustion while linking on i386.

 -- Michael Gilbert <mgilbert@debian.org>  Mon, 26 May 2014 23:43:25 +0000

chromium-browser (36.0.1985.18-1) experimental; urgency=medium

  * New upstream beta release.
  * Build with gcc 4.9.
  * Rebuild the packaging from scratch using the "lite" upstream packages,
    ninja instead of make, debhelper 9 instead of cdbs, and simplified
    debian/rules.
  * Use system versions of icu, png, jpeg, opus, snappy, and jsoncpp.
  * No longer provide get-current-source rule (closes: #585814).
  * Add a README.debian document with information about chromium-inspector
    and command-line flags (closes: #629505, #649812).
  * Add protobuf-compiler, ninja-build, bison, and gperf build dependencies
    (closes: #748673).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 25 May 2014 03:39:39 +0000

chromium-browser (35.0.1916.153-2) unstable; urgency=medium

  * Avoid gcc 4.9 (closes: #751294)

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 12 Jun 2014 01:11:09 +0000

chromium-browser (35.0.1916.153-1) unstable; urgency=high

  * New upstream stable release:
    - CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
    - CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel
      Sommermann and Alan Frindell of Facebook.
    - CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen.
    - CVE-2014-3157: Heap overflow in media.
  * Don't set sse2 compiler flags on i386 (closes: #750361).
  * Prefer libgcrypt11 (closes: #750304).

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 11 Jun 2014 02:31:22 +0000

chromium-browser (35.0.1916.114-2) unstable; urgency=medium

  * Add flags to avoid memory exhaustion while linking on i386
    (closes: #746034).

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 27 May 2014 03:09:00 +0000

chromium-browser (35.0.1916.114-1) unstable; urgency=high

  * New upstream stable release:
    - CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
    - CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
    - CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen.
    - CVE-2014-1746: Out-of-bounds read in media filters. Credit to
      Holger Fuhrmannek.
    - CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
    - CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
    - CVE-2014-1749: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 21 May 2014 23:15:51 +0000

chromium-browser (34.0.1847.137-1) unstable; urgency=medium

  * New upstream stable release:
    - High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin
      Payne.
    - High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John
      Butler.
    - High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer.

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 17 May 2014 13:06:30 +0000

chromium-browser (34.0.1847.132-1) unstable; urgency=medium

  * New upstream stable release:
    - High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
    - High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
    - High CVE-2014-1736: Integer overflow in V8.  Credit to SkyLined working
      with HP's Zero Day Initiative
    - Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to
      Khalil Zhani
    - Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis
    - CVE-2014-1734: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version
      3.24.35.33.
  * Add libkrb5-dev build-dependency (closes: #745794).
  * Remove non-free file (closes: #745397).

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 26 Apr 2014 18:03:53 +0000

chromium-browser (34.0.1847.116-2) unstable; urgency=medium

  * Add libgcrypt build-dependency.

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 15 Apr 2014 00:22:36 +0000

chromium-browser (34.0.1847.116-1) unstable; urgency=high

  * New upstream stable release:
    - High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
    - High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
    - High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron
      Staple.
    - High CVE-2014-1719: Use-after-free in web workers. Credit to Collin
      Payne.
    - High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
    - High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
    - High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
    - High CVE-2014-1723: Url confusion with RTL characters. Credit to George
      McBay.
    - High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen.
    - Medium CVE-2014-1725: OOB read with window property. Credit to
      Anonymous.
    - Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
    - Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
    - CVE-2014-1728: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
      3.24.35.22.
  * Remove sourceless javascript files (closes: #735355).
  * Remove sourceless swf files (closes: #735344).

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 11 Apr 2014 01:42:04 +0000

chromium-browser (33.0.1750.152-1) unstable; urgency=high

  * [641361a] Disable new GN stuff
  * [43cea90] Refreshed patches
  * New stable release:
    - High CVE-2014-1713: Use-after-free in Blink bindings
    - High CVE-2014-1714: Windows clipboard vulnerability
    - High CVE-2014-1705: Memory corruption in V8
    - High CVE-2014-1715: Directory traversal issue
    - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
    - High CVE-2014-1701: UXSS in events. Credit to aidanhs.
    - High CVE-2014-1702: Use-after-free in web database.
      Credit to Collin Payne.
    - High CVE-2014-1703: Potential sandbox escape due to a use-after-free
      in web sockets.
    - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18
    - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte
      Kettunen of OUSPG.
    - High CVE-2013-6664: Use-after-free in speech recognition.
      Credit to Khalil Zhani.
    - High CVE-2013-6665: Heap buffer overflow in software
      rendering. Credit to cloudfuzzer.
    - Medium CVE-2013-6666: Chrome allows requests in flash header request.
      Credit to netfuzzerr.
    - CVE-2013-6667: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10
    - High CVE-2013-6653: Use-after-free related to web contents.
      Credit to Khalil Zhani.
    - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
    - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
    - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
    - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil
    - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
    - Medium CVE-2013-6659: Issue with certificates validation in
      TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan
      from Prosecco, Inria Paris.
    - Low CVE-2013-6660: Information leak in drag and drop. Credit to
      bishopjeffreys.
    - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing
      and other initiatives. Of these, seven are fixes for issues that could
      have allowed for sandbox escapes from compromised renderers.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 21 Mar 2014 17:20:44 +0100

chromium-browser (32.0.1700.123-4) unstable; urgency=medium

  * Remove polymer.js.min.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 09 Mar 2014 22:30:14 +0000

chromium-browser (32.0.1700.123-3) unstable; urgency=medium

  * Remove a lot of sourceless files.
  * Suggest mozplugger (closes: #626400).
  * Use file's -E option (closes: #740476).
  * Capitalize Chromium in descriptions (closes: #632928, #715802).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 16 Feb 2014 18:50:06 +0000

chromium-browser (32.0.1700.123-2) unstable; urgency=medium

  * Build with system libjs-jquery-flot.
  * Build chromedriver (closes: #725130).
    - Thanks to Vincent Bernat and Adrian Lang.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 16 Feb 2014 02:32:18 +0000

chromium-browser (32.0.1700.123-1) unstable; urgency=medium

  * [a7cf72b] Refreshed Patches
  * [0da7fc2] Added libdrm-dev and libcap-dev in build-deps
  * New stable release:
    - High CVE-2013-6649: Use-after-free in SVG images. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2013-6650: Memory corruption in V8. This issue was
      fixed in v8 version 3.22.24.16. Credit to Christian Holler.
    - High CVE-2013-6646: Use-after-free in web workers. Credit to
      Collin Payne.
    - High CVE-2013-6641: Use-after-free related to forms. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2013-6643: Unprompted sync with an attacker’s Google
      account. Credit to Joao Lucas Melo Brasio.
    - CVE-2013-6645 Use-after-free related to speech input elements.
      Credit to Khalil Zhani.
    - CVE-2013-6644: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 13 Feb 2014 19:36:17 +0100

chromium-browser (31.0.1650.63-1) unstable; urgency=medium

  * New upstream stable release:
    - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects.
      Credit to Andrey Labunets.
    - High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer.
    - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs.
      Credit to Bas Venis.
    - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8
      version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
    - High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
      version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
    - Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in
      v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 05 Dec 2013 14:05:22 +0000

chromium-browser (31.0.1650.57-1) unstable; urgency=medium

  * New upstream stable release:
    - Medium-Critical CVE-2013-2931: Various fixes from internal audits,
      fuzzing and other initiatives.
    - Medium CVE-2013-6621: Use after free related to speech input elements.
      Credit to Khalil Zhani.
    - High CVE-2013-6622: Use after free related to media elements. Credit to
      cloudfuzzer.
    - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
    - High CVE-2013-6624: Use after free related to “id” attribute strings.
      Credit to Jon Butler.
    - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
    - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings.
      Credit to Chamal de Silva.
    - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to
      skylined.
    - Medium CVE-2013-6628: Issue with certificates not being checked during
      TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan
      Bhargavan from Prosecco of INRIA Paris.
    - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and
      libjpeg-turbo. Credit to Michal Zalewski of Google.
    - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
      Credit to Michal Zalewski of Google.
    - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund
      of the Chromium project.
    - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to
      Pinkie Pie.
  * Disable promos by default (closes: #634101).
  * Set WANT_TESTS=0 if WANT_TESTS=1 fails (closes: #589654).
  * Maintain window ordering when new tabs are opened (closes: #725350).
  * Install chromium-inspector files to /usr/share instead of /usr/lib.
  * Don't remove third party libraries from the upstream tarball.
  * Remove non-default compression selections from debian/rules.
  * Build with breakpad crash reporting.
  * Fix some lintian warnings.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 13 Nov 2013 07:44:55 +0000

chromium-browser (30.0.1599.101-3) unstable; urgency=medium

  * Fix sandbox installation path (closes: #728823).

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 07 Nov 2013 04:24:55 +0000

chromium-browser (30.0.1599.101-2) unstable; urgency=medium

  * Use system zlib.
  * Remove arm patches.
  * Update lintian overrides.
  * Remove an unsafe symlink.
  * Remove icu build dependency.
  * Support poststript printing (closes: #717722).
  * Use fonts-ipafont instead of ttf-kochi (closes: #725800).

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 02 Nov 2013 21:25:50 +0000

chromium-browser (30.0.1599.101-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New stable release:
    - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of
      OUSPG.
    - High CVE-2013-2926: Use after free in editing. Credit to
      cloudfuzzer.
    - High CVE-2013-2927: Use after free in forms. Credit to
      cloudfuzzer.
    - CVE-2013-2928: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Medium CVE-2013-2906: Races in Web Audio.
      Credit to Atte Kettunen of OUSPG.
    - Medium CVE-2013-2907: Out of bounds read in Window.prototype object.
      Credit to Boris Zbarsky.
    - Medium CVE-2013-2908: Address bar spoofing related to the "204
      No Content" status code. Credit to Chamal de Silva.
    - High CVE-2013-2909: Use after free in inline-block
      rendering. Credit to Atte Kettunen of OUSPG. 
    - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to
      Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
    - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte
      Kettunen of OUSPG.
    - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal
      de Silva and 41.w4r10r(at)garage4hackers.com.
    - High CVE-2013-2913: Use-after-free in XML document parsing.
      Credit to cloudfuzzer. 
    - High CVE-2013-2914: Use after free in the Windows color
      chooser dialog. Credit to Khalil Zhani. 
    - Low CVE-2013-2915: Address bar spoofing via a malformed scheme.
      Credit to Wander Groeneveld. 
    - High CVE-2013-2916: Address bar spoofing related to the "204
      No Content” status code. Credit to Masato Kinugawa.
    - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit
      to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
      Security Center (GTISC). 
    - High CVE-2013-2918: Use-after-free in DOM. Credit to
      Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
    - High CVE-2013-2919: Memory corruption in V8. Credit to Adam
      Haile of Concrete Data. 
    - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2013-2921: Use-after-free in resource loader. Credit
      to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
      Security Center (GTISC). 
    - High CVE-2013-2922: Use-after-free in template element. Credit
      to Jon Butler. 
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.

  * [6651f1c] Added chrpath to build-depends
  * [3c88b20] Refreshed Patches for version 30
  * [743a0a6] Make default of third-party cookies the most secure for users.
    Thanks to Chad Miller
  * [9507f07] Do not install remoting_locales/en-US.pak
  * [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file

  [ Shawn Landden ]
  * [6d027f1] rules: dpkg compresses .deb files with xz by default now

  [ Michael Gilbert ]
  * [18341ce] add some TODO tasks

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 21 Oct 2013 13:06:14 +0200

chromium-browser (29.0.1547.57-3) unstable; urgency=medium

  * Drop transitional packages (closes: #684369).
  * Fix another copyright file syntax error.
  * Remove libav build dependencies.
  * Fix lintian override syntax.
  * Fix version control URL.
  * Use system vpx.

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 27 Aug 2013 01:01:35 +0000

chromium-browser (29.0.1547.57-2) unstable; urgency=medium

  * Mark chromium-inspector as multi-arch: foreign (closes: #695229).
  * Use system libpng (closes: #699918).
  * Fix copyright file syntax error.
  * Drop implicit g++ dependency.
  * Add some lintian overrides.
  * Update my email address.
  * Remove unsafe symlink.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 25 Aug 2013 02:15:35 +0000

chromium-browser (29.0.1547.57-1) unstable; urgency=medium

  [ Michael Gilbert ]
  * New upstream stable release:
    - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit
      to Krystian Bigaj.
    - Low CVE-2013-2905: Information leak via overly broad permissions on
      shared memory files. Credit to Christian Jaeger.
    - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman.
    - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer.
    - High CVE-2013-2903: Use after free in media element. Credit to
      cloudfuzzer.
    - High CVE-2013-2904: Use after free in document parsing. Credit to
      cloudfuzzer.
    - CVE-2013-2887: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 29).
  * Remove unused webkit layout tests (closes: 720446).
  * Use source package name for get-orig-source rule.
  * Remove gfdl documentation (closes: #708860).
  * Build-depend on git.
  
  [ Shawn Landden ]
  * New standards version.
  * Use canonical VCS url.
  * Always use system includes rather than ones of a chroot.

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 24 Aug 2013 20:14:52 +0000

chromium-browser (28.0.1500.95-3) unstable; urgency=medium

  * Fix placement of -fuse-ld=gold in ldflags.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 01 Aug 2013 16:38:05 +0000

chromium-browser (28.0.1500.95-2) unstable; urgency=medium

  * Use -fuse-ld=gold instead of binutils-gold.
  * Drop libv8-dev build-dependency.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 31 Jul 2013 20:22:33 +0000

chromium-browser (28.0.1500.95-1) unstable; urgency=medium

  * New upstream stable release:
    - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik
      Bhargavan.
    - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer.
    - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to
      Cloudfuzzer.
    - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of
      Google Security Team.
    - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan
      Fratric of Google Security Team.
    - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other
      initiatives.

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 30 Jul 2013 20:34:19 +0000

chromium-browser (28.0.1500.71-2) unstable; urgency=medium

  * Disable armhf.
  * Remove outdated patches.
  * Eliminate special handling for old compiler versions.

 -- Michael Gilbert <mgilbert@debian.org>  Mon, 15 Jul 2013 18:40:47 +0000

chromium-browser (28.0.1500.71-1) unstable; urgency=medium

  [ Michael Gilbert ]
  * New upstream stable release:
    - Low CVE-2013-2867: Block pop-unders in various scenarios.
    - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to
      Andrey Labunets.
    - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit
      to Andrey Labunets.
    - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to
      Felix Groebert of Google Security Team.
    - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to
      Collin Payne.
    - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL.
      Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco
      at INRIA Paris.
    - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
    - High CVE-2013-2873: Use-after-free in resource loading. Credit to
      miaubiz.
    - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.
    - Medium CVE-2013-2876: Extensions permissions confusion with
      interstitials.  Credit to Dev Akhawe.
    - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin
      of OUSPG.
    - None: Remove the “viewsource” attribute on iframes. Credit to Collin
      Jackson.
    - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte
      Kettunen of OUSPG.
    - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other
      initiatives. Credit to Chrome 28 team.
  * Install mksnapshot.

  [ Shawn Landden ]
  * Enable armhf.
  * Build with system libwebp when version >= 0.3.0.

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 12 Jul 2013 15:19:18 +0000

chromium-browser (27.0.1453.110-2) unstable; urgency=low

  [ Michael Gilbert ]
  * Use default gcc.
  * Enable verbose build.
  * Support gcc 4.8 (closes: #701256).
  * Disable pie hardening flag due to ffmpeg linking issue.

  [ Giuseppe Iuculano ]
  * Remove hardening-wrapper and switch to dpkg-buildflags.

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 07 Jul 2013 20:06:05 +0000

chromium-browser (27.0.1453.110-1) unstable; urgency=low

  * New stable release:
    - Medium CVE-2013-2855: Memory corruption in dev tools API.
      Credit to "daniel.zulla".
    - High CVE-2013-2856: Use-after-free in input handling. Credit
      to miaubiz.
    - High CVE-2013-2857: Use-after-free in image handling. Credit
      to miaubiz.
    - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to
      "cdel921".
    - High CVE-2013-2859: Cross-origin namespace pollution. Credit
      to "bobbyholley".
    - High CVE-2013-2860: Use-after-free with workers accessing
      database APIs. Credit to Collin Payne.
    - High CVE-2013-2861: Use-after-free with SVG. Credit to
      miaubiz.
    - High CVE-2013-2862: Memory corruption in Skia GPU handling.
      Credit to Atte Kettunen of OUSPG.
    - Critical CVE-2013-2863: Memory corruption in SSL socket handling.
      Credit to Sebastien Marchand of the Chromium development community.
    - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz
      Jurczyk, with contributions by Gynvael Coldwind, both from Google Security
      Team.
    - High CVE-2013-2865: Various fixes from internal audits, fuzzing and
      other initiatives.

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 05 Jun 2013 17:00:28 +0200

chromium-browser (27.0.1453.93-1) unstable; urgency=low

  * New stable release:
    - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek.
    - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian
      Holler.
    - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR
      InfoSecurity.
    - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of
      MWR InfoSecurity.
    - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit
      to Chamal de Silva.
    - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril
      Cattiaux.
    - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil
      Zhani.
    - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin
      Shinde (@cons0ul).
    - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte
      Kettunen of OUSPG.
    - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de
      Silva.
    - High CVE-2013-2847: Use-after-free race condition with workers. Credit
      to Collin Payne.
    - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit
      to Egor Homakov.
    - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to
      Mario Heiderich.

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 22 May 2013 03:03:49 +0000

chromium-browser (26.0.1410.43-1) unstable; urgency=medium

  * New stable release:
    - High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen
      of OUSPG.
    - Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google
      Chrome Security Team (Cris Neckar).
    - Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit
      to Vsevolod Vlasov of the Chromium development community.
    - Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions.
      Credit to Google Chrome Security Team (Mustafa Emre Acer).
    - Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit
      to Google Chrome Security Team (Mustafa Emre Acer).
    - High CVE-2013-0921: Ensure isolated web sites run in their own processes.
    - Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to
      “t3553r”.
    - Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to
      Google Chrome Security Team (Mustafa Emre Acer).
    - Low CVE-2013-0924: Check an extension’s permissions API usage again file
      permissions. Credit to Benjamin Kalman of the Chromium development
      community.
    - Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs
      permissions. Credit to Michael Vrable of Google.
    - Medium CVE-2013-0926: Avoid pasting active tags in certain situations.
      Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c.
  * Use embedded libvpx for vp9 support, which chromium now requires.
  * Add libspeechd-dev build-dependency.
  * Disable breakpad crash reporting.

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 30 Mar 2013 14:44:33 +0000

chromium-browser (25.0.1364.160-1) unstable; urgency=high

  * New stable security release:
    - High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of
      MWR Labs.

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 08 Mar 2013 03:46:20 +0000

chromium-browser (25.0.1364.152-1) unstable; urgency=high

  * [8761d73] Remove armel and armhf. We cannot support them in wheezy
  * New stable security release:
    - High CVE-2013-0902: Use-after-free in frame loader. Credit to
      Chamal de Silva.
    - High CVE-2013-0903: Use-after-free in browser navigation
      handling. Credit to "chromium.khalil".
    - High CVE-2013-0904: Memory corruption in Web Audio.
      Credit to Atte Kettunen of OUSPG.
    - High CVE-2013-0905: Use-after-free with SVG animations.
      Credit to Atte Kettunen of OUSPG.
    - High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google
      Chrome Security Team (Jüri Aedla).
    - Medium CVE-2013-0907: Race condition in media thread handling. Credit
      to Andrew Scherkus of the Chromium development community.
    - Medium CVE-2013-0908: Incorrect handling of bindings for extension
      processes.
    - Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor
      Homakov.
    - Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more
      strictly. Credit to Google Chrome Security Team (Chris Evans).
    - High CVE-2013-0911: Possible path traversal in database handling.
      Credit to Google Chrome Security Team (Jüri Aedla).

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 05 Mar 2013 11:14:34 +0100

chromium-browser (25.0.1364.97-1) unstable; urgency=low

  * New stable release:
    - High CVE-2013-0879: Memory corruption with web audio
      node. Credit to Atte Kettunen of OUSPG.
    - High CVE-2013-0880: Use-after-free in database handling.
      Credit to Chamal de Silva.
    - Medium CVE-2013-0881: Bad read in Matroska handling. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2013-0882: Bad memory access with excessive SVG
      parameters. Credit to Renata Hodovan.
    - Medium CVE-2013-0883: Bad read in Skia. Credit to Atte
      Kettunen of OUSPG.
    - Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google
      Chrome Security Team (Chris Evans).
    - Medium CVE-2013-0885: Too many API permissions granted to web store.
    - Low CVE-2013-0887: Developer tools process has too many
      permissions and places too much trust in the connected server.
    - Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google
      Chrome Security Team (Inferno).
    - Low CVE-2013-0889: Tighten user gesture check for dangerous file
      downloads.
    - High CVE-2013-0890: Memory safety issues across the IPC
      layer. Credit to Google Chrome Security Team (Chris Evans).
    - High CVE-2013-0891: Integer overflow in blob handling. Credit to
      Google Chrome Security Team (Jüri Aedla).
    - Medium CVE-2013-0892: Lower severity issues across the IPC layer.
      Credit to Google Chrome Security Team (Chris Evans).
    - Medium CVE-2013-0893: Race condition in media handling. Credit to
      Andrew Scherkus of the Chromium development community.
    - High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to
      Google Chrome Security Team (Inferno).
    - High CVE-2013-0895: Incorrect path handling in file
      copying. Credit to Google Chrome Security Team (Jüri Aedla).
    - High CVE-2013-0896: Memory management issues in plug-in message
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - High CVE-2013-0898: Use-after-free in URL handling. Credit to
      Alexander Potapenko of the Chromium development community.
    - Low CVE-2013-0899: Integer overflow in Opus handling. Credit to
      Google Chrome Security Team (Jüri Aedla).
    - Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome
      Security Team (Inferno).
  * [a5f15ae] Added libpci-dev to B-depends
  * [ace2b7a] Refreshed patches
  * [32c84fa] Install remoting_locales
  * [f868804] Do not enable NEON on ARM, thanks Ubuntu.
  * [d1a3e36] Ignore stamp files in missing checks

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 23 Feb 2013 11:45:07 +0100

chromium-browser (24.0.1312.68-1) unstable; urgency=high

  * New stable release:
    - High CVE-2013-0839: Use-after-free in canvas font handling.
      Credit to Atte Kettunen of OUSPG.
    - Medium CVE-2013-0840: Missing URL validation when opening new
      windows.
    - High CVE-2013-0841: Unchecked array index in content blocking. Credit
      to Google Chrome Security Team (Chris Evans).
    - Medium CVE-2013-0842: Problems with NULL characters embedded in
      paths. Credit to Google Chrome Security Team (Jüri Aedla).
    - High CVE-2012-5145: Use-after-free in SVG layout. Credit to
      Atte Kettunen of OUSPG. 
    - High CVE-2012-5146: Same origin policy bypass with malformed
      URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 
    - High CVE-2012-5147: Use-after-free in DOM handling. Credit to
      José A. Vázquez. 
    - Medium CVE-2012-5148: Missing filename sanitization in hyphenation
      support. Credit to Google Chrome Security Team (Justin Schuh). 
    - High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to
      Google Chrome Security Team (Chris Evans). 
    - High CVE-2012-5150: Use-after-free when seeking video. Credit to
      Google Chrome Security Team (Inferno). 
    - High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team. 
    - Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit
      to Google Chrome Security Team (Inferno). 
    - High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to
      Andreas Rossberg of the Chromium development community. 
    - High CVE-2013-0829: Corruption of database metadata leading to
      incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). 
    - Low CVE-2013-0831: Possible path traversal from extension process.
      Credit to Google Chrome Security Team (Tom Sepez). 
    - [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google
      Chrome Security Team (Cris Neckar). 
    - Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to
      Google Chrome Security Team (Cris Neckar). 
    - Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit
      to Google Chrome Security Team (Cris Neckar). 
    - Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur
      Gerkis. 
    - High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google
      Chrome Security Team (Cris Neckar). 
    - Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom
      Nielsen. 
    - Low CVE-2013-0838: Tighten permissions on shared memory
      segments. Credit to Google Chrome Security Team (Chris Palmer). 
    - High CVE-2012-5139: Use-after-free with visibility events.
      Credit to Chamal de Silva.
    - High CVE-2012-5140: Use-after-free in URL loader. Credit to
      Chamal de Silva.
    - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation.
      Credit to Google Chrome Security Team (Jüri Aedla).
    - Critical CVE-2012-5142: Crash in history navigation. Credit to Michal
      Zalewski of Google Security Team.
    - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit
      to Google Chrome Security Team (Cris Neckar).
    - High CVE-2012-5144: Stack corruption in AAC decoding. Credit
      to pawlkt.
    - High CVE-2012-5138: Incorrect file path handling. Credit to Google
      Chrome Security Team (Jüri Aedla).
    - High CVE-2012-5137: Use-after-free in media source handling.
      Credit to Pinkie Pie.
    - High CVE-2012-5133: Use-after-free in SVG filters. Credit to
      miaubiz.
    - Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to
      Atte Kettunen of OUSPG.
    - Low CVE-2012-5132: Browser crash with chunked encoding. Credit to
      Attila Szász.
    - High CVE-2012-5134: Buffer underflow in libxml. Credit to Google
      Chrome Security Team (Jüri Aedla).
    - Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin
      Serna of Google Security Team.
    - Medium CVE-2012-5136: Bad cast in input element handling. Credit to
      Google Chrome Security Team (Inferno).
    - Medium CVE-2012-5127: Integer overflow leading to
      out-of-bounds read in WebP handling. Credit to Phil Turnbull.
    - [Linux 64-bit only] Medium CVE-2012-5120: Out-of-bounds array
      access in v8. Credit to Atte Kettunen of OUSPG.
    - High CVE-2012-5116: Use-after-free in SVG filter handling.
      Credit to miaubiz.
    - High CVE-2012-5121: Use-after-free in video layout. Credit to
      Atte Kettunen of OUSPG.
    - Low CVE-2012-5117: Inappropriate load of SVG subresource in img
      context. Credit to Felix Gröbert of the Google Security Team.
    - Medium CVE-2012-5119: Race condition in Pepper buffer handling.
      Credit to Fermin Serna of the Google Security Team.
    - Medium CVE-2012-5122: Bad cast in input handling. Credit to Google
      Chrome Security Team (Inferno).
    - Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to
      Google Chrome Security Team (Inferno).
    - High CVE-2012-5124: Memory corruption in texture handling. Credit to
      Al Patrick of the Chromium development community.
    - Medium CVE-2012-5125: Use-after-free in extension tab handling.
      Credit to Alexander Potapenko of the Chromium development community.
    - Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling.
      Credit to Google Chrome Security Team (Inferno).
    - High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security
      Team (Cris Neckar).
  * [574d76c] Override the lintian flag:
    embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec
  * [3105012] Updated changelog
  * [ac9c032] Use explicit library dependencies instead of dlopen
  * [1ad217c] Fixed CHANNELS_URL
  * [7c2d359] Drop SCM revision from the version
  * [ca31c0c] Install all chromium libs
  * [167aea7] Use internal copy of libpng. This is necessary because with
    system libpng render process is consuming 100% CPU
    (see http://code.google.com/p/chromium/issues/detail?id=174603)
  * [8742d82] debian/patches/pulse_ftbfs.patch: Fix FTBFS
  * [9e76ec7] Refreshed patches
  * [1c6f4c3] Use Debian api key
  * [cdf5c74] Refreshed patches
  * [ad9480c] Remove useless embedded copy of documentation from source
    containing non DFSG-compliant material:
    - src/native_client/toolchain/linux_x86/info
    - src/native_client/toolchain/linux_x86/man
    - src/native_client/toolchain/linux_x86/share/info
    - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info
    - src/native_client/toolchain/linux_x86_newlib/info
    - src/native_client/toolchain/linux_x86_newlib/man
    - src/native_client/toolchain/linux_x86_newlib/share/info
    (Closes: #695703)
  * [31ea388] Fixed Homepage field.
    Thanks to Dmitry Shachnev (Closes: #686561)
  * [d509e07] Override the lintian flag: embedded-library usr/lib/chromium/chromium: libpng

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 06 Feb 2013 15:34:17 +0100

chromium-browser (22.0.1229.94~r161065-3) unstable; urgency=medium

  * Use system vpx library again (resolves armel build failures).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 28 Oct 2012 00:55:58 -0400

chromium-browser (22.0.1229.94~r161065-2) unstable; urgency=medium

  * [574d76c] Override the lintian flag: embedded-library
     usr/lib/chromium/libffmpegsumo.so: libavcodec

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 23 Oct 2012 17:51:56 +0200

chromium-browser (22.0.1229.94~r161065-1) unstable; urgency=medium

  * New stable release:
    - High CVE-2012-2889: UXSS in frame handling. Credit to
      Sergey Glazunov.
    - High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey
      Glazunov.
    - High CVE-2012-2881: DOM tree corruption with plug-ins. Credit
      to Chamal de Silva.
    - High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
      Credit to Atte Kettunen of OUSPG.
    - High CVE-2012-2883: Out-of-bounds write in Skia. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2012-2887: Use-after-free in onclick handling.
      Credit to Atte Kettunen of OUSPG.
    - High CVE-2012-2888: Use-after-free in SVG text references.
      Credit to miaubiz.
    - High CVE-2012-2894: Crash in graphics context handling.
      Credit to Sławomir Błażek.
    - Medium CVE-2012-2877: Browser crash with extensions and modal
      dialogs. Credit to Nir Moshe.
    - Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.
    - Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to
      Atte Kettunen of OUSPG.
    - High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google
      Chrome Security Team (Inferno).
    - High CVE-2012-2878: Use-after-free in plug-in handling. Credit to
      Fermin Serna of Google Security Team.
    - Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit
      to Google Chrome Security Team (Cris Neckar).
    - High CVE-2012-2882: Wild pointer in OGG container handling. Credit to
      Google Chrome Security Team (Inferno).
    - Medium CVE-2012-2885: Possible double free on exit. Credit to the
      Chromium development community.
    - Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the
      Chromium development community.
    - Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome
      Security Team (Cris Neckar).
    - High CVE-2012-2893: Double free in XSL transforms. Credit to Google
      Chrome Security Team (Cris Neckar).
    - High CVE-2012-2900: Crash in Skia text rendering.
      Credit to Atte Kettunen of OUSPG.
    - Critical CVE-2012-5108: Race condition in audio device
      handling. Credit to Atte Kettunen of OUSPG.
    - Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur
      Gerkis.
    - Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to
      Google Chrome Security Team (Inferno).
    - Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper
      plug-ins. Credit to Google Chrome Security Team (Chris Evans).
    - Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write.
      Credit to Pinkie Pie.
  * [3de18b6] Use zlib internal copy. This is necessary due to the CRIME work
     around. We can use the system zlib when chrome will remove
     SPDY 2/3 support.
  * [3b9811a] Updated patches
  * [152902d] Install libvpx_obj_int_extract

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 01 Oct 2012 15:22:27 +0200

chromium-browser (21.0.1180.89~r154005-1) unstable; urgency=high

  * New stable security release:
    - Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz.
    - High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz.
    - Low CVE-2012-2867: Browser crash with SPDY.
    - Medium CVE-2012-2868: Race condition with workers and XHR.
      Credit to miaubiz.
    - High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to
      Fermin Serna of the Google Security Team.
    - Low CVE-2012-2870: Lower severity memory management issues
      in XPath. Credit to Nicolas Gregoire.
    - High CVE-2012-2871: Bad cast in XSL transforms. Credit to
      Nicolas Gregoire.
    - Medium CVE-2012-2872: XSS in SSL interstitial. Credit to
      Emmanuel Bronshtein.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 31 Aug 2012 11:24:58 +0200

chromium-browser (21.0.1180.75~r150248-1) unstable; urgency=medium

  [ Shawn Landden ]
  * [b7c6ba3] update changelog to record changes in last upload
  * [3c6a149] master_prefs: don't go straight to internet, don't prompt to change default browser
  * [e441276] initial_bookmarks.html: add Debian support page
  * [2bb621a] compress source tarball as xz (Closes: #676774)

  [ Giuseppe Iuculano ]
  * New stable minor release fixing the following issues:
    - REGRESSION: Rendering difference in Chrome 21 and 22 that affected on
      Persian Wikipedia
    - Some known crashes
    - Audio objects are not "switched" immediately
    - Print and Print Preview ignore paper size default in printer config
    - Candidate windows is shown in wrong place in Retina display
    - more of the choppy and distorted audio issues 
    - Japanese characters showing in Chinese font 
    - Sync invalidation notification broken after restart

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 10 Aug 2012 17:31:57 +0200

chromium-browser (21.0.1180.57~r148591-1) unstable; urgency=medium

  [ Giuseppe Iuculano ]
  * [fd04758] Install demo extension
  * New upstream stable release:
    - Medium CVE-2012-2846: Cross-process interference in
      renderers. Credit to Google Chrome Security Team (Julien Tinnes).
    - Low CVE-2012-2847: Missing re-prompt to user upon excessive
      downloads. Credit to Matt Austin of Aspect Security.
    - Medium CVE-2012-2848: Overly broad file access granted after
      drag+drop. Credit to Matt Austin of Aspect Security.
    - Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte
      Kettunen of OUSPG.
    - Medium CVE-2012-2853: webRequest can interfere with the Chrome Web
      Store. Credit to Trev of Adblock.
    - Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit
      to Nasko Oskov of the Chromium development community.
    - High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz
      Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of
      Google Security Team.
    - High CVE-2012-2857: Use-after-free in CSS DOM. Credit to
    - Arthur Gerkis.
    - High CVE-2012-2858: Buffer overflow in WebP decoder. Credit
      to Jüri Aedla.
    - Critical CVE-2012-2859: Crash in tab handling. Credit to
      Jeff Roberts of Google Security Team.
    - Medium CVE-2012-2860: Out-of-bounds access when clicking in date
      picker. Credit to Chamal de Silva.
  [ Shawn Landden ]
   * [0d2e43a9] Switch to xz/lzma2 compression for debs. (from lzma)
   * [e3e9a801] replace incorrect prefs.patch with patch from OpenSUSE
   * [faed2b9e] /etc/chromium/master_preferences: don't bug user for
       Google account.

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 07 Aug 2012 10:55:17 +0200

chromium-browser (20.0.1132.57~r145807-1) unstable; urgency=medium

  [ Michael Gilbert ]
  * New ustream stable security release:
    - [129898] High CVE-2012-2842: Use-after-free in counter handling.  Credit
      to miaubiz.
    - [130595] High CVE-2012-2843: Use-after-free in layout height tracking.
      Credit to miaubiz.
    - [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF.
      Credit to Alexey Samsonov of Google.

  [ Shawn Landden ]
  * Revert "Do not use binutils-gold in armel and armhf".
  * Update vpx patch to use system headers (Closes: #674728).
  * Fixup skia fixup for <armv6.

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 13 Jul 2012 15:31:11 -0400

chromium-browser (20.0.1132.43~r143823-1) unstable; urgency=high

  * New stable release
   - Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie
     Bursztein of Google.
   - High CVE-2012-2817: Use-after-free in table section handling.
     Credit to miaubiz.
   - High CVE-2012-2818: Use-after-free in counter layout. Credit
     to miaubiz.
   - High CVE-2012-2819: Crash in texture handling. Credit to Ken "gets"
     Russell of the Chromium development community.
   - Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling.
     Credit to Atte Kettunen of OUSPG.
   - Medium CVE-2012-2821: Autofill display problem. Credit to
     "simonbrown60"
   - High CVE-2012-2823: Use-after-free in SVG resource handling.
     Credit to miaubiz.
   - High CVE-2012-2824: Use-after-free in SVG painting. Credit to
     miaubiz.
   - Medium CVE-2012-2826: Out-of-bounds read in texture conversion.
     Credit to Google Chrome Security Team (Inferno).
   - High CVE-2012-2829: Use-after-free in first-letter handling.
     Credit to miaubiz.
   - High CVE-2012-2830: Wild pointer in array value setting.
     Credit to miaubiz.
   - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
     Credit to miaubiz.
   - High CVE-2012-2834: Integer overflow in Matroska container.
     Credit to Jüri Aedla.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 30 Jun 2012 14:33:40 +0200

chromium-browser (20.0.1132.41~r143299-1) unstable; urgency=medium

  * [98cf55e] Do not use binutils-gold in armel and armhf
  * New beta release

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 22 Jun 2012 16:41:48 +0200

chromium-browser (20.0.1132.34~r141824-1) unstable; urgency=low

  * [29f002e] Add -DUSE_EABI_HARDFLOAT in gyp defines for armhf
  * [3a003ca] Added some armel and armhf patches.
    Thanks to Shawn
  * [2f15044] Search te correct icon when minimised.
    Thanks to Jonathan Nieder (Closes: #651455)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 20 Jun 2012 19:05:50 +0200

chromium-browser (20.0.1132.27~r140692-2) unstable; urgency=low

  * [c0e9499] Improved sqlite patch.
    Thanks to Andrew Chant (Closes: #676636)
  * [62d276b] Backported: Use 32-byte alignment in AudioArray if using
    WEBAUDIO_FFMPEG https://bugs.webkit.org/show_bug.cgi?id=87430
  * [1183b6a] Added -DUSE_EABI_HARDFLOAT for armhf

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 13 Jun 2012 13:21:26 +0200

chromium-browser (20.0.1132.27~r140692-1) unstable; urgency=low

  * New beta release.
  * [e2adf90] Applied sqlite patch and fixed omnibox crash (Closes: #676636)
  * [69cc508] Define arm_float_abi=soft for armel and arm_float_abi=hard
    for armhf

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 11 Jun 2012 17:54:51 +0200

chromium-browser (20.0.1132.21~r139451-3) unstable; urgency=low

  * Upload to unstable.

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 06 Jun 2012 10:29:58 +0200

chromium-browser (20.0.1132.21~r139451-2) experimental; urgency=low

  * [1de8e21] Build depends on binutils-gold also in armel and armhf
  * [5890c9b] Do not use third_party/gold as the linker. (Closes: #675563)
  * [e883861] Strip third_party/gold from upstream tarball.
    Thanks to Andrew Chant
  * [c9ac368] Use gcc 4.7
  * [7f1ad3e] link against libgnome-keyring instead of using dlopen()
  * [57f6712] Added gcc 4.7 patch
  * [2be55e4] Use GConf and GIO

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 03 Jun 2012 17:01:46 +0200

chromium-browser (20.0.1132.21~r139451-1) experimental; urgency=low

  [ Jonathan Nieder ]
  * [70fc5ec] Refresh patches and add descriptions

  [ Giuseppe Iuculano ]
  * [8cb8e89] Use gcc 4.6 for the moment (Closes: #671994)

  [ Jonathan Nieder ]
  * [cd6baae] Build-Depends: g++-4.6
  * [09908a2] Remove workaround for bug #651912, which seems to have been fixed
    in libnspr (Closes: #661948)
  * [58d631d] Remove hardcoded versioned dependency on libnss3-1d
  * [c9e2e81] Require nspr4 >= 2:4.9-2 (Closes: #651912)

  [ Giuseppe Iuculano ]
  * [150b326] Added libssl-dev in B-depends
  * [88ff66a] Refreshed patches
  * [7e7de0c] Disable tcmalloc, use internal copy of ffmpeg and libv8
  * [ca0f508] Updated patches
  * [1343b0c] Fixed floating point exception  in protobuf internal copy.
    Thanks to Andrew Chant
  * [2b62b38] Disable protobuf patch
  * [cae4c9c] updated vpx patch
  * [7233f03] Start to fix build issues with gcc 4.7
  * [b4e5b1d] Fix FTBFS when compiling with pulseaudio support
  * [235e171] install all .pak files

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 01 Jun 2012 15:36:07 +0200

chromium-browser (18.0.1025.168~r134367-1) unstable; urgency=low

  * New stable release:
    - High CVE-2011-3078: Use after free in floats handling. Credit to
      Google Chrome Security Team (Marty Barbella) and independent later
      discovery by miaubiz.
    - High CVE-2012-1521: Use after free in xml parser. Credit to Google
      Chrome Security Team (SkyLined) and independent later discovery by
      wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
    - Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
    - Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem
      Pinckaers of Matasano.
    - High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 02 May 2012 09:30:45 +0200

chromium-browser (18.0.1025.151~r130497-1) unstable; urgency=medium

  * new stable release:
    - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
      Credit to miaubiz.
    - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit
      to Sergey Glazunov.
    - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit
      to miaubiz.
    - [117728] High CVE-2011-3069: Use-after-free in line box handling.
      Credit to miaubiz.
    - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
      Google Chrome Security Team (SkyLined).
    - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
      to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
    - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
      window.  Credit to Sergey Glazunov.
    - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
      Credit to Arthur Gerkis.
    - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
      to Sławomir Błażek.
    - [119525] High CVE-2011-3075: Use-after-free applying style command.
      Credit to miaubiz.
    - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
      miaubiz.
    - [120189] Medium CVE-2011-3077: Read-after-free in script bindings.
      Credit to Google Chrome Security Team (Inferno).
  * [85dfed9] build-depend on libglewmx-dev instead of versioned libglewmx1.5-dev
  * medium urgency for security fixes

 -- Michael Gilbert <michael.s.gilbert@gmail.com>  Thu, 05 Apr 2012 16:43:11 -0400

chromium-browser (18.0.1025.142~r129054-1) unstable; urgency=low

  * New stable release:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS
      in EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the
      renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie
      and scarybeasts (Google Chrome Security Team).
    - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
      Atte Kettunen of OUSPG.
    - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to
      Omair.
    - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
      Holler.
  * [19c4b51] include glib.h directly (closes: #666640)
  * [d6e7094] remove .tmp files on clean
  * [fd014ca] fix pulseaudio messageloop comparisons
  * [6984cf7] build-depend on svn (required for upstream depot_tools checkout)
  * [aae52af] refresh patches
  * [102f9b7] depend on libv8 >= 3.8
  * [bbd5511] build-depend on libudev-dev

 -- Michael Gilbert <michael.s.gilbert@gmail.com>  Sun, 01 Apr 2012 20:02:53 -0400

chromium-browser (17.0.963.83~r127885-1) unstable; urgency=high

  * New stable release:
    - CVE-2011-3050: Use-after-free with first-letter handling.
      Credit to miaubiz.
    - CVE-2011-3051: Use-after-free in CSS cross-fade
      handling. Credit to Arthur Gerkis.
    - CVE-2011-3052: Memory corruption in WebGL canvas handling.
      Credit to Ben Vanik of Google.
    - CVE-2011-3053: Use-after-free in block splitting. Credit
      to miaubiz.
    - Low CVE-2011-3054: Apply additional isolations to webui privileges.
      Credit to Sergey Glazunov.
    - CVE-2011-3055: Prompt in the browser native UI for unpacked
      extension installation. Credit to PinkiePie.
    - High CVE-2011-3056: Cross-origin violation with "magic
      iframe". Credit to Sergey Glazunov.
    - Low CVE-2011-3049: Extension web request API can interfere with
      system requests. Credit to Michael Gundlach.
    - CVE-2011-3047: Errant plug-in load and GPU process memory corruption.
      Credit to PinkiePie.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 23 Mar 2012 09:45:08 +0100

chromium-browser (17.0.963.78~r125577-1) unstable; urgency=high

  * New stable release fixed issue found at Google's Pwnium competition:
    - CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey
      Glazunov.

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 08 Mar 2012 23:41:39 +0100

chromium-browser (17.0.963.66~r124982-1) unstable; urgency=high

  [ Jonathan Nieder ]
  * [78437ab] Depend on libpng-dev instead of libpng12-dev at build time
    (Closes: #662287)

  [ Giuseppe Iuculano ]
  * New stable release:
    - High CVE-2011-3031: Use-after-free in v8 element wrapper.
      Credit to Chamal de Silva.
    - High CVE-2011-3032: Use-after-free in SVG value handling.
      Credit to Arthur Gerkis.
    - High CVE-2011-3033: Buffer overflow in the Skia
      drawing library. Credit to Aki Helin of OUSPG.
    - High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - High CVE-2011-3035: Use-after-free in SVG use handling.
      Credit to Arthur Gerkis.
    - High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - High CVE-2011-3039: Use-after-free in quote handling. Credit
      to miaubiz.
    - Medium CVE-2011-3040: Out-of-bounds read in text handling.
      Credit to miaubiz.
    - High CVE-2011-3041: Use-after-free in class attribute
      handling. Credit to miaubiz.
    - High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - High CVE-2011-3043: Use-after-free in flexbox with floats.
      Credit to miaubiz.
    - High CVE-2011-3044: Use-after-free with SVG animation
      elements. Credit to Arthur Gerkis.

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 07 Mar 2012 17:21:51 +0100

chromium-browser (17.0.963.56~r121963-1) unstable; urgency=high

  [ Michael Gilbert ]
  * [5c3bb1e] remove duplicate dependency on libgconf2-dev
  * [a978400] exclude .git directories from upstream tarball
  * [d29d859] add descriptions to patches
  * [52af88b] update debian/copyright field to adhere to latest DEP5 specification
  * [f3b7ba9] update patches for chromium 17
  * [4634823] install content_resources.pak
  * [e7883c9] depend on libv8 >= 3.7
  * [dd4fe7d] use pulseaudio

  [ Giuseppe Iuculano ]
  * [826649a] Fix FTBFS on armel and added armhf.
    Thanks to Riku Voipio (Closes: #632119)
  * [e9ac7ab] Link against system vpx (Closes: #642760)
  * [b88a849] Remove ardcoded dependency on libvpx0 (Closes: #660159)
  * [9dec8df] Updated patches
  * New stable release:
    - Medium CVE-2011-3016: Read-after-free with counter nodes.
      Credit to miaubiz.
    - High CVE-2011-3017: Possible use-after-free in database
      handling. Credit to miaubiz.
    - High CVE-2011-3018: Heap overflow in path rendering. Credit
      to Aki Helin of OUSPG.
    - High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to
      Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk / Gynvael
      Coldwind of the Google Security Team.
    - Medium CVE-2011-3020: Native client validator error. Credit to Nick
      Bray of the Chromium development community.
    - High CVE-2011-3021: Use-after-free in subframe loading.
      Credit to Arthur Gerkis.
    - Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - Medium CVE-2011-3023: Use-after-free with drag and drop.
      Credit to pa_kt.
    - Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit
      to chrometot.
    - Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing.
      Credit to Sławomir Błażek.
    - High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz
    - Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to
      David Grogan of the Chromium development community.
    - Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - High CVE-2011-3959: Buffer overflow in locale handling.
      Credit to Aki Helin of OUSPG.
    - Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - Medium CVE-2011-3962: Out-of-bounds read in path clipping.
      Credit to Aki Helin of OUSPG.
    - Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
      Code Audit Labs of VulnHunt.com.
    - Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
      Błażek.
    - High CVE-2011-3966: Use-after-free in stylesheet error
      handling. Credit to Aki Helin of OUSPG.
    - Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
      Carrillo.
    - High CVE-2011-3968: Use-after-free in CSS handling. Credit to
      Arthur Gerkis.
    - High CVE-2011-3969: Use-after-free in SVG layout. Credit to
      Arthur Gerkis.
    - Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
      Aki Helin of OUSPG.
    - High CVE-2011-3971: Use-after-free with mousemove events.
      Credit to Arthur Gerkis.
    - Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit
      to Google Chrome Security Team (Inferno).


 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 19 Feb 2012 20:29:17 +0100

chromium-browser (16.0.912.77~r118311-1) unstable; urgency=high

  [ Jonathan Nieder ]
  * [b9c1859] fix path in Ubuntu-specific build rules.
    Thanks to Michael Kuhn (Closes: #655521)

  [ Giuseppe Iuculano ]
  * [c6132fa] Fix FTBFS with libav 0.8 (Closes: #654215)
  * New stable release:
    - High CVE-2011-3924: Use-after-free in DOM selections.
      Credit to Arthur Gerkis.
    - Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi
      of team509 reported through ZDI (ZDI-CAN-1415).
    - High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 26 Jan 2012 10:57:28 +0100

chromium-browser (16.0.912.75~r116452-1) unstable; urgency=low

  * New stable version:
    - High CVE-2011-3921: Use-after-free in animation frames.
      Credit to Boris Zbarsky of Mozilla.
    - High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla.
    - High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit
      to Google Chrome Security Team (Cris Neckar).

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 09 Jan 2012 10:30:41 +0100

chromium-browser (16.0.912.63~r113337-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New stable version:
    - Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to
      David Holloway of the Chromium development community.
    - Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit
      to Aki Helin of OUSPG.
    - High CVE-2011-3907: URL bar spoofing with view-source. Credit
      to Luka Treiber of ACROS Security.
    - Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki
      Helin of OUSPG.
    - Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property
      array. Credit to Google Chrome Security Team (scarybeasts) and Chu.
    - Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling.
      Credit to Google Chrome Security Team (Cris Neckar).
    - High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - High CVE-2011-3913: Use-after-free in Range handling. Credit
      to Arthur Gerkis.
    - High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - High CVE-2011-3915: Buffer overflow in PDF font handling.
      Credit to Atte Kettunen of OUSPG.
    - Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to
      Google Chrome Security Team (Marty Barbella).
    - High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google
      Chrome Security Team (Inferno) and miaubiz.
  * [5299644] Update patches for v16

  [ Michael Gilbert ]
  * [ce38c6a] depend on gyp >= r1119
  * [d4236b8] fix upstream channel naming in source readme
  * [3683f5d] refresh nss-workaround.patch and system_v8.patch
  * [4c18347] add myself to uploaders

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 01 Jan 2012 13:45:54 +0100

chromium-browser (15.0.874.121~r109964-1) unstable; urgency=high

  [ Jonathan Nieder ]
  * [f67eee0] chromium-inspector: Recommend chromium (>= 10) to avoid pulling in chromium-bsu
  * [4de64d5] Use /etc/debian_version, not `lsb_release -sr`, to populate BUILD_DIST
  * [7dba3cb] Permit '/' in Debian release names (Closes: #644526)
  * [aa996fe] Unbreak get-orig-source in non-C locales by using "svn log --xml" instead of "svn info"

  [ Giuseppe Iuculano ]
  * [dc3b8be] Revert "Merge 104421 - Fix library paths for preloading NSS on Ubuntu 11.10."
    Thanks to Jonathan Nieder (Closes: #647992)
  * [d729967] Use system v8
  * New stable release:
    - High CVE-2011-3892: Double free in Theora decoder.
      Credit to Aki Helin of OUSPG.
    - Medium CVE-2011-3893: Out of bounds reads in MKV and
      Vorbis media handlers. Credit to Aki Helin of OUSPG.
    - High CVE-2011-3894: Memory corruption regression in VP8 decoding.
      Credit to Andrew Scherkus of the Chromium development community.
    - High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit
      to Aki Helin of OUSPG.
    - High CVE-2011-3896: Buffer overflow in shader variable mapping.
      Credit to Ken “strcpy” Russell of the Chromium development community.
    - High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
      reported through ZDI (ZDI-CAN-1416).
    - Low CVE-2011-3898: Failure to ask for permission to run applets in
      JRE7. Credit to Google Chrome Security Team (Chris Evans).
    - High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian
      Holler.

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 07 Dec 2011 09:12:54 +0100

chromium-browser (15.0.874.106~r107270-1) unstable; urgency=medium

  [ Matteo F. Vescovi ]
  * [fb744c6] debian/control: cosmetic typo corrections (Closes: #644386)

  [ Giuseppe Iuculano ]
  * New stable release:
  - High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi
    Chancel.
  - Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to
    Jordi Chancel.
  - Low CVE-2011-3876: Avoid stripping whitespace at the end of download
    filenames. Credit to Marc Novak.
  - Low CVE-2011-3877: XSS in appcache internals page. Credit to Google
    Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - Medium CVE-2011-3878: Race condition in worker process initialization.
    Credit to miaubiz.
  - Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - Low CVE-2011-3880: Don’t permit  as a HTTP header delimiter. Credit to
    Vladimir Vorontsov, ONsec company.
  - High CVE-2011-3881: Cross-origin policy violations.
    Credit to Sergey Glazunov.
  - High CVE-2011-3882: Use-after-free in media buffer handling. Credit to
    Google Chrome Security Team (Inferno).
  - High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
  - High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian
    Ryner of the Chromium development community.
  - High CVE-2011-3885: Stale style bugs leading to use-after-free.
    Credit to miaubiz.
  - High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
  - Medium CVE-2011-3887: Cookie theft with javascript URIs.
    Credit to Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - High CVE-2011-3890: Use-after-free in video source handling. Credit to
    Ami Fischman of the Chromium development community.
  - High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.
  * [62dfe31] Refreshed patches
  * [ebe38a0] Added scons, libelf-dev, and python-simplejson in Build-Depends
  * [301651c] Use icu and libv8 private copy and disable nacl

  [ Jonathan Nieder ]
  * [59f4ae6] debian/licenses: add Ms-PL license snippet.
    Thanks to Alexander Reichle-Schmehl (Closes: #647528)

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 06 Nov 2011 14:27:45 +0100

chromium-browser (14.0.835.202~r103287-1) unstable; urgency=low

  [ Michael Gilbert ]
  * [0e3387d] Remove unneeded shlibs:Depends
  * [d7d8b22] Support libav's transition to multiarch
  * [3211a33] Use url to writable git repo in vcs-git field
  * [1c83896] Use relative symlinks to ffmpeg libraries

  [ Giuseppe Iuculano ]
  * New stable release:
    - High CVE-2011-2876: Use-after-free in text line box handling.
      Credit to miaubiz.
    - High CVE-2011-2877: Stale font in SVG text handling. Credit to
      miaubiz.
    - High CVE-2011-2878: Inappropriate cross-origin access to the
      window prototype. Credit to Sergey Glazunov.
    - High CVE-2011-2879: Lifetime and threading issues in audio node
      handling. Credit to Google Chrome Security Team (Inferno).
    - High CVE-2011-2880: Use-after-free in the v8
      bindings. Credit to Sergey Glazunov.
    - High CVE-2011-2881: Memory corruption with v8 hidden objects.
      Credit to Sergey Glazunov.
    - Critical CVE-2011-3873: Memory corruption in shader translator. 

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 05 Oct 2011 11:15:53 +0200

chromium-browser (14.0.835.163~r101024-1) unstable; urgency=low

  [ Matteo F. Vescovi ]
  * [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099)

  [ Giuseppe Iuculano ]
  * [ac85d47] Use system ffmpeg and icu
  * [b4fbcd0] debian/gbp.conf: Added conf for git-dch
  * [a4f4ee1] Do not install ffmpeg internal copy
  * New stable release:
    - High CVE-2011-2835: Race condition in the certificate cache.
      Credit to Ryan Sleevi of the Chromium development community.
    - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid
      click-free access to the system Flash. Credit to electronixtar.
    - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
    - Low CVE-2011-2838: Treat MIME type more authoritatively when loading
      plug-ins. Credit to Michal Zalewski of the Google Security Team.
    - High CVE-2011-2839: Crash in v8 script object wrappers.
      Credit to Kostya Serebryany of the Chromium development community.
    - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.
      Credit to kuzzcc.
    - Medium CVE-2011-2843: Out-of-bounds read with media buffers.
      Credit to Kostya Serebryany of the Chromium development community.
    - Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
      Credit to Mario Gomes.
    - High CVE-2011-2846: Use-after-free in unload event handling.
      Credit to Arthur Gerkis.
    - High CVE-2011-2847: Use-after-free in document loader.
      Credit to miaubiz.
    - Medium CVE-2011-2848: URL bar spoof with forward button.
      Credit to Jordi Chancel.
    - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
      Credit to Arthur Gerkis.
    - Medium CVE-2011-3234: Out-of-bounds read in box handling.
      Credit to miaubiz.
    - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
      Credit to miaubiz.
    - Medium CVE-2011-2851: Out-of-bounds read in video handling.
      Credit to Google Chrome Security Team (Inferno).
    - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
    - High CVE-2011-2853: Use-after-free in plug-in handling.
      Credit to Google Chrome Security Team (SkyLined).
    - High CVE-2011-2854: Use-after-free in ruby / table style handing.
      Credit to Sławomir Błażek, and independent later discoveries by miaubiz
      and Google Chrome Security Team (Inferno).
    - High CVE-2011-2855: Stale node in stylesheet handling.
      Credit to Arthur Gerkis.
    - High CVE-2011-2856: Cross-origin bypass in v8.
      Credit to Daniel Divricean.
    - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
    - High CVE-2011-2834: Double free in libxml XPath handling.
      Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
      Academy of Sciences.
    - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages.
      Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
    - High CVE-2011-2860: Use-after-free in table style handling.
      Credit to miaubiz.
    - High CVE-2011-2862: Unintended access to v8 built-in objects.
      Credit to Sergey Glazunov.
    - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters.
      Credit to Google Chrome Security Team (Inferno).
    - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. 
      Credit to Google Chrome Security Team (Inferno).
    - Low CVE-2011-2874: Failure to pin a self-signed cert for a session. 
      Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
    - High CVE-2011-2875: Type confusion in v8 object sealing.
      Credit to Christian Holler.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 17 Sep 2011 21:46:29 +0200

chromium-browser (14.0.835.157~r99685-1) experimental; urgency=low

  * New beta release
  * Fix gbp.conf for experimental branch
  * Refreshed patches
  * Use libv8 system copy
  * Do not remove Makefile files
  * Added libpulse-dev in Build-Depends.
  * re-enable armel build
  * Patch v8_i18n to compile with libv8 system copy, thanks to Jérémy Lal
  * Added a lintian override for the NaCL IRT files

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 07 Sep 2011 13:06:57 +0200

chromium-browser (13.0.782.220~r99552-1) unstable; urgency=high

  [ Giuseppe Iuculano ]
  * Fixed the dummy chromium-browser-l10n dependency (Closes: 639126)
  * New stable release:
    - Revoked trust for SSL certificates issued by DigiNotar-controlled
      intermediate CAs used by the Dutch PKIoverheid program.

  [ Jonathan Nieder ]
  * Add a replace and breaks entry to reflect the compatibility symlinks
    having moved to the chromium-browser package.

  [ Michael Gilbert ]
  * Fix lintian warning.
  * Fix manpage comment characters.
  * Strip the Native Client Integrated RunTime (NaCl IRT) libraries.
  * Objectify an old changelog entry (closes: #606261).

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 06 Sep 2011 08:34:50 +0200

chromium-browser (13.0.782.215~r97094-1) unstable; urgency=low

  [ Michael Gilbert ]
  * Remove all automatically generated files during clean up (this makes
    it possible to build from source twice in a row now).
  * Bump standards version to 3.9.2.
  * Fix an obsolete character encoding in debian/copyright.
  * Fix build failure with cups >= 1.5.0.
  * Don't support lenny's cups anymore.
  * Use system config.guess and config.sub for yasm's autotools files.
  * Add chromium-browser.png symlink so old menu entries keep their icons
    (closes: #622841).
  * Add chromium-browser manpage symlink.
  * Clean up package short descriptions.

  [ Giuseppe Iuculano ]
  * Move the compatibility symlinks to the chromium-browser package
  * Fix the Vcs-Browser control field
  * New stable release:
    - High CVE-2011-2823: Use-after-free in line box handling. Credit to Google
      Chrome Security Team (SkyLined) and independent later discovery
      by miaubiz.
    - High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
    - High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of
      team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later
      discovery by miaubiz.
    - High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang
      Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
    - High CVE-2011-2826: Cross-origin violation with empty origins.
      Credit to Sergey Glazunov.
    - High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
    - High CVE-2011-2828: Out-of-bounds write in v8.
      Credit to Google Chrome Security Team (SkyLined).
    - High CVE-2011-2829: Integer overflow in uniform arrays.
      Credit to Sergey Glazunov.
  * Added autotools-dev in Build-Depends

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 23 Aug 2011 17:31:19 +0200

chromium-browser (13.0.782.107~r94237-1) unstable; urgency=high

  * New stable version
    - Medium CVE-2011-2358: Always confirm an extension install via a browser
      dialog. Credit to Sergey Glazunov.
    - High CVE-2011-2359: Stale pointer due to bad line box tracking in
      rendering. Credit to miaubiz and Martin Barbella.
    - Low CVE-2011-2360: Potential bypass of dangerous file prompt.
      Credit to kuzzcc.
    - Low CVE-2011-2361: Improve designation of strings in the basic auth
      dialog. Credit to kuzzcc.
    - Medium CVE-2011-2782: File permissions error with drag and drop.
      Credit to Evan Martin of the Chromium development community.
    - Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension
      install via a browser dialog. Credit to Sergey Glazunov.
    - Low CVE-2011-2784: Local file path disclosure via GL program log.
      Credit to kuzzcc.
    - Low CVE-2011-2785: Sanitize the homepage URL in extensions.
      Credit to kuzzcc.
    - Low CVE-2011-2786: Make sure the speech input bubble is always on-screen.
      Credit to Olli Pettay of Mozilla.
    - Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue.
      Credit to kuzzcc.
    - Low CVE-2011-2788: Buffer overflow in inspector serialization.
      Credit to Mikołaj Małecki.
    - Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation.
      Credit to Mario Gomes and kuzzcc.
    - High CVE-2011-2790: Use-after-free with floating styles.
      Credit to miaubiz.
    - High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning
      from NCNIPC, Graduate University of Chinese Academy of Sciences.
    - High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
    - High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
    - Medium CVE-2011-2794: Out-of-bounds read in text iteration.
      Credit to miaubiz.
    - Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
    - High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome
      Security Team (Inferno) and Kostya Serebryany of the Chromium
      development community.
    - High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
    - Low CVE-2011-2798: Prevent a couple of internal schemes from being web
      accessible. Credit to sirdarckcat of the Google Security Team.
    - High CVE-2011-2799: Use-after-free in HTML range handling.
      Credit to miaubiz.
    - Medium CVE-2011-2800: Leak of client-side redirect target.
      Credit to Juho Nurminen.
    - High CVE-2011-2802: v8 crash with const lookups.
      Credit to Christian Holler.
    - Medium CVE-2011-2803: Out-of-bounds read in Skia paths.
      Credit to Google Chrome Security Team (Inferno).
    - High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
    - High CVE-2011-2818: Use-after-free in display box rendering.
      Credit to Martin Barbella.
    - High CVE-2011-2805: Cross-origin script injection.
      Credit to Sergey Glazunov.
    - [90222] High CVE-2011-2819: Cross-origin violation in base URI handling.
      Credit to Sergey Glazunov.
  * Re-added binutils-gold in Build-depends
  * Refreshed patches
  * Switch to git
  * Use system vpx, flac, webp, speex libs
  * Build-depens on gyp >= 0.1~svn971
  * Run the gclient hooks when creating the source tarball, as we need files
    from the Native Client's integrated runtime (IRT) library
    (Thanks to Fabien Tassin)
  * Install the NaCL IRT files
  * Added a lintian override for the NaCL IRT files

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 04 Aug 2011 11:02:34 +0200

chromium-browser (12.0.742.112~r90304-1) unstable; urgency=high

  * New stable micro release
  - [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling.
    Credit to Philippe Arteau.
  - [84355] High CVE-2011-2346: Use-after-free in SVG font handling.
    Credit to miaubiz.
  - [85003] High CVE-2011-2347: Memory corruption in CSS parsing.
    Credit to miaubiz.
  - [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser.
    Credit to miaubiz.
  - [85177] High CVE-2011-2348: Bad bounds check in v8.
    Credit to Aki Helin of OUSPG.
  - [85211] High CVE-2011-2351: Use-after-free with SVG use element.
    Credit to miaubiz.
  - [85418] High CVE-2011-2349: Use-after-free in text selection.
    Credit to miaubiz.
  * Do not use the experimental gold linker

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 29 Jun 2011 15:28:33 +0200

chromium-browser (12.0.742.91~r87961-1) unstable; urgency=high

  * New stable major release (Closes: 630548)
    - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues
      in float handling. Credit to miaubiz.
    - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
      Credit to Google Chrome Security Team (SkyLined).
    - [75643] Low CVE-2011-1810: Visit history information leak in CSS.
      Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research
    - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
      Credit to “DimitrisV22”.
    - [77026] Medium CVE-2011-1812: Extensions permission bypass.
      Credit to kuzzcc.
    - [78516] High CVE-2011-1813: Stale pointer in extension framework.
      Credit to Google Chrome Security Team (Inferno).
    - [79362] Medium CVE-2011-1814: Read from uninitialized pointer.
      Credit to Eric Roman of the Chromium development community.
    - [79862] Low CVE-2011-1815: Extension script injection into new tab page.
      Credit to kuzzcc.
    - [80358] Medium CVE-2011-1816: Use-after-free in developer tools.
      Credit to kuzzcc.
    - [81916] Medium CVE-2011-1817: Browser memory corruption in history
      deletion. Credit to Collin Payne.
    - [81949] High CVE-2011-1818: Use-after-free in image loader.
      Credit to miaubiz.
    - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
      Credit to Vladislavas Jarmalis, plus subsequent independent discovery
      by Sergey Glazunov.
    - [83275] High CVE-2011-2332: Same origin bypass in v8.
      Credit to Sergey Glazunov.
    - [83743] High CVE-2011-2342: Same origin bypass in DOM.
      Credit to Sergey Glazunov.
  * Refreshed patches.
  * Use internal libv8 copy
  * Use internal protobuf copy
  * Remove armel from archs, too many toolchain issues and we want chromium in
    testing.
  * Override the embedded-library error, chromium uses a modified sqlite copy.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 17 Jun 2011 11:13:54 +0200

chromium-browser (11.0.696.71~r86024-1) unstable; urgency=low

  * New Stable release:
  - [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva
  - [82546] High CVE-2011-1804: Stale pointer in floats rendering.
    Credit to Martin Barbella.
  - [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer.
    Credit to Google Chrome Security Team (Cris Neckar).
  - [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling.
    Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the
    Chromium development community.

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 25 May 2011 09:16:11 +0200

chromium-browser (11.0.696.68~r84545-3) unstable; urgency=low

  * Use the experimental gold linker

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 23 May 2011 08:57:21 +0200

chromium-browser (11.0.696.68~r84545-2) unstable; urgency=low

  * Fix the libv8 patch
  * Disable javascript i18n api, we will re-enable it when libv8 will compile
    i18n experimental extension, #627066

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 17 May 2011 22:18:11 +0200

chromium-browser (11.0.696.68~r84545-1) unstable; urgency=high

  * New Stable release:
    - [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue.
      Credit to Google Chrome Security Team (SkyLined).
    - [80608] High CVE-2011-1800: Integer overflows in SVG filters.
      Credit to Google Chrome Security Team (Cris Neckar).
  * Added --password-store=detect in chromium flags
  * Updated the svg logo
  * Ship the app icon in all the sizes provided upstream (Thanks Fabien Tassin)
  * Build-dep on gyp >= 0.1~svn917 to try to fix FTBFS on armel
  * Use protobuf system copy, this should fix FTBFS on armel #616662
  * Bump urgency, we want chromium 11 in wheezy
  * Remove *.pyc from src/depot_tools and src/build (Closes: #626894)

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 16 May 2011 22:05:07 +0200

chromium-browser (11.0.696.65~r84435-1) unstable; urgency=low

  * New Stable release:
   - Fixed password loss (Closes: #619903)
   - [61502] High CVE-2011-1303: Stale pointer in floating object handling.
     Credit to Scott Hess of the Chromium development community and
     Martin Barbella.
   - [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins.
     Credit to Chamal De Silva.
   - [70589] Medium CVE-2011-1305: Linked-list race in database handling.
     Credit to Kostya Serebryany of the Chromium development community.
   - [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling.
     Credit to Aki Helin.
   - [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can
     capture local files. Credit to Cole Snodgrass.
   - [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction
     with X. Credit to miaubiz.
   - [73526] High CVE-2011-1437: Integer overflows in float rendering.
     Credit to miaubiz.
   - [74653] High CVE-2011-1438: Same origin policy violation with blobs.
     Credit to kuzzcc.
   - [74763] High CVE-2011-1439: Prevent interference between renderer
     processes. Credit to Julien Tinnes of the Google Security Team.
   - [75186] High CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
     Credit to Jose A. Vazquez.
   - [75347] High CVE-2011-1441: Bad cast with floating select lists.
     Credit to Michael Griffiths.
   - [75801] High CVE-2011-1442: Corrupt node trees with mutation events.
     Credit to Sergey Glazunov and wushi of team 509.
   - [76001] High CVE-2011-1443: Stale pointers in layering code.
     Credit to Martin Barbella.
   - [76542] High CVE-2011-1444: Race condition in sandbox launcher.
     Credit to Dan Rosenberg.
   - [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG.
     Credit to wushi of team509.
   - [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with
     navigation errors and interrupted loads. Credit to kuzzcc.
   - [76966] High CVE-2011-1447: Stale pointer in drop-down list handling.
     Credit to miaubiz.
   - [77130] High CVE-2011-1448: Stale pointer in height calculations.
     Credit to wushi of team509.
   - [77346] High CVE-2011-1449: Use-after-free in WebSockets.
     Credit to Marek Majkowski.
   - [77349] Low CVE-2011-1450: Dangling pointers in file dialogs.
     Credit to kuzzcc.
   - [77463] High CVE-2011-1451: Dangling pointers in DOM id map.
     Credit to Sergey Glazunov.
   - [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual
     reload. Credit to Jordi Chancel.
   - [79199] High CVE-2011-1454: Use-after-free in DOM id handling.
     Credit to Sergey Glazunov.
  * Updated patches
  * Use libv8 system copy
  * Fixed FTBFS (converting to non-pointer type from NULL)
  * Addeed libpam0g-dev in Build-Depends
  * Fixed FTBFS with gcc 4.6 (closes: 624814)
  * Do not use the to use the experimental gold linker, it causes FTBFS
  * Added in install excluded files: genmacro genmodule genperf genstring
    genversion re2c yasm

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 14 May 2011 15:22:23 +0200

chromium-browser (10.0.648.205~r81283-1) unstable; urgency=low

  * New stable release:
  - [75629] Critical CVE-2011-1301: Use-after-free in the GPU process.
    Credit to Google Chrome Security Team (Inferno).
  - [78524] Critical CVE-2011-1302: Heap overflow in the GPU process.
    Credit to Christoph Diehl.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 15 Apr 2011 09:13:45 +0200

chromium-browser (10.0.648.204~r79063-1) unstable; urgency=low

  * New stable release:
   - [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to
     Alex Turpin.
   - [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to
     Sławomir Błażek.
   - [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to
     Sergey Glazunov.
   - [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey
     Glazunov.
   - [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage.
     Credit to Sergey Glazunov.
   - [75170] High CVE-2011-1296: Stale pointer in SVG text handling.
     Credit to Sergey Glazunov.
  * Depends on libvpx0 >= 0.9.6 (Closes: #618621)

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 25 Mar 2011 12:20:13 +0100

chromium-browser (10.0.648.133~r77742-1) unstable; urgency=high

  * New stable release:
    - Fix CVE-2011-1290: Memory corruption in style handling. Credit to
      Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
      through ZDI.
  * chromium-browser: Depend on chromium (>= 10) (Closes: #617760)
  * Added a symlink to old binary name in chromium-browser package
    (Closes: #616623)
  * Document the binary renaming in the NEWS file.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 11 Mar 2011 23:10:31 +0100

chromium-browser (10.0.648.127~r76697-1) unstable; urgency=low

  * New stable version
  * Refreshed patches 

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 09 Mar 2011 23:04:13 +0100

chromium-browser (10.0.648.114~r75702-1) experimental; urgency=low

  * New beta version
  * Refreshed pathces
  * Renamed binary packages, new names: chromium, chromium-l10n,
    chromium-inspector, chromium-dbg
  * Removed SMULBB instructions (Closes: 611725) Thanks to Jérémy Lal
  * Move /etc/chromium-browser/{default,master_preferences} to
    /etc/chromium/{default,master_preferences}
  * Remove mips from archs
  * Use in-source v8
  * Added binutils-gold in build-depends to use the experimental gold linker
  * debian/rules: Force $DEBIAN_NAME to chromium
  * Fixed the webkit version parser. Patch from Ubuntu, thanks to Fabien Tassin
  * Do not install anymore xdg-settings and xdg-mime copy
  * Install libppGoogleNaClPluginChrome.so

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 02 Mar 2011 11:36:53 +0100

chromium-browser (9.0.597.107~r75357-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New Stable version:
    - [54262] High URL bar spoof. Credit to Jordi Chancel.
    - [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
    - [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
    - [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
    - [70078] High Crash with forms controls. Credit to Stefan van Zanden.
    - [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
    - [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle
      deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
    - [71114] High Stale node in table handling. Credit to Martin Barbella.
    - [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
    - [71296] High Stale pointer in SVG animations. Credit to miaubiz.
    - [71386] High Stale nodes in XHTML. Credit to wushi of team509.
    - [71388] High Crash in textarea handling. Credit to wushi of team509.
    - [71595] High Stale pointer in device orientation. Credit to 
      Sergey Glazunov.
    - [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
    - [71855] High Integer overflow in textarea handling. Credit to miaubiz.
    - [71960] Medium Out-of-bounds read in WebGL.
      Credit to Google Chrome Security Team (Inferno).
    - [72214] High Accidental exposure of internal extension functions.
      Credit to Tavis Ormandy of the Google Security Team.
    - [72437] High Use-after-free with blocked plug-ins.
      Credit to Chamal de Silva.
    - [73235] High Stale pointer in layout. Credit to Martin Barbella.

  [ Daniel Echeverry ]
  * Added patch fix-manpage.patch Closes: #607503

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 03 Mar 2011 11:42:01 +0100

chromium-browser (9.0.597.98~r74359-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New stable version:
    - [67234] High Stale pointer in animation event handling. Credit to Rik
      Cabanier.
    - [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
    - [69556] High Stale pointer with anonymous block handling. Credit to
      Martin Barbella.
    - [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill
      Budge of Google.
    - [70456] Medium Possible failure to terminate process on out-of-memory
      condition. Credit to David Warren of CERT/CC.

  [ Daniel Echeverry ]
  * Fixed FTBFS caused by nspr.patch (Closes: #612618)

 -- Daniel Echeverry <epsilon77@gmail.com>  Sun, 20 Feb 2011 13:57:29 -0500

chromium-browser (9.0.597.84~r72991-1) unstable; urgency=low

  * New stable version:
    - [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG
    - [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to
      Google Chrome Security Team (SkyLined) and the Google Security Team
      (Michal Zalewski, David Bloom).
    - [62791] Low Browser crash with extension with missing key. Credit to Brian
      Kirchoff.
    - [65669] Low Handle merging of autofill profiles more gracefully. Credit to
      Google Chrome Security Team (Inferno).
    - [68244] Low Browser crash with bad volume setting. Credit to Matthew
      Heidermann.
    - [69195] Critical Race condition in audio handling. Credit to the gamers of
      Reddit!

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 06 Feb 2011 23:50:23 +0100

chromium-browser (9.0.597.83~r72435-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * New beta version.
  * Added a README.Debian and warn about downgrading (Closes: #605548) 
  * honor DEB_BUILD_OPTIONS=nocheck, thanks to Jonathan Nieder
    (Closes: #589653)
  * Avoid "cannot access" messagges when using ffmpeg internal copy. Thanks to
    Jonathan Nieder. (Closes: #589563)
  * Refreshed patches.
  * Build against libv8
  * Use libicu system headers
  * Use system glew
  * Use system xdg-utils
  * Build-depends on libv8-dev >= 2.5.9
  * Update translations in Desktop file. Thanks to the Ubuntu translation team.
  * Upload to unstable

  [ Fabien Tassin ]
  * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
  * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
    entry of the desktop file
  * Set CHROME_WRAPPER to the real name of the wrapper now that upstream
    use its value
  * Set CHROME_DESKTOP in the wrapper to help the default browser
    checker (LP: #513133)

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 30 Jan 2011 22:14:01 +0100

chromium-browser (9.0.597.45~r70550-1) experimental; urgency=low

  * New beta version

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 17 Jan 2011 09:55:51 +0100

chromium-browser (9.0.597.19~r68937-1) experimental; urgency=low

  * New beta version
  * Refreshed patches

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 29 Dec 2010 09:17:12 +0100

chromium-browser (9.0.587.0~r66374-1) experimental; urgency=low

  * New dev version

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 20 Nov 2010 18:33:03 +0100

chromium-browser (9.0.576.0~r65344-1) experimental; urgency=low

  * New dev version
  * Refreshed patches
  * Added libxtst-dev in build-depends
  * Use v8, libvpx and glew system copy for the moment.
  * Disable tests
  * Do not install /usr/lib/chromium-browser/libosmesa.so (Closes: #599511)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 17 Nov 2010 22:26:37 +0100

chromium-browser (7.0.544.0~r61416-1) UNRELEASED; urgency=low

  * New dev version
  * Remove system-icu.patch, applied upstream
  * Remove icu44.patch, applied upstream
  * Refreshed patches
  * Enable compile-time dependency on gnome-keyring
  * Use system speex
  * Build depends on libv8-dev >= 2.4.7
  * Remove disable_dlog_and_dcheck_in_release_builds.patch
  * Install libosmesa.so ssl_false_start_blacklist_process and xdg-mime

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 06 Oct 2010 14:55:53 +0200

chromium-browser (6.0.472.63~r59945-5.1) unstable; urgency=low

  [ Daniel Echeverry ]
  * Updated copyright file to DEP5. Closes: #580784

 -- Daniel Echeverry <epsilon77@gmail.com>  Mon, 17 Jan 2011 22:36:28 -0500

chromium-browser (6.0.472.63~r59945-5) unstable; urgency=high

  * Backported security patches from stable:
    - High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
    - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. 
    - High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - High Stale pointer with SVG use element. Credited anonymously; plus
      indepdent discovery by miaubiz.
    - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. 
    - High Bad cast in anchor handling. Credit to Sergey Glazunov. 
    - High Bad cast in video handling. Credit to Sergey Glazunov. 
    - High Stale rendering node after DOM node removal. Credit to Martin
      Barbella; plus independent discovery by Google Chrome Security Team
      (SkyLined). 

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 15 Jan 2011 12:04:52 +0100

chromium-browser (6.0.472.63~r59945-4) unstable; urgency=high

  * Backported security patches from stable:
    - [64-bit Linux only] High Bad validation for message deserialization on
      64-bit builds. Credit to Lei Zhang of the Chromium development community.
    - Low Browser crash with NULL pointer in web worker handling. Credit to 
      Nathan Weizenbaum of Google.
    - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
    - High Stale pointers in cursor handling. Credit to Sławomir Błażek and
      Sergey Glazunov.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 18 Dec 2010 17:39:19 +0100

chromium-browser (6.0.472.63~r59945-3) unstable; urgency=high

  * Backported security patches from stable:
    - Medium Cross-origin video theft with <canvas>. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - High Use after free in history handling. Credit to Stefan Troger.
    - Medium Make sure the “dangerous file types” list is uptodate with the
      Windows platforms. Credit to Billy Rios of the Google Security Team.
    - High Crash due to bad indexing with malformed video. Credit to miaubiz. 
    - High Use after free with SVG animations. Credit to Sławomir Błażek.
    - Medium Use after free in mouse dragging event handling. Credit to kuzzcc.

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 07 Dec 2010 12:53:25 +0100

chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high

  * Added the missing changelog credit for the 5.0.375.29~r46008-1 revision.
    This corrects a bad debian/changelog merge.
  * Backported security patches from stable:
    - High Use-after-free in text editing. Credit to David Bloom of the Google
      Security Team, Google Chrome Security Team (Inferno) and Google Chrome
      Security Team (Cris Neckar).
    - High Memory corruption with enormous text area. Credit to wushi of
      team509.
    - High Bad cast with the SVG use element. Credit to the kuzzcc.
    - High Use-after-free in text control selections. Credit to "vkouchna".
    - High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
    - High Bad use of destroyed frame object. Credit to various developers,
      including "gundlach".
    - High Type confusions with event objects. Credit to "fam.lam" and Google
      Chrome Security Team (Inferno).
    - High Out-of-bounds array access in SVG handling. Credit to wushi of
      team509.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 05 Nov 2010 09:19:33 +0100

chromium-browser (6.0.472.63~r59945-1) unstable; urgency=high

  * New stable microrelease.
  * Allow to choose whether links are opened in a new link or new tab.
    (Closes: #581391) Thanks to Sam Morris
  * Backported security patches:
    - Medium Possible autofill / autocomplete profile spamming. Credit to
      Google Chrome Security Team (Inferno).
    - High Crash with forms. Credit to the Chromium development community.
    - Critical Browser crash with form autofill. Credit to the Chromium
      development community.
    - High Possible URL spoofing on page unload. Credit to kuzzcc; plus
      independent discovery by Jordi Chancel.
    - High Possible memory corruption with animated GIF. Credit to Simon Schaak.
    - High Failure to sandbox worker processes on Linux. Credit to Google
      Chrome Security Team (Chris Evans).
    - High Stale elements in an element map. Credit to Michal Zalewski of the
      Google Security Team.

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 19 Oct 2010 12:59:21 +0200

chromium-browser (6.0.472.62~r59676-1) unstable; urgency=low

  * New stable security microrelease:
    - [55114] High Bad cast with malformed SVG. Credit to wushi of team 509.
    - [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron
      Ten-Hove of Google.
    - [55350] High Cross-origin property pollution. Credit to Stefano Di Paola
      of MindedSecurity.
  * Add translations for the "Name" field in the desktop file, and fix
    some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
  * Build with PIE (Position Independent Executable) 

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 18 Sep 2010 16:48:44 +0200

chromium-browser (6.0.472.59~r59126-1) unstable; urgency=low

  * New stable security microrelease:
    - [50250] High Use-after-free when using document APIs during parse. Credit
      to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and
      wushi of team 509 (independent discoveries).
    - [50712] High Use-after-free in SVG styles. Credit to kuzzcc.
    - [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc.
    - [51709] Low Possible browser assert in cursor handling. Credit to
      "magnusmorton".
    - [51919] High Race condition in console handling. Credit to kuzzcc.
    - [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
    - [53394] High Memory corruption in Geolocation. Credit to kuzzcc.
    - [53930] High Memory corruption in Khmer handling. Credit to Google Chrome
      Security Team (Chris Evans).
    - [54006] Low Failure to prompt for extension history access. Credit to
      "adriennefelt".

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 15 Sep 2010 16:00:10 +0200

chromium-browser (6.0.472.53~r57914-3) unstable; urgency=low

  * Upload to unstable, this release fixes the following security issue:
    - [34414] Low Pop-up blocker bypass with blank frame target. Credit to
      Google Chrome Security Team (Inferno) and “ironfist99”.
    - [37201] Medium URL bar visual spoofing with homographic sequences. Credit
      to Chris Weber of Casaba Security.
    - [41654] Medium Apply more restrictions on setting clipboard content.
      Credit to Brook Novak.
    - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of
      the Google Security Team.
    - [45876] Medium Possible installed extension enumeration. Credit to
      Lostmon.
    - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google
      Chrome Security Team (SkyLined), Google Chrome Security Team
      (Justin Schuh) and Keith Campbell.
    - [50386] High Use-after-free in Notifications presenter. Credit to Sergey
      Glazunov.
    - [50839] High Notification permissions memory corruption. Credit to Michal
      Zalewski of the Google Security Team and Google Chrome Security Team
      (SkyLined).
    - [51630] [51739] High Integer errors in WebSockets. Credit to
      Keith Campbell and Google Chrome Security Team (Cris Neckar).
    - [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
    - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google
      Chrome Security Team (Inferno).
    - [52443] High Stale pointer in focus handling. Credit to VUPEN
      Vulnerability Research Team (VUPEN-SR-2010-249).
    - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh
      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
    - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
   * Provide gnome-www-browser (Closes: #594057)
   * use startup-notification correctly (Closes: #581347)
   * the main scrollbar doesn'have anymore low contrast (Closes: #582648)
   * check DISPLAY envvar (Closes: #587398)
   * Doesn't segfault with cups (Closes: #593748)

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 07 Sep 2010 18:49:45 +0200

chromium-browser (6.0.472.53~r57914-2) experimental; urgency=low

  * Do not install libppapi_tests.so and DumpRenderTree_resources/
  * Add libppapi_tests.so to INSTALL_EXCLUDE_FILES and
    DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 04 Sep 2010 08:28:27 +0200

chromium-browser (6.0.472.53~r57914-1) experimental; urgency=low

  * New upstream release
  * Merge the unstable branch
  * Backport arm ffmpeg fix from unstable (v5)
  * chromium-browser-inspector: added a conflict with
    chromium-browser (<< ${source:Version}) (Closes: #594909)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 01 Sep 2010 15:39:16 +0200

chromium-browser (6.0.472.36~r55963-1) experimental; urgency=low

  * New beta release
  * Refreshed patches
  * Build and use the custom ffmpeg copy
  * Build and use the custom protobuf copy.

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 19 Aug 2010 09:53:03 +0200

chromium-browser (6.0.466.0~r52279-1) experimental; urgency=low

  * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164)
  * New dev upstream for experimental suite
  * Refreshed patches.
  * Install new resource.pak
  * Added libcups2-dev, libgnome-keyring-dev, libgconf2-dev in BUild-depends
  * set disable_sse2=1
  * Switch back to ffmpeg system libs
  * Install DumpRenderTree_resources
  * Define GOOGLE_PROTOBUF_NO_RTTI to fix FTBFS when compiling against system
    protobuf

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 21 Jul 2010 14:40:57 +0200

chromium-browser (5.0.375.127~r55887-2) UNRELEASED; urgency=low

  * Provide gnome-www-browser (Closes: #594057)
  * Use hardening-wrapper

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 29 Aug 2010 12:20:18 +0200

chromium-browser (5.0.375.127~r55887-1) unstable; urgency=high

  * New stable security microrelease.
    - Critical. Memory corruption with file dialog. Credit to Sergey Glazunov.
    - High. Memory corruption with SVGs. Credit to wushi of team509.
    - High. Bad cast with text editing. Credit to wushi of team509.
    - High. Possible address bar spoofing with history bug. Credit to Mike
      Taylor.
    - High. Memory corruption in MIME type handling. Credit to Sergey Glazunov.
    - Critical. Crash on shutdown due to notifications bug. Credit to Sergey
      Glazunov.
    - Medium. Stop omnibox autosuggest if the user might be about to type a
      password. Credit to Robert Hansen.
    - High. Memory corruption with Ruby support. Credit to kuzzcc.
    - High. Memory corruption with Geolocation support. Credit to kuzzcc.
  * Remove gecko-mediaplayer from blacklist (Closes: #590145)

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 20 Aug 2010 11:09:16 +0200

chromium-browser (5.0.375.125~r53311-1) unstable; urgency=medium

  * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164)
  * New stable micro release:
    - Medium Memory contents disclosure in layout code. Credit to Michail
      Nikolaev.
    - High Issue with large canvases. Credit to sp3x of SecurityReason.com.
    - High Memory corruption in rendering code. Credit to Jose A. Vazquez.
    - High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG.
    - Low Avoid hostname truncation and incorrect eliding. Credit to Google
      Chrome Security Team (Inferno).

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 27 Jul 2010 12:44:58 +0200

chromium-browser (5.0.375.99~r51029-4) unstable; urgency=low

  * Fix FTBFS with icu 4.4 (Closes: #589414)
  * Do not use armv4 incompatible code
  * Remove src/out and "*.pyc" files in clean target. (Closes: #589160)
    Thanks to Timo Juhani Lindfors.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 17 Jul 2010 17:22:47 +0200

chromium-browser (5.0.375.99~r51029-3) unstable; urgency=low

  * [armel] Disabled thumb to fix FTBFS in armel
  * Bump to Standards-Version 3.9.0, no changes needed
  * Backport support for the Ambiance/Radiance and Dust themes button ordering
    by reading the gconf pref

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 08 Jul 2010 13:34:15 +0200

chromium-browser (5.0.375.99~r51029-2) unstable; urgency=low

  * Backport patch for CVE-2010-1760
  * [armel] set arm_neon=0
  * [armel] Remove all V5TE, VFP code from ffmpeg

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 06 Jul 2010 16:14:12 +0200

chromium-browser (5.0.375.99~r51029-1) unstable; urgency=low

  * DEB_HOST_ARCH_CPU in armel is arm, updating debian/rules
  * New stable version, this release fixes the following security
    issues:
    - [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome
      Security Team (SkyLined). 
    - [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to
      sirdarckcat of Google Security Team.
    - [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of
      OUSPG; wushi of team509.
    - [44424] High Memory corruption in bidi algorithm. Credit to wushi of
      team509.
    - [45164] Low Crash with invalid image. Credit to javg0x83.
    - [45983] High Memory corruption with invalid PNG (libpng bug). Credit to
      Aki Helin of OUSPG.
    - [46360] High Memory corruption in CSS style rendering. Credit to wushi of
      team509.
    - [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
    - [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.
  * Remove armv6 and armv7 support from ffmpeg internal copy
  * Set arm_thumb=0 to avoid FTBFS in armel. Thanks to Peter De Schrijver,
    Timo Lindfors and Reinhard Tartler

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 03 Jul 2010 13:23:26 +0200

chromium-browser (5.0.375.86~r49890-4) unstable; urgency=low

  * Use the full path in chromium-browser.desktop Exec field (Closes: #580582)
  * Remove the 3d patch, non-3d videos are messed up (Closes: 587389)
  * Build depends on libicu-dev (>= 4.2.1) and libevent-dev (>= 1.4.13) to
    avoid bad backports

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 28 Jun 2010 15:10:05 +0200

chromium-browser (5.0.375.86~r49890-3) unstable; urgency=low

  * Set ffmpeg_branding=Chrome to enable the h264 decoder (Closes: #587293)
  * Backport VP8/WebM code and use system copy of libvpx
  * Add xulrunner lib path to LD_LIBRARY_PATH (Closes: #574679)
  * Removed license info for src/native_client/src/third_party/valgrind/bin/
  * Fixed 3d visualization on youtube video with html5 and Webm

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 27 Jun 2010 13:01:44 +0200

chromium-browser (5.0.375.86~r49890-2) unstable; urgency=low

  * Partially revert info in about:version, it has significant impact in
    first-run performance
  * Build and use the custom ffmpeg copy, when ffmpeg 0.6 will be uploaded in
    unstable chromium will use the system copy of ffmpeg. (Closes: #581507) 
  * Install libffmpegsumo
  * Add a replace and conflict entry for chromium-codecs-ffmpeg and
    chromium-codecs-ffmpeg-extra. This is necessary for people who used or
    are using the unofficial PPA build.
  * Update language list in chromium-browser-l10n description

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 26 Jun 2010 09:47:17 +0200

chromium-browser (5.0.375.86~r49890-1) unstable; urgency=low

  [ Jonathan Nieder ]
  * Use dpkg-architecture directly instead of relying on
    dpkg-buildpackage to set DEB_*_ARCH variables.  Use
    DEB_HOST_ARCH_CPU instead of DEB_BUILD_ARCH to detect target CPU.
    (Closes: #585801)

  [ Giuseppe Iuculano ]
  * New stable version, this release fixes the following security
    issues:
    - [38105] Medium XSS via application/json response (regression). Credit to
       Ben Davis for original discovery and Emanuele Gentili for regression
       discovery.
    - [43322] Medium Memory error in video handling. Credit to Mark Dowd under
       contract to Google Chrome Security Team.
    - [43967] High Subresource displayed in omnibox loading. Credit to Michal
       Zalewski of Google Security Team.
    - [45267] High Memory error in video handling. Credit to Google Chrome
      Security Team (Cris Neckar).
    - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
      Marcos of SECFORCE. 
    - Drop the XLIB_SKIP_ARGB_VISUALS workaround as it creates regressions.
      See http://crbug.com/46439 
  * Use /usr/bin/chromium-browser in chromium-browser.xml (Closes: #580582)

  [ Fabien Tassin ]
  * Show in about:version when chromium is running on a different
    distribution that it has been built on
    - udpate debian/rules
    - rename and update debian/chromium-browser.sh =>
      debian/chromium-browser.sh.in

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 25 Jun 2010 10:15:35 +0200

chromium-browser (5.0.375.70~r48679-2) unstable; urgency=low

  [ Fabien Tassin ]
  * Accept 'stable' as value for $(CHANNEL)
    - update debian/rules

  [ Giuseppe Iuculano ]
  * Use the full path in chromium-browser.xml, now Gnome's Preferred
    Applications doesn't get confused. (Closes: #580582)
  * debian/patches/protobuf.patch: Use system copy of libprotobuf
  * Added protobuf-compiler and libprotobuf-dev in Build-Depends
  * debian/patches/glew.patch: Use system copy of libglewmx (version with
    support for thread-safe usage of multiple rendering contexts)
  * Added libglewmx1.5-dev in Build-Depends
  * Removed Fabien and Alexander from Uploaders.
  * Updated VCS control fields
  * Fix an infinite recursion crash when trying to wrap media elements without
    a media player. (Closes: #582709)

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 13 Jun 2010 22:23:59 +0200

chromium-browser (5.0.375.70~r48679-1) unstable; urgency=low

  [ Fabien Tassin ]
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  
  [ Giuseppe Iuculano ]
  * New upstream stable release, this release fixes the following security
    issues:
    - [15766] Medium Cross-origin keystroke redirection.
    - [39985] High Cross-origin bypass in DOM methods.
    - [42723] High Memory error in table layout.
    - [43304] High Linux sandbox escape.
    - [43307] High Bitmap stale pointer.
    - [43315] High Memory corruption in DOM node normalization.
    - [43487] High Memory corruption in text transforms.
    - [43902] Medium XSS in innerHTML property of textarea.
    - [44740] High Memory corruption in font handling.
    - [44868] High Geolocation events fire after document deletion.
    - [44955] High Memory corruption in rendering of list markers.


 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 09 Jun 2010 12:08:42 +0200

chromium-browser (5.0.375.55~r47796-1) unstable; urgency=low

  * New beta release.
    - This release contains some minor crash and stability fixes.
  * Switch to dpkg-source 3.0 (quilt) format.
  * Don't use a tar.lzma-in-a-tar.gz
    - Now debian/rules binary works (Closes: #580535)
  * Refreshed patches and removed zoom_incognito.patch (applied upstream)
  * Removed quilt from Build-Depends
  * Build-depends on libv8-dev >= 2.2.7 and fix build-depends-on-1-revision
    lintian warning

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 23 May 2010 23:22:16 +0200

chromium-browser (5.0.375.38~r46659-2) unstable; urgency=low

  [ Fabien Tassin ]
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
  
  [ Giuseppe Iuculano ]
  * chromium-browser-inspector: demoted chromium-browser to Recommend and
    avoid circular dependency (Closes: #581743)
  * Tell Chromium to look in /etc/chromium-browser for the master_preferences
    file
   - update debian/patches/series
   - add debian/patches/prefs.patch
  * Ship a custom first-run preferences file
    - update debian/chromium-browser.install
    - add debian/master_preferences
  * Removed g++-4.3 | g++-4.2 from Build-Depends
    - update debian/control
  * Removed the icon field from the menu file
    - update debian/chromium-browser.menu
  * Removed libc6-dev-i386 [amd64] and g++-multilib [amd64] from Build-Depends
    - update debian/control
  * Install a presubj bug file
    - update debian/chromium-browser.install 
    - add debian/presubj
  * Forget zoom levels set/changed in incognito mode
    - add debian/patches/zoom_incognito.patch
    - update debian/patches/series

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 18 May 2010 23:52:40 +0200

chromium-browser (5.0.375.38~r46659-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * Use system copy of libv8
   - update debian/control
   - update debian/patches/series
   - update debian/patches/system_v8.patch
   - update debian/rules
  * Build-depends on libv8-dev >= 2.2.7
    See http://code.google.com/p/v8/issues/detail?id=506
   - update debian/control
  * Recognize iceweasel in about:memory
    - update debian/patches/series
    - add debian/patches/memory_iceweasel.patch
  * Set arch to i386 amd64 armel mips
  * New beta release
    - In addition to crash and stability fixes, this release also includes
      a localization refresh
  * Upload in unstable

  [ Andres Mejia ]
  * Be able to use system ffmpeg-0.5.1. (Closes: #580947)

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 13 May 2010 11:31:32 +0200

chromium-browser (5.0.375.29~r46008-3) experimental; urgency=low

  * Include system copy of prtime.h
   - add debian/patches/nspr.patch
   - update debian/patches/series
  * Use system libicu
    - add debian/patches/system-icu.patch
  * webkit needs to call nss to pull in nspr headers
    - add debian/patches/nss.patch
    - update debian/patches/series
  * Ops, libavutil50 is not yet in Debian, removed from depends
   (Closes: #580769)
    - update debian/control
  * Include system copy of expat.h
    - update debian/patches/series
    - add debian/patches/expat.patch

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 09 May 2010 11:34:10 +0200

chromium-browser (5.0.375.29~r46008-2) experimental; urgency=low

  * Do not pre-depend on lzma. Thanks to Sven Joachim. (Closes: #580485)
    - update debian/control
  * Do not force -j$(PROCESSORS), use DEB_BUILD_OPTIONS's parallel=n option
    instead so the person doing the build can decide how many processes to run
    in parallel. (Closes: #580490)
    - update debian/rules
  * Reintroduce add_enable_sse2_flag.patch (Closes: #580608)
    - update debian/rules
    - update debian/patches/add_enable_sse2_flag.patch
    - update debian/patches/series
  * Added a Debian menu file (Closes: #580591)
    - add debian/chromium-browser.menu 
  * Use system yasm
    - update debian/rules
    - update debian/control
  * Removed DEB_MAKE_EXTRA_ARGS, we already use DEB_MAKE_ENVVARS for parallel
    build
    - update debian/rules
  * Set use_system_ffmpeg and symlink libavcodec libavformat and libavutil.
    This enables HTML5 video (Closes: 580610)
    - update debian/rules
    - update debian/patches/series
    - add debian/chromium-browser.links
    - add debian/patches/ffmpeg-no-pkgconfig.patch
    - add debian/patches/ffmpegfix.patch
  * Added libavcodec52, libavformat52 and libavutil50 in Depends
    - update debian/control

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 08 May 2010 00:41:38 +0200

chromium-browser (5.0.375.29~r46008-1) experimental; urgency=low

  [Giuseppe Iuculano]
  * Switch to system libs and enabled libxml
    - update debian/rules
  * Use system libevent, libicu and libxslt
    - update debian/rules
    - update debian/control
  * New upstream release from the Beta Channel
  * Fixed a typo in the maintainer field
    - update debian/control
  * Removed ubuntu_dont_overwrite_default_download_directory.patch, the default
    download location can be set via the options dialog
    - update debian/patches/series
    - removed ubuntu_dont_overwrite_default_download_directory.patch
  * use dh_install --list-missing
    - update debian/rules
  * Updated VCS control field, at this moment is a private branch on launchpad
    - update debian/control
  * Updated debian/copyright and fixed glitches pointed out by ftpmaster
    - update debian/copyright
    - update debian/copyright.problems
  * Added a strict depend in chromium-browser-inspector
    - update debian/control

  [ Fabien Tassin ]
  * Add app_unittests_strings to INSTALL_EXCLUDE_DIRS
    - update debian/rules
  * Add a gnome-www-browser alternative (LP: #571103)
    - update debian/chromium-browser.{postinst,prerm}
  * Build with build_ffmpegsumo=0 instead of use_system_ffmpeg=1 (which
    now means something else)
    - update debian/rules
  * Install resources/{bookmark_manager,net_internals} in the main deb
    - update debian/chromium-browser.install
  * Drop the sse2 patch, it has been applied upstream, and set disable_sse2
    - drop debian/patches/drop_sse2.patch
    - update debian/patches/series
    - update debian/rules
  * Add app_unittests_strings, resources/{calendar_app,docs_app,gmail_app}
    and pyproto to INSTALL_EXCLUDE_DIRS
    - update debian/rules

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 06 May 2010 12:01:07 +0200

chromium-browser (5.0.342.9~r43360-1) experimental; urgency=low

  [ Fabien Tassin ]
  * Add xdg-utils to Depends (LP: #568984)
    - update debian/control
  * Disable DLOG and DCHECK. This should improve performances.
    - update debian/rules

  [ Giuseppe Iuculano ]
  * Replace xbase-clients with x11-apps in build-depdends
    - update debian/control
  * Bump debhelper compatibility to 7
    - update debian/control
    - update debian/compat
  * Bump to Standards-Version 3.8.4, no changes needed
    - update debian/control
  * Removed the strict depends in chromium-browser-l10n, and made
    chromium-browser safely binNMUable
    - update debian/control
  * Set Priority extra for chromium-browser-dbg
    - update debian/control
  * Added the debhelper token in prerm and postinst scripts
    - update debian/chromium-browser.postinst
    - update debian/chromium-browser.prerm
  * Removed cdbs cruft and fix patch-system-but-direct-changes-in-diff lintian
    warning
    - update debian/rules
  * Build-depends on coreutils >= 7.5 | timeout
    - update debian/control
  * Use lzma only in Ubuntu, this is not yet permitted in the Debian archive
    - update debian/rules
  * Move chromium-browser-dbg in debug section and improve its extended
    description
    - update debian/control
  * Set CHROME_VERSION_EXTRA to Debian in the Debian package
    - update debian/rules
  * Updated Maintainer and Uploader lists
    - update debian/control
  * Upload to experimental (Closes: #520324)
  * Removed chromium-codecs-ffmpeg from Depends
    - update debian/control

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 26 Apr 2010 15:03:00 +0200

chromium-browser (5.0.342.9~r43360-0ubuntu2) lucid; urgency=low

  [ Fabien Tassin <fta@ubuntu.com> ]
  * Mention 'Chrome' in the main package description (LP: #561667)
    - update debian/control
  * When 'gclient update' fails, clear up the cache and retry. This helps
    the channels updates often failing with a "Can't switch the checkout" error
    - update debian/rules

  [ Chris Coulson <chris.coulson@canonical.com> ]
  * Update the default search URL
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Fri, 16 Apr 2010 17:36:29 +0200

chromium-browser (5.0.342.9~r43360-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fix extensions installer where some extensions cannot be installed
      (issue 38220)
  * Don't build with system zlib on Intrepid/Jaunty (needed to unbreak the
    backports). See http://crbug.com/38073
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Wed, 07 Apr 2010 21:02:55 +0200

chromium-browser (5.0.342.7~r42476-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - fix an issue with Google SSL sites failing with 'error 107
      (net::ERR_SSL_PROTOCOL_ERROR)' (issue 37722)
    - Automatic translations and greater control over content for privacy
    - Really, really reload. A normal reload causes the browser to check with
      the server before reusing its cached content.  The server can decide
      whether or not the browser should use its cached content.  A force reload
      causes the browser to ignore its cached content and ask the server for a
      fresh copy of the page. Use Shift+Reload to force a reload.
  * Add libdbus-glib-1-dev to Build-Depends
    - update debian/control
  * Move third_party/gles2_book from STRIPPED_DIRS to ALMOST_STRIPPED_DIRS
    as we now need its gyp file (but nothing else)
    - update debian/rules
  * Bump gyp requirement to >= 0.1~svn795, it's needed for the new syntax
    - update debian/control
  * Add 'timestats' to INSTALL_EXCLUDE_FILES
    - update debian/rules
  * Import translations and mime-types from the upstream desktop file
    Thanks to Julien Lavergne <gilir@ubuntu.com> (LP: #538664)
    - update debian/chromium-browser.desktop
  * Import the free SVG logo from the Chromium website and install it
    in /usr/share/icons/hicolor/scalable/apps (LP: #528640)
    - add debian/chromium-browser.svg
    - update debian/rules
  * Move chromium-browser-inspector to Depends, it breaks some features
    when it's not installed
    - update debian/control
  * Rename chromium-codecs-ffmpeg-nonfree into chromium-codecs-ffmpeg-extra
    and move the two codecs back to Depends (LP: #537617, #513776)
    - update debian/control
 
 -- Fabien Tassin <fta@ubuntu.com>  Thu, 25 Mar 2010 08:22:40 +0100

chromium-browser (5.0.307.11~r39572-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fixed an issue where an error resolving a proxy server would not try a
      direct connection. (Issue 32316)
    - Fixed an extensions bug that could crash the entire browser. (Issue 34778)
    - Fixed an issue in the cross-site scripting auditor that could prevent
      Google translate from working on sites. (Issue 33115)

 -- Fabien Tassin <fta@ubuntu.com>  Sat, 27 Feb 2010 17:07:23 +0100

chromium-browser (5.0.307.9~r39052-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fixed a tab crash that could be triggered by visiting wordpress.com,
      http://acid3.acidtests.org/, and many other sites. (Issue 35498)
    - Fixed a tab crash in image loading. (Issue 32230)
    - Improved font bolding for fonts without native bold. (Issue 22360)
  * Bump gyp Build-Depends to >= 0.1~svn785
    - update debian/control
  * Add --no-circular-check to gyp_chromium to prevent gyp from failing
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Thu, 18 Feb 2010 00:20:07 +0100

chromium-browser (5.0.307.7~r38400+0-0ubuntu1) lucid; urgency=low

  * Disable WANT_SYSTEM_LIBS since it makes Gmail/GCal crash (libxml,
    libxslt, ..). See http://crbug.com/34725 (LP: #522078)
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Mon, 15 Feb 2010 12:17:07 +0100

chromium-browser (5.0.307.7~r38400-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
  * Re-add the -l10n strict version dependency on chromium-browser
    - update debian/control

 -- Fabien Tassin <fta@ubuntu.com>  Fri, 12 Feb 2010 22:00:39 +0100

chromium-browser (5.0.307.5~r37950+0-0ubuntu1) lucid; urgency=low

  * Drop third_party/libxml from STRIPPED_SYSTEM_LIB_DIRS
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Wed, 10 Feb 2010 18:46:55 +0100

chromium-browser (5.0.307.5~r37950-0ubuntu1) lucid; urgency=low

  * Add libxss-dev to Build-Depends, the new browser sync engine needs
    X11/extensions/scrnsaver.h
    - update debian/control
  * Add a safety net to get-orig-source when fetching sources for a channel
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 09 Feb 2010 17:07:18 +0100

chromium-browser (4.0.305.0~svn20100123r36929-0ubuntu1) lucid; urgency=low

  [ Fabien Tassin <fta@ubuntu.com> ]
  * Initial release. (Closes: #520324, LP: #387765)

  [ Alexander Sack <asac@ubuntu.com> ]
  * extensive license review; see copyright and copyright.problems;
    also see debian/licensecheck.pl for details how the copyright files are
    generated
  * address archive-admin comments:
    + add "Paul Hsieh's Public Domain Option" license snippet and mark
      net/disk_cache/hash.cc to be govered by that; recreate copyright*
      - add debian/licenses/LICENSE.Paul Hsieh's Public Domain Option
      - update debian/licensecheck.pl
      - update debian/copyright
      - update debian/copyright.problems

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 26 Jan 2010 17:43:19 +0100
