Back to chromium-browser PTS page

Accepted chromium-browser 66.0.3359.117-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted chromium-browser 66.0.3359.117-1 (source) into unstable
From: Michael Gilbert <mgilbert@debian.org>
Date: Fri, 27 Apr 2018 00:37:07 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fBrNr-000ATC-Cq@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Apr 2018 01:27:39 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromium-common
Architecture: source
Version: 66.0.3359.117-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium-browser@tracker.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Closes: 892994 893799 895076
Changes:
 chromium-browser (66.0.3359.117-1) unstable; urgency=medium
 .
   * New upstream stable release.
     - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson
     - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson
     - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous
     - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous
     - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by
       Rob Wu
     - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song
     - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker.
       Reported by Jun Kokatsu
     - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie
       Silvanovich
     - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun
       Kokatsu
     - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris
       Rohlf
     - CVE-2018-6095: Lack of meaningful user interaction requirement before
       file upload. Reported by Abdulrahman Alqabandi
     - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu
     - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr
     - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu
     - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang
     - CVE-2018-6101: Insufficient protection of remote debugging prototol in
       DevTools . Reported by Rob Wu
     - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani
     - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6106: Incorrect handling of promises in V8. Reported by
       lokihardt
     - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by
       Dominik Weber
     - CVE-2018-6110: Incorrect handling of plaintext files via file:// .
       Reported by Wenxiang Qian
     - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani
     - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu
     - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani
     - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang
     - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher
     - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by
       Chengdu Security Response Center
     - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey
     - Fixes proxy time out error (closes: #892994).
     - Removes not implemented messages (closes: #893799).
   * Remove third_party/chromite from the upstream tarball (closes: #895076).
Checksums-Sha1:
 729e178031d03da25b96df318297095d5a5217fe 4285 chromium-browser_66.0.3359.117-1.dsc
 df0290e15e01e56d209bfbd2d6f47ed15ed21a74 409201024 chromium-browser_66.0.3359.117.orig.tar.xz
 970947612edc4a5ec666d48e276928181886bdf1 154368 chromium-browser_66.0.3359.117-1.debian.tar.xz
 08e52b25068f6acb31b4b209c741da741372fd56 19259 chromium-browser_66.0.3359.117-1_source.buildinfo
Checksums-Sha256:
 a7055403b8383b13af9cc1cf9311a26fabce715e00c44a00bdceb3b2f80d4422 4285 chromium-browser_66.0.3359.117-1.dsc
 2eec082092a1a6243e57eb3ef832a3d546c98fbc7c1a55447c2d3ee2e65006b1 409201024 chromium-browser_66.0.3359.117.orig.tar.xz
 c4aaf959edb58e96f453f5e8f1ce9337dd403b5338570e5ab047d136f11b5bae 154368 chromium-browser_66.0.3359.117-1.debian.tar.xz
 9f2554a0a4035cf731ed534ddcce480e1e4eebb56f45c70122ddd0f2915706b1 19259 chromium-browser_66.0.3359.117-1_source.buildinfo
Files:
 175ca0a3d032e1a5fc46075871ff9e0b 4285 web optional chromium-browser_66.0.3359.117-1.dsc
 0af3d1a542e642cf8011ba46ca595a09 409201024 web optional chromium-browser_66.0.3359.117.orig.tar.xz
 c8423cd6be8c3010c6b380c9b87bc4c5 154368 web optional chromium-browser_66.0.3359.117-1.debian.tar.xz
 4d82361e5d1b9ee726fa9299902b894e 19259 web optional chromium-browser_66.0.3359.117-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlriWCIACgkQuNayzQLW
9HOqQCAAsAONpIimR0QeZNkOQYLfkJY3ylmWG3MCXU9vxp/vT69RPazXIVIC/JYK
RgFmDvrNRTxxQOhN2ECO/e7g24aHeutTGpHnFV+0QWqIeC1nEGRxv2HDH4AFaU4w
pBUujm1vW4t4A8/9kZJ9IoTXiWzIXSe9sUfMNwtLjGHy6NL/Hk5L2wqrhWtJUS1V
xPQbVTASco4+NB62Kq6mGoP/eMAbKvw9qg0QSqqEWuEIo/vK4ZRkQqmwCtZA1wpl
Qq0br8AtRyr9XLQ2vWXZwlHiopEcVeaRlKmDZ4IbNQKnM8eX/IQJhLt1QCqe5oS1
p0EckBldl+aCvGxT+o5gEGJlpMpXzfwKQU7BUWRBKEEMxJsUH7aj9hLPycd6Gpy/
XEQLj/6xz+f5g0ROGRZgC1j83TxspU3noxHiE/VR6YKzYstrY9NmsD3RQGjWWZsB
6bV0pflPOwZ5UJdnvNeAVhX5TR9i+hydxLyRHk9S5c9BXrpbSEsUExfnDdie/NKs
AyjRaWugGtUB0COeOAjM+jIkLGXtm77aqB4vqaUZXuKmIBsYss8P4BAZeU1x4mZR
BDbb6zD2XMm/ItDfcSnV2+pUn4Po/zwosm5+c7/D3prxzll9wkGVKgtEUBDWGqro
1AgsKVW9ca2oltTT9mU7FBqIlJdxOW2jgk1KIdZtCXE61wAPL7kdvIMUfXmVOCbf
2ChsRnwUngg/CCeztodWzZEiC8cSn2bVHbGCEcJf2YLyGNHIHPz+t5Os3N8VNWig
337PVsg5+akgb1l+kCax4Ql27ShXt58biRh51q8zcMqAJLJK+09uRa4C1t4SvkjD
QtGU3J1VVlGuaufAT9TrBBjhnXjfSilFJ0EhS792gCC6qZBTBbHWLEFXrty9Nv0H
L0nSQv7KTR5F1LPBtDnhsXtyhsC0QgPhhCIxt/kemlAixnm9OgDC7rhnlRGAHU/d
1AWaBa6Y0nb+2qn18HGAHKi5eVQV2O1t13R3GDFj4Yq4NFH3QlPM8jkekEyJh4Cy
rVCtTbR3hVtZK8phuqvAXgUTKncWJ9lhtzWCRb75sMGT9sJwUMhuz70b9M2cwNp3
k+1cSDb7mnFqNR2h0ezwDxkou6gzid8ZtcEaF3iSHt/TOBML5Cq/2iqMKlPn+82k
N0oMr66t4oCYo8jrvYdgEe198JX/pn/nwD5Q2ksZ0CIK6BpzCLgho2hWjYXIX3PG
UAgDY67AGkWpLdpWZDWUbXgpKtx7aA595uAS4e0wjSWS9FIbPkI5mqz8rLavd/WT
V4tmz44f5/BT4Mvr49vGHM01qWdgMaJJSCzH8+vcPgZq/HFK6brhWhufB19Go4QF
XTnf89AMs5m4M2cFUgog+DOGp+9HSg==
=3r3L
-----END PGP SIGNATURE-----