Debian Package Tracker

From: Michael Gilbert <mgilbert@debian.org>
To: <>
Subject: Accepted chromium 73.0.3683.75-1~deb9u1 (source) into stable->embargoed, stable
Date: Sun, 31 Mar 2019 19:34:40 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Mar 2019 23:43:33 +0000
Source: chromium
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 73.0.3683.75-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Changes:
 chromium (73.0.3683.75-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin
     - CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand
     - CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand
     - CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny
     - CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han
     - CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk
     - CVE-2019-5793: Excessive permissions for private API in Extensions.
       Reported by Jun Kokatsu
     - CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori
     - CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk
     - CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand
     - CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand
     - CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung
     - CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt
     - CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu
     - CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing
     - CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew
       Comminos
Checksums-Sha1:
 9ad383b93792a3553f0500dba82d2438f78b3870 4299 chromium_73.0.3683.75-1~deb9u1.dsc
 776bfaa2e55fda479cfc7365ef49f9c54aa49dc8 224659364 chromium_73.0.3683.75.orig.tar.xz
 2f8e03a5af3d05fd216bb6dd7b11cfeaa81ec264 176640 chromium_73.0.3683.75-1~deb9u1.debian.tar.xz
 c5bdefadd75367ef81818e5fdaeade39c28a05c5 19139 chromium_73.0.3683.75-1~deb9u1_source.buildinfo
Checksums-Sha256:
 0cfa80368294ee9055ecdd42dc9a5ab5272be62129df4d7495e791109a73558d 4299 chromium_73.0.3683.75-1~deb9u1.dsc
 7dfdc4d5c75db1caa74ae792f8e9a2e10c21c573725beaf5cd91e8edfd527b77 224659364 chromium_73.0.3683.75.orig.tar.xz
 8c110c91651f9cafe5775867fd169a2c9d9cbdde50a3c72fabab656815dd6ef1 176640 chromium_73.0.3683.75-1~deb9u1.debian.tar.xz
 80f19a7ee0e6ef513ebfaf2f854c2c3888554c612e5d124b888178ec81be00a4 19139 chromium_73.0.3683.75-1~deb9u1_source.buildinfo
Files:
 d4266dc5774bbaecf7a6cb869c851478 4299 web optional chromium_73.0.3683.75-1~deb9u1.dsc
 939555e77aaeacc51ca3dbdf9d440348 224659364 web optional chromium_73.0.3683.75.orig.tar.xz
 6e1e536048a98c00659493a6c3f0b47b 176640 web optional chromium_73.0.3683.75-1~deb9u1.debian.tar.xz
 e1888da186dbbe97a7a3a2c073a7a23d 19139 web optional chromium_73.0.3683.75-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlygBfMACgkQuNayzQLW
9HOHDR//e7/FCKbRKJDYmJ+TVzS8n41Yj7uZVWBcHJzqVDdJySvxIBZxB5/6Z7m0
+xx3AwFRXmxM1jmNAiAdWLFvRvx+ezKjpHczimKznGPe+5zvZ0jJWMTL/YzOdQ6l
VnMnIK6TjoNontRkC2K3rGUWWaP8Gikkx+H0E1LPZ7Ut8OjNbFReaXCY8SuU32Km
yuQxegqRxp6Ht/JIgMBT9Te+pD2H5YoRMMcolFtGjXo/vqQkgEhvHbpyH4ZcNABJ
4/rWjrvhvVSttAppexuS22YTm5UmY9p5cvK84GMFP7CK2fbte7GT7DnulmAX2BWl
4vDgWKxkoX5JzBq7uE/2rc+GI2uJ1KHb11wJUJZjUAnk/Tcy9JhKSyCVOsxq5w72
xfP0wTeH04a1XBva+kLMZj6/9bNe+UGIEy81eULeMPuVE8Qq3lBu2Vci+fMYV7I5
WKdm4zlK2MPe0rFW2YpX0B+geY2bEw0DqN9NzgZdoY8gT26FpaNfwEglaoaEa/Ic
sXkaqDc6UIpBQowhLUn4Ge+KmZhBo0CTZNZfFqoAqcVKb6qmOpjZN9A1SgGRT7K6
tzvnCFWV/46PydisGZQc2ObHpxjS6kF9yA3E1R3MN/1AfVm4Ko4BMHdEfo4XNr0C
vh+LaOiLgpaE/uwZFRT7B6yZKwLQ8tR58ykWk5jo82tFxKAiinCE/l/Yl9e3hNjw
USKYGed/2oX7JH3XiJRu9aScCXsWdLZOnMB71kw5V5tiQeBWwyrohe+m+ll1q871
OilbK2MSAySW5fbXn0HZj6DWB5x1+Nzzak5RitsRg0woBxcM9yEnlE5qFbFPwp55
OOjexiZzRQ+kmuE8VHvlvbi8IlmCQQB3YuN8nvbSFyLd0hXaVwb76jwZA5iV4W42
kqnUeV1eT1Tf6xOy22qd9csfcRGX7W8l3nhQRvpRxYXKtWUepR3ZlgAR8Tb4x/6P
fpQ8a7wo6n9XgyrEzQYyrswGv9E9x2vj8+c65p8nxCjEvle8KC7jvErgLi64CUi1
WdMzqN8k4EXF6wGnSm7J0zAl/rWHddo2gUA1ri/4EPbiekINKek0FoTihIIRY7dv
paMKDvsZH4RfL2lACtWKAdQtcwb8aQQRWV6RGiUdyC/UztvSjMsdBMMk9pe5Q9T/
/RPODIPERIt3MWBZzwnkrwtPqPK4n2WjC6DGui9PyILArqWtCFt/VciPVC0lItYa
cI/i4RkLdAcMY9PyS8RGxw/f0OvMA8mZMzwfKNxLJZoYYKa0qV0p63cHhMyZzwSd
GyDvlfugkB5fMSiGSWphR+2sJ+rAveW5WNNlglSE6ZXZWfjFKTBvOKhAhjyjReZJ
xnipAQaTQ0M+6TiidxLoQLyFTV8v+g==
=yaFa
-----END PGP SIGNATURE-----
News for package chromium
