mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-01 19:33:03 +00:00
8b97ca270e
Overview of the updated versions: stable: 48.0.2564.116 -> 49.0.2623.75 beta: 49.0.2623.63 -> 49.0.2623.75 dev: 50.0.2657.0 -> 50.0.2661.11 Stable and beta are now in par because of the release of a major stable update. The release addresses 26 security vulnerabilities, the following with an assigned CVE: * CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. * CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. * CVE-2016-1632: Bad cast in Extensions. Credit to anonymous. * CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. * CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. * CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan. * CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann. * CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. * CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. * CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. * CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. * CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG. The full announcement which also includes the link to the bug tracker can be found here: http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html Also, the 32bit Chrome package needed for the Flash and Widevine plugins doesn't exist anymore, because Google has dropped support for 32bit distros, see here for the announcement: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/FoE6sL-p6oU On our end, we need to fix the patch for the plugin paths to work for the latest dev channel. The change is very minor, because the nix_plugin_paths_46.patch only doesn't apply because of an iOS-related ifdef. Built and tested on my Hydra at: https://headcounter.org/hydra/eval/311511 Signed-off-by: aszlig <aszlig@redmoonstudios.org> Fixes: #13665 |
||
---|---|---|
.. | ||
bittorrentsync | ||
browsers | ||
cluster | ||
copy-com | ||
davmail | ||
dropbox | ||
dropbox-cli | ||
dyndns/cfdyndns | ||
enhanced-ctorrent | ||
esniper | ||
feedreaders | ||
ftp/filezilla | ||
google-drive-ocamlfuse | ||
ids | ||
ike | ||
instant-messengers | ||
iptraf | ||
iptraf-ng | ||
irc | ||
jmeter | ||
linssid | ||
mailreaders | ||
msmtp | ||
mumble | ||
netperf | ||
newsreaders | ||
nload | ||
nntp-proxy | ||
offrss | ||
ostinato | ||
owncloud-client | ||
p2p | ||
pjsip | ||
remote | ||
seafile-client | ||
sipcmd | ||
siproxd | ||
sniffers | ||
spideroak | ||
sync | ||
umurmur | ||
vnstat | ||
yafc | ||
znc |