Debian Package Tracker

From: Michael Gilbert <mgilbert@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 76.0.3809.87-1 (source) into unstable
Date: Wed, 31 Jul 2019 04:55:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Jul 2019 23:22:44 +0000
Source: chromium
Architecture: source
Version: 76.0.3809.87-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Closes: 932049
Changes:
 chromium (76.0.3809.87-1) unstable; urgency=medium
 .
   * New upstream stable release.
     - CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex
     - CVE-2019-5848: Font sizes may expose sensitive information. Reported by
       Mark Amery
     - CVE-2019-5850: Use-after-free in offline page fetcher. Reported by
       Brendon Tiszka
     - CVE-2019-5851: Use-after-poison in offline audio context. Reported by Zhe
       Jin
     - CVE-2019-5852: Object leak of utility functions. Reported by David Erceg
     - CVE-2019-5853: Memory corruption in regexp length check. Reported by
       yngwei and sakura
     - CVE-2019-5854: Integer overflow in PDFium text rendering. Reported by
       Zhen Zhou
     - CVE-2019-5855: Integer overflow in PDFium. Reported by Zhen Zhou
     - CVE-2019-5856: Insufficient checks on filesystem: URI permissions.
       Reported by Yongke Wang
     - CVE-2019-5857: Comparison of -0 and null yields crash. Reported by
       cloudfuzzer
     - CVE-2019-5858: Insufficient filtering of Open URL service parameters.
       Reported by evi1m0
     - CVE-2019-5859: res: URIs can load alternative browsers. Reported by James
       Lee
     - CVE-2019-5860: Use-after-free in PDFium. Reported by Anonymous
     - CVE-2019-5861: Click location incorrectly checked. Reported by Robin Linus
     - CVE-2019-5862: AppCache not robust to compromised renderers. Reported by
       Jun Kokatsu
     - CVE-2019-5864: Insufficient port filtering in CORS for extensions.
       Reported by Devin Grindle
     - CVE-2019-5865: Site isolation bypass from compromised renderer. Reported
       by Ivan Fratric
   * Use legacy call to avoid error in icu 6.3 (closes: #932049).
Checksums-Sha1:
 1bb387d17a28b893a426576b00384a45249c60c4 4203 chromium_76.0.3809.87-1.dsc
 6d8f87ba17d153bf90840c5ea551b925caaeb4a4 248874484 chromium_76.0.3809.87.orig.tar.xz
 2aa85eb4f56418ee5abeccef380cbe750b97e5b4 201140 chromium_76.0.3809.87-1.debian.tar.xz
 2e5cb28afe1d096f1f62202ec22601d90f2e4cf7 21352 chromium_76.0.3809.87-1_source.buildinfo
Checksums-Sha256:
 fde79ed85046e9565a331ce47b576dc0f07fb3e3dd351d1d311dac9f43138f41 4203 chromium_76.0.3809.87-1.dsc
 afbdbf292ddec9c5812440bff3a2c7b459a7ea5c1aeec90152efb21bdc9a1a56 248874484 chromium_76.0.3809.87.orig.tar.xz
 b466f9686db6468579e9ab1a5f457995202b991f41d9181e146994b9bf70ada7 201140 chromium_76.0.3809.87-1.debian.tar.xz
 85fcf18ee0cb945591619554961d2774809fa158072b3d5b40b5c55c43826ec9 21352 chromium_76.0.3809.87-1_source.buildinfo
Files:
 92f08d4e392d23635a786225c3a2c596 4203 web optional chromium_76.0.3809.87-1.dsc
 d0ba378891da039a7c0edd70fda71fb1 248874484 web optional chromium_76.0.3809.87.orig.tar.xz
 29336da5b4504e775d64ae2ce16141a5 201140 web optional chromium_76.0.3809.87-1.debian.tar.xz
 e395c48be8f7b6bdf2111be0b27e2285 21352 web optional chromium_76.0.3809.87-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAl1BGs4ACgkQuNayzQLW
9HOE9yAAmbNwzBJIvBRMzXnmZsdGC/fJr3Q/J+u935B0Z9vv9O3GFebSON9CsL6x
OQySYg0NXZEVql9fjUKOCWvPzMkxaRNlUZYx/y33HVJHLOEKAEK0/uF4ahMhWMAU
SR9/0DdZq3gYU1RYhaUZR5BHgtplFp9/C5YJc3oePCE7Q3EUQOBcUHS4FH04gwYz
seGvwP23HbUKOa1c5diBk5xl2vn0XIXBM7HjT4rD4jAwy75ZQoDRGR1K8EJLfIqF
Jm7BbZbAnVLIJ8H2Xrjc0MnmxVS4/mhPtXmVbUstmh+6B66l//iR8SN5mXbcWSAt
w9ILwn4UlBTBcuzwPlaryThd7oUI0hjV4rLrUAH1qrBB1ZT4QyqCB1ZH2dYpHv+p
yUfCJkRWnEaUjV5/IuNw79IDnmw6PVReoVCdiA3hBKsdweXgpTUsaA24/3+t6ovc
/gw59DSXFPjnVfSK1uITb2eTd8TAOHn1PClBosaXgRXFFntf8/Da+s4dp4NME7O/
8wGU1kMjf9CUQ6G37kkUQF16Vh7QAfTrvKp8kJxfbppSLqrMAopqJkerzBhSn81M
64WvWWPPpfZW9hau9/EbELJudQM1YIoadk+YJEJkJsSD/TzkwG58uXcFHwBcJPu9
yuqxq8hl/o2wzyheEje9Srq8sT0YeKDcDKYg4pXRg0q1VUjd/I01DJUlnqPxlYaO
O1x1ICd28iJ9mYv5wAdNCTIeJzfe9g33YernVk84YjV9Wh6z0R0qT5MxKqUtoGXY
PbDqTd4LJnz6PnX6mKdCl7IDYkN4HRUKNv/p8qi/PPlcGSVhv6im8cPVI+n0+gxr
Je+mxUY0ua4XKsFhEXmBylxuUFIe0DGbOP/tNK2TW78DZw8mdk8a1cHoJGzWIhhG
kVi1vpSnJVJuRS2v/FD+1duoXCcLX2je02WbQsmmda6r21qumFsQj0cmCyx3POmP
ME5R4sbjRoKZ+kxkJhWIOV8gJg+z/qOeQsizxyCwrfe1aYlwlwXSGHmiHAo4cBXz
dlYnbSLATeCwQWVs56nWeDHhSe7yS4dqH+ewtISqU6JgapU+G0r9wUsKm5h/9rjm
tWwfERAhwLSMAUPPv5tlEK0PoXzazTxAipN+u56bGS6BbSRHm9jiVkHovpiKc7X5
ZDBJR374nf90XoOu8lEFecz/zz3tdObDxFEBJiput9aGCTK9fWZ2+Gs/1R18V34n
QN3H9jvD/c79kZx6yu/zRKpUeUoe1xwpbS8IJRIPHgMci7GeU0IDEk38Lzau9M+E
S77ACe4EaPek4e76BmoCp8oD3CMysJN6RwzBLs97YWunrS21P2XLBKTMaKyV3DEJ
f0bRUzh/euSIbFRJf8awLRt0xlxYjg==
=0uv5
-----END PGP SIGNATURE-----
News for package chromium
