Accepted chromium-browser 64.0.3282.119-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Jan 2018 01:00:12 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromium-common
Architecture: source
Version: 64.0.3282.119-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
chromium - web browser
chromium-common - web browser - common resources used by the chromium packages
chromium-driver - web browser - WebDriver support
chromium-l10n - web browser - language packs
chromium-shell - web browser - minimal shell
chromium-widevine - web browser - widevine content decryption support
Changes:
chromium-browser (64.0.3282.119-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall
- CVE-2017-15429: UXSS in V8. Reported by Anonymous
- CVE-2018-6031: Use after free in PDFium. Reported by Anonymous
- CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun
Kokatsu
- CVE-2018-6033: Race when opening downloaded files. Reported by Juho
Nurminen
- CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's
National Cyber Security Centre
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
Reported by Paul Stone
- CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer
- CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen
- CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu
- CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera
- CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani
- CVE-2018-6043: Insufficient escaping with external URL handlers. Reported
by 0x09AL
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato
Kinugawa
- CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu
- CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew
- CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso
- CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by
Tanner Emek
- CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset
Kabdenov
- CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu
Checksums-Sha1:
b5e349d2cfc0ef3e5758a2e665705619de62c0e6 4306 chromium-browser_64.0.3282.119-1.dsc
b88ccf415793acf1e338352cedf06653df6eb1bb 396240296 chromium-browser_64.0.3282.119.orig.tar.xz
89a193fdfc0f9dd2626816a82ba5134404a3a2dd 137276 chromium-browser_64.0.3282.119-1.debian.tar.xz
50cf547a3632ecc13e2f3dba543876027577b5c1 18924 chromium-browser_64.0.3282.119-1_source.buildinfo
Checksums-Sha256:
7f65c40346f3ba71233314cb58e9a139b88273514f330eebca5446522f8dc69c 4306 chromium-browser_64.0.3282.119-1.dsc
fa500ab844b3985fd9a9983d8ce6cba2b551c878ea03986bd9bf13af5d692d36 396240296 chromium-browser_64.0.3282.119.orig.tar.xz
23ce4f3b81a237846a3a7a9ea494f7109310d4aca7c616e68e4261fbe540fc7d 137276 chromium-browser_64.0.3282.119-1.debian.tar.xz
9ede57988eff8019a97de2a85b317bb9538eb8b652a7eb7957dcb420dc29f65f 18924 chromium-browser_64.0.3282.119-1_source.buildinfo
Files:
4c688e91f606ee49a2f2cbd4ab72d1a8 4306 web optional chromium-browser_64.0.3282.119-1.dsc
31e0468364b767c8f91e56a3c3dde07f 396240296 web optional chromium-browser_64.0.3282.119.orig.tar.xz
b4736c1c664ba22feec7bb44831a884a 137276 web optional chromium-browser_64.0.3282.119-1.debian.tar.xz
0e13b58e5767da39aa7fd09c4313bdb0 18924 web optional chromium-browser_64.0.3282.119-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlpuiJ8ACgkQuNayzQLW
9HNRqx/6AiYgqx28DxVVa3gafbZbQcVTtursCSXXgt0fTHbOXma6jmm7xug2KlTe
Iev+M7z8Fkd9O1FZFiddbAr0eAz7K2vNLVoeTOeyREAXBrMqnWtmjGxL2kFeTrTR
gYkRnEFj33Kf6NOO7HBrZGFpYLMBIiKLkRd37DqTxVNecVwIpmPs/FiTcGuTjdQA
CVA0IUpRzS41YFPJgg4DJR279Z4sniGSJ2JVFQMhj/sexFrSBpVXgyTrU8BwIFAt
c0fJUAt2FOd8ZJH7HZa2iZhvYIZ9QU9Fxng2MxwhE2/9BAx5ygvS2QC748QNSLX6
7IQYf+/d7UtLMdS1AWL/xIiT1U8J7FiS4CZQjVTHB8MHkZj5HzQp0NBDYLedqMWr
o4DAXrCxVPjkyTHlhS+FGw077a4S6StqGWaRStKRYsegHdoVsFnu77OPBTUWh8Zt
QM65GJuvUKGTXeXhMvEQDR6SXaSdbZK4JRhDRZ3GKaKbXpo8wNoH6Vlmen0Zsow0
pbMaJd+UX9XtFdixaUf3P5TyHdM/59X73zpgHs4oBwoxWVff7SK1rnFZf2x5Lj7W
TNWTCLp/L95V7r9yf2AhnArKPy25gsQ3wCUrnghaILe994TzoBQyCtlMBfWnn24y
6sJmzP4v+X+1Esnjn+xr3gWT+uWOKnkVqX+EtJqr58TvwtiyOgfOO+rmdVCkD4YB
JJsenjEXH6G5jOa2oHxnnFmengWZpFoHVkRl1JjXQz8I7BBZXXMHqhGUmI/LkpdI
d0QD4xdklhUkLV+4jSTThgC9ivTR1ra+Gnrfb+jVOzZOs9GCcQSt+NvJPJr/sEf0
6GfFl2/CURiOxbmNmRLvf8t70VU1XfYFDadutt/ViDEQEnHRoagXPqChrq8vXIjR
GhIrIS76+E1NWmP84SeWnKnBTr6BqtYEl5FaH6r5d0GhMaT7xLBC8Q8uSiLwdnA5
S7QDH6ZfqxLY4GcuFAWaV2tkyw2a9Hwu6Vu5+kvBVDdYhg6K+eKXcLY0IdqK1Gv/
M0CZWaluLikdh6Mv3dCYbaZ8p0rzJDR2IYvYa16gkyFOsbBSSQ/z3Up95iwidxSt
vx0IgNXXqV3vPQrnUDFoLwJc4wvVEqKsXN2Ar9UhkIlTM4sfdNMUcL/QNRXpINdF
DiXrrzYRUwYt7XUv9R14fcx89hYFYbk3H+e02hI2lyBUr0Tq0qpkGTZ1P/020YNH
INljAEOXyHw2da3k/1EsBSFN8m6bdLfQuSbQa14xSm6oRwYmn2cHCQbAvq+njKeo
n3OS1X+3QJazc1Olp/q37q7HuHf0NqvPqrGaZUbNhikNRaF3vujn5zYiB7BYwd+Q
YVRfs5OiRxLCcR0P3tBeSZfixX42yw==
=IThh
-----END PGP SIGNATURE-----