Back to chromium PTS page

Accepted chromium 80.0.3987.132-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Mar 2020 12:30:34 +0000
Source: chromium
Architecture: source
Version: 80.0.3987.132-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
 chromium (80.0.3987.132-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream security release.
     - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by
       Richard Lorenz
     - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz
     - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by
       Richard Lorenz
     - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz
     - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's
       National Cyber Security Centre
     - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and
       Wen Xu
     - CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov
     - CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri
     - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by
       Sergei Glazunov
     - CVE-2020-6386: Use after free in speech. Reported by Zhe Jin
     - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie
       Silvanovich
     - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by
       Sergei Glazunov
     - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie
       Silvanovich
     - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei
       Glazunov
     - CVE-2020-6391: Insufficient validation of untrusted input in Blink.
       Reported by Michał Bentkowski
     - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by
       Microsoft Edge Team
     - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark
       Amery
     - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil
       Freo
     - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre
       Langlois
     - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William
       Luc Ritchie
     - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani
     - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk
     - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by
       Luan Herrera
     - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi
       Yoneuchi
     - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox.
       Reported by Tzachy Horesh
     - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by
       Vladimir Metnew
     - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani
     - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi
     - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen
       and Rui Zhong
     - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov
     - CVE-2020-6407: Out of bounds memory access in streams. Reported by
       Sergei Glazunov
     - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong
       Zhaochen
     - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by
       Divagar S and Bharathi V
     - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by
       evi1m0
     - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox.
       Reported by Khalil Zhani
     - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox.
       Reported by Zihan Zheng
     - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał
       Bentkowski
     - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported
       by Lijo A.T
     - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by
       Avihay Cohen
     - CVE-2020-6416: Insufficient data validation in streams. Reported by
       Woojin Oh
     - CVE-2020-6417: Inappropriate implementation in installer. Reported by
       Renato Moraes and Altieres Rohr
     - CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne
     - CVE-2020-6420: Insufficient policy enforcement in media. Reported by
       Taras Uzdenov
Checksums-Sha1:
 f9e5a0b5f4a34e3f3802093c746e106c9b40063a 4262 chromium_80.0.3987.132-1~deb10u1.dsc
 17b24f323e4b59ab219d8e219d499c644e45ea5d 313257260 chromium_80.0.3987.132.orig.tar.xz
 1980dca8a8477812a2ecb8dd521902dd0a02638a 193852 chromium_80.0.3987.132-1~deb10u1.debian.tar.xz
 a2f70d6fda58d22144ff1ca16863894d9811c96e 22266 chromium_80.0.3987.132-1~deb10u1_source.buildinfo
Checksums-Sha256:
 0a0aa11477d406cc7afdcdab3a61eaad6c4ba6a2ab376819e9c3417d65d51114 4262 chromium_80.0.3987.132-1~deb10u1.dsc
 67a5052ae4cb0150df381131c4cec238fc6b3da1dd9444cd485eddfe0ee2177e 313257260 chromium_80.0.3987.132.orig.tar.xz
 94b6db752dee0692cb4ef5da5233f85f442176d111c56c112e4da3515c9d93c3 193852 chromium_80.0.3987.132-1~deb10u1.debian.tar.xz
 cf91d48a619f21e825591ad5cc7499c56e3e28161b53776d3d1c3470c45714ea 22266 chromium_80.0.3987.132-1~deb10u1_source.buildinfo
Files:
 ac7cacb53119b0ad2289c2736174b819 4262 web optional chromium_80.0.3987.132-1~deb10u1.dsc
 2383785af91e97cc985501de543e6d1c 313257260 web optional chromium_80.0.3987.132.orig.tar.xz
 d09150907f75673f4331a75239b98605 193852 web optional chromium_80.0.3987.132-1~deb10u1.debian.tar.xz
 6ae49a6aa90a0177221716cddd85015f 22266 web optional chromium_80.0.3987.132-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5mQ+8ACgkQmD40ZYkU
ayhWnyAAvMXgJoDuwwlztbpVvRhHex59/WzwJd3s9EtDHxiFvfaEqkS9pObAgH+M
1kWalUCp93aQkcC0GhAqW5oksTc2rlCveH6r8GyEq+DBuB9APyWgnK3H9kVn4xfM
DTBoDxyKB5pCnuUgOg5u5wPUSAMXi5U7MKTC7QX/FL9cnczswBjUcFE140SB/OfU
MWOZeTXyQBAK4VbGLFFIEl7uiqAyXfPXEkYaswcpN1Q+av/tSl1ffdOT75k94+kK
KK6+7+gQiSm4F8t/t0A4vMVsUwaRChFGiGr0CvFVP4Rn5gZrrHpd7xOwDFtTMJeA
YZZj0aMXXLf3WcqFtAzR18V+vLGQMK/PSe/Ytxc5uxGLJi1QhM+QC6/zx0enBsYc
4mFPYgvT22aDlMLxBAEEQNZJ4IxpxsNBolXucWBvqFQZIFQnCgyKweOWo/8iUfH3
EekUHx6wS5Gnv+xBEhqJ7McbCyFSnF6sF/6MGiaYd0355zRfrfIKsEzJAHOAo6bd
2q0evIo+RKB2SyQBwC3ta/na38rJwrJYkDz1MdAn9rkMsJ+LVr9Bhk/M1+0sSg5Q
NwqUVI8OY4p8Tx1W5J+5MHy+xCGZWJwQ6GWWbi5AafzHUJIbJr8Xf6CO0slCIxL5
18gKwm+vIzbJR1U4agBo1Br6m/8ZUhgySGsf4lrPFcxTPeELKEsVfy4Hz1UqbgZC
AhleolQ/ho9Uv7Q64oUfvYmKLnR9LEOgVYSs67/9Skf7R5rPIVHHQf9VnU5Y/8W4
O4f5Q1oki+P7Nkt0Qu2H1NkusjSRs8F5XuMZrspGe7Rw6r7g3fhzOfGibR2oLRNF
+AdUaQmIv0337fMisnRZd3iw+xgBqYkTsrINs05E8Q2zN1rgiznzKBqYijPvlJjZ
KPaZaZn14wlYDBOf+xV+CJhe+YrvG8zFmGHVlCqiYnOZDxsYF+RuDWHXkQZoa+Dz
ZdT11vzKpi/W2fmi0qpXa135Xg0c9stPdYCU2Iz3CjP9dP65sRXFiHm9+x6y9f2k
c2KINfgpWzI9odIcf9yeuoL1jf/PyVWtA4yndMGTdtTorJEnmu9TmxWb/XW0pyke
kOaPM1ZY8GWF5N+WJrdM6gsDBA0mfyxlXOTOF6IisaV7qbAFOWpjV7IEE4F9zKYk
UbxnVdK5ihbkZf4/+tksPN2HWlJlDDOll0aRIjJZcYShyD/n4JqnAOBoclcMY7Jy
2meUjncdvef7FfWjQVcLYP8GjaV9ViqN+CCWPl6/FA5wVDyqRLOXEiSOIA86eMGm
pLGEHJ81srcXG/vx5hVJiOfpb+yb0guPTxmSn13uazUe4kGeOxnsO19EOW0FO3uM
2RpYtvzFXo7q9sAl1iA63HzMFOsArg==
=2Scx
-----END PGP SIGNATURE-----