Back to chromium-browser PTS page

Accepted chromium-browser 66.0.3359.117-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium-browser 66.0.3359.117-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 10 Sep 2018 19:02:16 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fzRRw-000CKU-Sp@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Apr 2018 23:48:58 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 66.0.3359.117-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Changes:
 chromium-browser (66.0.3359.117-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by
       lokihardt
     - CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal
       Beniamini
     - CVE-2018-6060: Use after free in Blink. Reported by Omair
     - CVE-2018-6061: Race condition in V8. Reported by Guang Gong
     - CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous
     - CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal
       Beniamini
     - CVE-2018-6064: Type confusion in V8. Reported by lokihardt
     - CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand
     - CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa
     - CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson
     - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by
       Luan Herrera
     - CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu &
       Yangkang
     - CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu
     - CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous
     - CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen
     - CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair
     - CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi
     - CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti
       De Ceukelaire
     - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
       Reported by Mateusz Krzeszowiec
     - CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani
     - CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani
     - CVE-2018-6079: Information disclosure via texture data in WebGL. Reported
       by Ivars Atteka
     - CVE-2018-6080: Information disclosure in IPC call. Reported by Gal
       Beniamini
     - CVE-2018-6081: XSS in interstitials. Reported by Rob Wu
     - CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu
     - CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun
       Kokatsu
     - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson
     - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson
     - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous
     - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous
     - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by
       Rob Wu
     - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song
     - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker.
       Reported by Jun Kokatsu
     - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie
       Silvanovich
     - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun
       Kokatsu
     - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris
       Rohlf
     - CVE-2018-6095: Lack of meaningful user interaction requirement before
       file upload. Reported by Abdulrahman Alqabandi
     - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu
     - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr
     - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu
     - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang
     - CVE-2018-6101: Insufficient protection of remote debugging prototol in
       DevTools . Reported by Rob Wu
     - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani
     - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6106: Incorrect handling of promises in V8. Reported by
       lokihardt
     - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by
       Dominik Weber
     - CVE-2018-6110: Incorrect handling of plaintext files via file:// .
       Reported by Wenxiang Qian
     - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani
     - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu
     - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani
     - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang
     - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher
     - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by
       Chengdu Security Response Center
     - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey
Checksums-Sha1:
 f60c2ff0b65bdcaa2430905195d86adbe90d4990 4359 chromium-browser_66.0.3359.117-1~deb9u1.dsc
 df0290e15e01e56d209bfbd2d6f47ed15ed21a74 409201024 chromium-browser_66.0.3359.117.orig.tar.xz
 0b438e412430c7c5f9af98952cd65145ea8dfd34 148872 chromium-browser_66.0.3359.117-1~deb9u1.debian.tar.xz
 2df7830c649ea2b2694888ee1b4dba56484564fc 19930 chromium-browser_66.0.3359.117-1~deb9u1_source.buildinfo
Checksums-Sha256:
 0c6c69a0f05c36b578d9d6f74e7040f91da82c560a7776d0cf340e65298b3cd2 4359 chromium-browser_66.0.3359.117-1~deb9u1.dsc
 2eec082092a1a6243e57eb3ef832a3d546c98fbc7c1a55447c2d3ee2e65006b1 409201024 chromium-browser_66.0.3359.117.orig.tar.xz
 84a192e118c090ef845c50b2e9aebabfddfc3d150ed320ae7038cb67a2ec914f 148872 chromium-browser_66.0.3359.117-1~deb9u1.debian.tar.xz
 79fadebcd8b3b125472c84e18609eaaeba634bf9c440e4560f3f542db9ee19d4 19930 chromium-browser_66.0.3359.117-1~deb9u1_source.buildinfo
Files:
 91fbe2e9b4c9b7fada2e9cda3d2053af 4359 web optional chromium-browser_66.0.3359.117-1~deb9u1.dsc
 0af3d1a542e642cf8011ba46ca595a09 409201024 web optional chromium-browser_66.0.3359.117.orig.tar.xz
 8219323bad30990c6414a7bfce499e32 148872 web optional chromium-browser_66.0.3359.117-1~deb9u1.debian.tar.xz
 6457040dfbb832a317bd0626af3bbad3 19930 web optional chromium-browser_66.0.3359.117-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlrjEZsACgkQuNayzQLW
9HMWoh/6Ay/tzYpp+qSl4T9QAzDp2Xv2P/RioO2hFaPmxpVLgKnxC0Lukf+aSH2E
7T/uZeTSry+Hf1YwwsX5144aH2ExXBP0TzPF1V5UWlA7tdVNU1LAoBa1uaV9D5uc
wBv6cNeoByRkW/z0HGSWg5GcI1XPmodaT4hK5CPHmY1lkAyCtNWzGLsHumPuELxV
+4kniZbQhX8Ynl/4cu3Zr5BH4xp/tAzX94zt+cTtGq0AadccdFuMAxTldx1jrNp1
XgN6gisZ69yJpEa4RP8zll3q8FnWa7P7TWa5nHVrHrb10f/fL7ln/xaSMie1BIh5
FhfmTAM8JwFLEf2ujjpoj1hNCOJeI6UfsUzDC6AV2lVRH82DmXN4Dw6etMHoCW6c
G1aY53W/Il9xb84q3Z9RD6rEfOVo4hd9JMy82ipqSPt0RcGxTQlC8w7kOEPaf+5u
QGeaH+tvKhn+FhBrZlu0T1auEOYjP3X2UwdJndchalugkek7hfPs913iPh/mEds6
++rEAeMdHzkD0wiGh6zsEYgLuKKypXiT93YCGOcpJ6ApioqRJGgGPbI784lUeT8s
GEK+BXhHVOp5JKT4nc0Dvo6ryxdceJ/dJMeX/iQE0O5+ZdpIsRuB9Rb9Ftnqgb/A
29OQZnYV1gOg8e5WayIOauu7xYuLq8ohsd7NiOo9fw9AsTB1rFxm6icK89PBZg75
ABFfeSf+J4MEYsYgpQdJVIiYnXaJgjB5vZwuI5S+gG5E2NRD8SGTof5HKZkugZO0
H0U1X/Ildmi/2PPrsAbmQw4apoxuJ2NzT+xEi4gTTmqtuX75ejq5RViH63PqbjFI
2r33+ZhK4tkxI8U4ouqnpFQWoW/BJ3FqAFMxIed2hjO+pyNyIaBf6sxgw8k1KUbL
YUJTeHmhuvx77/Ko1cn5AhbLZ3H48MdNV8qIkVhaDHqHZpSKDv1YUsq2LrMz7fRX
9y/S+vYdeEFnGnnTefW+Q1sB8tUz+WqrgW2kwuveELnXYv6gsRhXX6Jj60r5rag8
cuaIygTnUsLC7OcKAAL6QXdBw1TNb2EDv0ovMp1mOgbOL0tQJ+FrmO3Sk+9n8TSh
Y4uLqZGvriSU4G3o3+vbw/wvx87NenL4SE+OqWx748LTeUIKqEbp1UIrIn8vhZre
O+wnYOyHyc9pqDceymCaJkNIbVIQsnStQ1X9EgpWkAXgcX0jLyYL8o63B+nh8yhq
/bcVvJvaeSY0BzIKvkswheJcJnpGv6JsO4IF5phdpvMcVstxkptKYhDRpn1Qt7+O
SLSYOe17gzQ4TXPSeBGzYoIOmpIIGkNH4iBXuUb+0VxCaQgasjZHT3Qv+qumHlRX
rvzI02ovtUBeTkYne5DXDjLI3kXL0w==
=QG0E
-----END PGP SIGNATURE-----