Debian Package Tracker

From: Michael Gilbert <mgilbert@debian.org>
To:
Subject: Accepted chromium-browser 70.0.3538.67-1~deb9u1 (source) into stable->embargoed, stable
Date: Fri, 02 Nov 2018 11:41:17 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 31 Oct 2018 00:46:08 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 70.0.3538.67-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Changes:
 chromium-browser (70.0.3538.67-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson
       and Niklas Baumstark
     - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson
       and Niklas Baumstark
     - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn
     - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
     - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian
     - CVE-2018-17466: Memory corruption in Angle. Reported by Omair
     - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James
       Lee
     - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou
     - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin
     - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by
       Lnyas Zhang
     - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin
     - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew
     - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by
       Khalil Zhani
     - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by
       Yannic Bonenberger
     - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton
Checksums-Sha1:
 f8ad596e64a384ebd54682cfe040ba4e1d9047dc 4370 chromium-browser_70.0.3538.67-1~deb9u1.dsc
 7a36f291c4b36b7dec2ef8b9e82e20153deae1e8 205802572 chromium-browser_70.0.3538.67.orig.tar.xz
 65ec4022e2c146c48dabbb4358391e7654411317 159220 chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz
 b1a330bd4110ef888fb8317f2b804f3d71559d7f 20048 chromium-browser_70.0.3538.67-1~deb9u1_source.buildinfo
Checksums-Sha256:
 4973587ccd80fcb01cf2bf62ef52624ce225dd3b558a9aa3da3d61331169f98e 4370 chromium-browser_70.0.3538.67-1~deb9u1.dsc
 8b5a3ec76bb4f158e5716d5782df746cf8f4b737126c9ba0b47d1962d586ffa7 205802572 chromium-browser_70.0.3538.67.orig.tar.xz
 adffe64c53573d17477180a53c343a6330138cb8b2e7fe41a7b1d7a1fc459b7d 159220 chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz
 65196936c77e1a5fd74071f4776e9b0de8508bf41be8bfbbe6d405ce5076754d 20048 chromium-browser_70.0.3538.67-1~deb9u1_source.buildinfo
Files:
 fa109d3f45319bdbd293434ece8c7fd5 4370 web optional chromium-browser_70.0.3538.67-1~deb9u1.dsc
 e948e133f96a511a2ec1aaa7a18955e8 205802572 web optional chromium-browser_70.0.3538.67.orig.tar.xz
 934c22f01be1ec501033c158c56259f5 159220 web optional chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz
 1a914147d1e5716480d925b5330b8eca 20048 web optional chromium-browser_70.0.3538.67-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvZQOAACgkQuNayzQLW
9HOnfR/9GQvUSvsx/zQQcNRR/HJlkhyi5PJU2gPnJSntDURdOBAvIZbmSoNBHqDs
IUQUbkg27VTZjipSMWOVa1nzwu8pN4HXPv57cdy27dqj+upjwIkbu8SSWpVGIrbR
6gn0WmHFGCoGsLyzl0fim3FPoPftqffaiUNv0WvzQNaXnAkqC/KloOXtM4jlsNMq
w73/hGDiDQmv09jMAkqGQcggiJNS+B0Whg48gsz91J1NZWX6HV+Nme67d9ul1O/I
bZU7X25dLWHTN0M5vT/IkucKLi70P+/zx+aSs8xTVAiU5nVOovxAOzAcbgxXVJvx
/U0SDeNdlPmfkeu8HZ8+i5IisXjXkBO1zzuEIQG+5NUkAuNB6nvSeFZkAs4jR5Gg
OwDrPkxq/+pWZ5tbK7LsLklmdFgs2hIyWeqzV4OTnaqmm1r66hlia77PtPdzHCI6
IMWrt+9xqums3SVMEUNMvN7lr0JagDI1Kubi5mOntD1yD0D50tp0UsBUBKZaeWQL
PXQV2TXo2VbZ+XEBxiK9PVlbAF+nVbmIqUpkAFxy0sIrbLhhmaQF6qoFKFCElzj6
gSw4PupADO1QPuxEF3nkbWyGZNvBo9rNU8yCGajAhMkIoZ3oyHhDi3aOze7CKOv5
CCq+UY0+XFCLDmAAP5qcwO4qgBsGIsla67HYcTXjoQXydcgt0qk7KAUWIbiUG8Jt
7viK9tWzpSOnPMegsNpg+840IAonJO2RxqFROIwDeGCG3l2LbhOXJB2H/BRq0ZoQ
CQoWCEsHABe8s7irmtJ8C3wXHdj2RpO4+RYAia7zzG0mbWkCESlhVBcNrTkh42nh
KLwgXv9WPw8eSgqpGTRPOqDNLd4JXJsioAAiDWmyKTQJ5PRPN+wfr29N9/RThrKd
YkqmEvdFo9QSCJdMU6tSgMN+Ej/tn8O845687SOKxHGuLFRBHa3CMb1sm2Phobbn
Y6aXdR4e+rEApe4j2I/jCr4se7VFZrBI+gWr+UiYbNZVnt40O+uwt5owyeXUfF9P
7YDyMBY6Y2GrUGB+tZM4PipgyFINOcGPdYVrFr79M/6BhFZ+18b1nuUQR+hXRTmg
EhTxIVTkGXGJ8j46TCv6UUogccaPd3Ps3hD/69LfrIIU5xDGfZAD+3DJznIF6XjY
phLW7D3koyi/KWYeiKiI4VAqZR41ZlTTWAGcFEEw4pzx1bu0s+ml6haCQosiKmVG
eBNUEY/cqElm3gT2JeVgVzigCvhufomILUD7KNQs0OafHV21sdywI+kd4e8cPBrV
cd7HjGXT9shp8kTzeFBJZ9rGgHkwoF023upYtKPFtKpu/m61HutFw+gveaNwbr6N
00IPCBU2rbYmXeuoim5wjnB15hH16g==
=hEvb
-----END PGP SIGNATURE-----
News for package chromium-browser
