Accepted chromium-browser 69.0.3497.81-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Aug 2018 01:10:32 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 69.0.3497.81-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
chromedriver - web browser - WebDriver support transitional package
chromium - web browser
chromium-driver - web browser - WebDriver support
chromium-l10n - web browser - language packs
chromium-shell - web browser - minimal shell
chromium-widevine - web browser - widevine content decryption support
Closes: 904796 904798
Changes:
chromium-browser (69.0.3497.81-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka
- CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer
- CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin
- CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand
- CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand
- CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun
Kokatsu
- CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun
Kokatsu
- CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila
- CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar
Nikolic
- CVE-2018-16077: Content security policy bypass in Blink. Reported by
Manuel Caballero
- CVE-2018-16078: Credit card information leak in Autofill. Reported by
Cailan Sacks
- CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus
Vervier and Michele OrrĂ¹
- CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani
- CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn
- CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair
- CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-16084: User confirmation bypass in external protocol handling.
Reported by Jun Kokatsu
- CVE-2018-16085: Use after free in Memory Instrumentation. Reported by
Roman Kuksin
* Replace files from chromium-common on upgrade (closes: #904798).
* Fix build failure on arm64 caused by binutils in stretch (closes: #904796).
Checksums-Sha1:
9b0585919291caa8fbca1101c6c0c24c01b47edb 4370 chromium-browser_69.0.3497.81-1~deb9u1.dsc
0695bbc23da4160e9ce0e4dc43e1ea71ac4dbf0a 237086156 chromium-browser_69.0.3497.81.orig.tar.xz
4702c7f7e6b9264f48c993f055a50d37baf7cc96 143180 chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz
e33bc82614dc954c137c8eb372650e380876e7ff 20006 chromium-browser_69.0.3497.81-1~deb9u1_source.buildinfo
Checksums-Sha256:
b41aa8a0c2b3f8e84f738c0f302edfa8a7e56354628941add5c6e575ff62d283 4370 chromium-browser_69.0.3497.81-1~deb9u1.dsc
4eea1bbf8555ab56c9f93d2bde6541c30ab80d8f2d708ed39c9b0d52667658ee 237086156 chromium-browser_69.0.3497.81.orig.tar.xz
ff5f450dc00465fbd89bedd5a4997ef5d5d974352a54fc01c7f26d3db86a449e 143180 chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz
b1718b4c58798987d8aacfbeeb493a1a6f86c10c8f025aca1d0fdd3c0b226a57 20006 chromium-browser_69.0.3497.81-1~deb9u1_source.buildinfo
Files:
49d5592cc2131159f113a684271811be 4370 web optional chromium-browser_69.0.3497.81-1~deb9u1.dsc
75670f17fa49b226a78391390ebca1d9 237086156 web optional chromium-browser_69.0.3497.81.orig.tar.xz
8a3cc52c5be20c61d2add6cf64e4dada 143180 web optional chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz
756379a48b1205eec3585ea4aec9ae53 20006 web optional chromium-browser_69.0.3497.81-1~deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluSdIsACgkQuNayzQLW
9HMZJyAAkbVzEX4MZzUWUpVF3Q2vYxCgIQuiLsPwT6lbRUoi3K368Ps3G2bI1/gw
5XzNnw0fbgduPPFgKJMl0q5A0Ojaf5i/ailRNYG4W1behOhaFJeFqO9FnCWkbGXj
IuPSTvN3O+uw/LVqlYxXZX2t3QpsCXjM32mreBulCAhqh/DS8vg/SgmhtnLP5pDB
DX8rDX9uijrWkVxJyHObYPMf1EikspyIxMRrOGiBmhnX1sYG6zZcqlAPueXNDo/2
+wX01O5c4VmibUk5NAuEfqTMtNAUmfVV0ixaKILVjV3yHHtDTzBPFOjTzQjsYMkc
Aj+/Lmwyh6iwtogOV/vz7aP21tSRZWp1hddG1EPpp9EOLd2/msxAHXi82KNePzJf
+eqb9KrIijWfQx6/G+oTkx8i5eBoU3YEshhjDsvaR6wDsui5DvjnzqA3scMMPfD2
3BVoslMfft014gyRbv8INjOLssTpYuaHdE9f/TqWhPZPxDqkeEDc1/BTuq9tatf1
RWuOl+hjvP2Y/Knf2Z6vGwYgnoziFzrA91sOnL3/LuRY1Os0N+taiLDOPK/josQm
sA2Z/oWxUr4y9Y0On/GQFIDaHTIT1n7L70tOcWOhwS764XEzU1JbqDOum+xIYUxL
Sh9nv4Jn9SeX1IInPWA677KSPuFiZ3mKkUPJDskZaJeNGrPJm+EUw0Lr4YIFdGf6
g91yzynoxVu4PfOd0HFK/etg6HgK6i6mfeyDzoLPe/g0vj0MUdZi9o2FQsbO4VLv
WBLY4lkbPMgSnyj51T5vKw4RlNDrlP5G+I1+30mfgL7kF/wmWx2oHzom4O0JzAUo
6Mw+KaZ3I5UGfe4nnmpfDLCAQ6RqkmxsFhywsEKOrmt4qjJwpac5+D15vvmLrCeC
Jr4lkh2W9HTQUsJE6JJklIkXXlK2atGVfJDoVv/ZPL457TfvXCtAEswP+18yxTKH
H8Gpj+nl4D0ZsNZ1WQyOK9aFwzqMrJc6kovGYcDZBlofcncX59w9l4k0yys8s7Y0
Jj062BwFnfJjBIsUKyGuo9LeB9kpNLNK142ud22jS+42Md2B9up3eBa/MJpNtBUw
hQNnI31SNHPhUCXfWmQowIGoHKcQWdKkg7DKe1v83OqaqH2+vxtDA/RrkbNA2Nqg
nZBplRohn3ndS1dvpOmPGpBkTEEEwzsAXhHDRteZqbIcQC/qZUW1TImOLO7d9avo
l9c5fivHJl2VwON/1T8Cyp8f9jVe8zAXCzJI4ra4zioht1Rtliu1Rv5YW8vy2xm5
i1pfZyskpYlJkyc2nRqctCgazHA65JSM37gdo434RACUWQSxMCRUuJ7gzTqFCjYJ
qEIQjEBGJNS6brm+cIg5r6mN1xwp8g==
=XBdF
-----END PGP SIGNATURE-----