Back to chromium-browser PTS page

Accepted chromium-browser 71.0.3578.80-1~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 Dec 2018 01:16:43 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 71.0.3578.80-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Changes:
 chromium-browser (71.0.3578.80-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong
     - CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous
     - CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous
     - CVE-2018-18336: Use after free in PDFium. Reported by Huyna
     - CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer
     - CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin
     - CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer
     - CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous
     - CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer
     - CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong
     - CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung
     - CVE-2018-18344: Inappropriate implementation in Extensions. Reported by
       Jann Horn
     - CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported
       by Masato Kinugawa and Jun Kokatsu
     - CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera
     - CVE-2018-18347: Inappropriate implementation in Navigation. Reported by
       Luan Herrera
     - CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by
       Ahmed Elsobky
     - CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by
       David Erceg
     - CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by
       Jun Kokatsu
     - CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported
       by Jun Kokatsu
     - CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun
       Kokatsu
     - CVE-2018-18353: Inappropriate implementation in Network Authentication.
       Reported by Wenxu Wu
     - CVE-2018-18354: Insufficient data validation in Shell Integration.
       Reported by Wenxu Wu
     - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
       Reported by evi1m0
     - CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung
     - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
       Reported by evi1m0
     - CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by
       Jann Horn
     - CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu
     - Inappropriate implementation in PDFium. Reported by Salem Faisal
       Elmrayed
     - Use after free in Extensions. Reported by Zhe Jin
     - Inappropriate implementation in Navigation. Reported by Luan Herrera
     - Inappropriate implementation in Navigation. Reported by Jesper van den
       Ende
     - Insufficient policy enforcement in Navigation. Reported by Ryan Pickren
     - Insufficient policy enforcement in URL Formatter. Reported by evi1m0
Checksums-Sha1:
 9e84dd58438279cae7319f4d9fe6b0513e83a289 4355 chromium-browser_71.0.3578.80-1~deb9u1.dsc
 f1a813d96fc272943a82a78adcaf214adb8aeecb 197203632 chromium-browser_71.0.3578.80.orig.tar.xz
 0db13d6ab8a1bdab77d50cfc49d01f8554639297 160064 chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz
 b5cc978ef7530108e61512dda379054bd514a455 19190 chromium-browser_71.0.3578.80-1~deb9u1_source.buildinfo
Checksums-Sha256:
 f5a39b968c6860137a30a39679cfed28ab9c61a78a87237a38a3275ba55b491e 4355 chromium-browser_71.0.3578.80-1~deb9u1.dsc
 d065973886eb8fa622102c5254b480fc5c9c8e042674139efb75bd4235a9676f 197203632 chromium-browser_71.0.3578.80.orig.tar.xz
 9247b74662d3f0d26fb2fdab56480637a27f25c6d080ce3266421b90c6f42fa1 160064 chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz
 9e393ae367955e8d436e51808b2883fd2d6356113a0cbcffcdf095107c3873e4 19190 chromium-browser_71.0.3578.80-1~deb9u1_source.buildinfo
Files:
 fa9d421b58541ce241e334fd49f3135a 4355 web optional chromium-browser_71.0.3578.80-1~deb9u1.dsc
 b1cdde04ca22df99df7cf49e6453c750 197203632 web optional chromium-browser_71.0.3578.80.orig.tar.xz
 11152245678c5a3fd2f6880d998a39dd 160064 web optional chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz
 a490a09dfa08688421ceedf013f02fae 19190 web optional chromium-browser_71.0.3578.80-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlwJ9iYACgkQuNayzQLW
9HNK9x//fEurQgflT2dPEMk14D4+lGXOwhkOGIP1JxV8ieHuGYjlZrPtcJew/xhG
zH5XhyEjKZkMpUPOGEUt+gpzAhSacs8qAcuaZT3ydKGerEpUYmuSajurlJ7ltf9F
nZjxrP+wyNj5F+uEcF/9aybXZp5Xa4f88CaovDnhS0ylgpLpmeA67kv1Ecet3mGW
Om4VcmGGHS4S4vo6rQGjRrIML1kQJ3XVSFIKgCrjR5c2hk38B4QQ8a0C/mkL2CUf
Z7Jru6serPSdSthdPxagSr9IEWoGPylWCKwEXPJa+/m5icXyDwHHWqRmOZeaQA36
rC8GglR/uv9ncQRZEGvMEtu5qT6CyXCNJLzMFU3lRt6RyqL9xMJVH/DThCFqjW2i
wGPcOhNkYus0xQDgyD5kHonf38i2tqomLgf91I7bZ9Bpr1KObxpRLrOeGcyvzw8l
htFu2Ys9J6DGo1Q7GC2Syruxqm/o2UP7g4F01V9CCBlnz8yh3aeaRQBefo5VcFi3
+z49IscgsaiPM+K8Re3VJpMz7G6L0dYk29arolAdiA4OPGWieyVctkQCGlL8ja6O
C0a75SVlNth7seVSVeoTVvFL6/2Ma3qn/mlyREngv7KSjmAOVrwdhWkJJhPzATiT
2E9rCJhdJojtYs9fWcMfv2iKupHrUEe/yNFi6i3ZwsnoW3LwgJc6MMFd+WPFkiB6
T0KfkLExumB+2iBYRUkWbrGdliYnPj0vBYSTyXOAyBioTD6LHVN70jIoi3m34E+J
YLx95DGFbG/G6EcJ42MsDcaRGc1bHkAUs65gwQ9pDQXf+JBEbSYYrTB8qm53dHf7
D21rWsAozYgPfF7XUvtOsM7xBEwZ8WL9NXWK2jvGWxQ2twTBy0K0JVX6TwbmOrIK
stw4BML/n1QCYrXn+yRaiPv0E/EUIsyzpLu6lPNidNkaVPVcYASUpBwTLJKgQSFE
UXvZyULBXySuK6yXkhovWHxB37plxWfatoEfcRIEekLZyanGej18eK5hos6RC6zL
I6Mib3LDQE/nEQ5ZuWXSKPJ+81xGkzGfztq1KWgnsvhu5jQw589kzjaKHM1YQiXL
VwCnf8XDsvxlRB3Hr9HwQnmkSILhQSnBT+6a4+mZGnfXVMwkb7ImGFOHaOimv/4O
G/oOlDujinfhKU9RLtl5Ez0U3k0LX+YGcIfMZwUco85bLYoPEzaXsOz/Usjh2ZCV
uQ5w1MuGmbL9glG33DVGHf9fTXeFDjOix489mXupS+i4i6UVumDMOLipn86edVt7
u8oJrtLeIDs14Ei7y77ycwSi7sNoIedfGiVeY9b4v0SqOFMKw0q6yFvUkwV21CFy
e/0eDrYSjW336F5azQNRQ84943gE9w==
=zSUu
-----END PGP SIGNATURE-----