-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 Nov 2019 22:30:42 +0000
Source: chromium
Architecture: source
Version: 78.0.3904.87-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
chromium (78.0.3904.87-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin
- CVE-2019-5870: Use-after-free in media. Reported by Guang Gong
- CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous
- CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin
- CVE-2019-5874: External URIs may trigger other browsers. Reported by
James Lee
- CVE-2019-5875: URL bar spoof. Reported by Khalil
Zhani
- CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong
- CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-5879: Extensions can read some local files. Reported by Jinseo
Kim
- CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu
- CVE-2019-13659: URL spoof. Reported by Lnyas Zhang
- CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu
- CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu
- CVE-2019-13662: CSP bypass. Reported by David Erceg
- CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang
- CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell
- CVE-2019-13665: Multiple file download protection bypass. Reported by
Jun Kokatsu
- CVE-2019-13666: Side channel using storage size estimate. Reported by
Tom Van Goethem
- CVE-2019-13667: URI bar spoof when using external app URIs. Reported by
Khalil Zhani
- CVE-2019-13668: Global window leak via console. Reported by David Erceg
- CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong
- CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr
- CVE-2019-13673: Cross-origin information leak using devtools. Reported
by David Erceg
- CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani
- CVE-2019-13675: Extensions can be disabled by trailing slash. Reported
by Jun Kokatsu
- CVE-2019-13676: Google URI shown for certificate warning. Reported by
Wenxu Wu
- CVE-2019-13677: Chrome web store origin needs to be isolated. Reported
by Jun Kokatsu
- CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing
- CVE-2019-13679: User gesture needed for printing. Reported by Conrad
Irwin
- CVE-2019-13680: IP address spoofing to servers. Reported by Thijs
Alkemade
- CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg
- CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu
- CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg
- CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani
- CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon
- CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo
Tiszka
- CVE-2019-13691: Omnibox spoof. Reported by David Erceg
- CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu
- CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong
- CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin
- CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo
- CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong
- CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera
- CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo
- CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo
- CVE-2019-13701: URL spoof in navigation. Reported by David Erceg
- CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip
Langlois and Edward Torkington
- CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani
- CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu
- CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera
- CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk
- CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo
- CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani
- CVE-2019-13709: File download protection bypass. Reported by Zhong
Zhaochen
- CVE-2019-13710: File download protection bypass. Reported by
bernardo.mrod
- CVE-2019-13711: Cross-context information leak. Reported by David Erceg
- CVE-2019-13713: Cross-origin data leak. Reported by David Erceg
- CVE-2019-13714: CSS injection. Reported by Jun Kokatsu
- CVE-2019-13715: Address bar spoofing. Reported by xisigr
- CVE-2019-13716: Service worker state error. Reported by Barron Hagerman
- CVE-2019-13717: Notification obscured. Reported by xisigr
- CVE-2019-13718: IDN spoof. Reported by Khalil Zhani
- CVE-2019-13719: Notification obscured. Reported by Khalil Zhani
- CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and
Alexey Kulaev
- CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin
* Drop support for building with gcc 6 and gtk 2.
Checksums-Sha1:
50092fc356485700e1c6ec07d2f2a2ef9e7b1f5b 4203 chromium_78.0.3904.87-1.dsc
f9665dc937625c58903cfead45da7c239921d7db 262061336 chromium_78.0.3904.87.orig.tar.xz
b2d5f7abc59a04697290f36c1469789ca99f3ef1 188040 chromium_78.0.3904.87-1.debian.tar.xz
4a72e738fbfb0a0b073feb837b902adf0181074b 21126 chromium_78.0.3904.87-1_source.buildinfo
Checksums-Sha256:
4433f25ec32ee2c6b3353cdb0b547a10a38dc85d345a8245c340637d49d82e1a 4203 chromium_78.0.3904.87-1.dsc
570c1cb8823e08852c1fbcfa9b1cbd1f4cfd1fda216d5f9bfa7eac8d4b38a1f6 262061336 chromium_78.0.3904.87.orig.tar.xz
82d38ae97b6e2ae2fc1f5c861305a71c0ffa0a84835d1ee758219e1d4f1d818c 188040 chromium_78.0.3904.87-1.debian.tar.xz
70ac669731487e59d657cd24e0755485992168c18e237908637965ab30f0d5ab 21126 chromium_78.0.3904.87-1_source.buildinfo
Files:
6e91fc96f5790d6def8a58e569574977 4203 web optional chromium_78.0.3904.87-1.dsc
54981cb7a35fe9885796a1f3fee6a79d 262061336 web optional chromium_78.0.3904.87.orig.tar.xz
7bae650f3f55753682457971e6116060 188040 web optional chromium_78.0.3904.87-1.debian.tar.xz
e80c23e46e6d05a238b00ef727c6f899 21126 web optional chromium_78.0.3904.87-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl3Ai3sACgkQmD40ZYkU
ayjOlB/5AXwdqI9LRq/1Hga+9962s3wR20KFKwnZdCEJjKL1h3YEfgsr7ygd9ND/
W6m/cuu6g2TB7IEIPA364v/trwXrykMAvDF/zUBDV+JQpWu+C8jqfQlHbLoXTJ5K
dYDsL/Y47OvPwahQgDAYe7b4VMpKcs+bl2SZt6VtgOjZVGsAmeBONjwuKww+A4QT
g1oymXFjJMnSGLLGmGR9uXEACNPYnIrM0knvRb+ERP7liG2II7lpJisvQyb8yGwZ
HF67/w3qkf0x3yEmpfRfLclAUBnaCNsYAAN2opkwzSIIVv3Icb8oH/erhS9U696u
DC49j3+ajjBdcMCrdb6WKZ+yq2KF658xVPLLnF8SninUYxlm7/LBxByzFnisyaiJ
tBp+yV0Ux6+kocsqVhGDVU4ChmlGlxP0YvcoKLginq1oehNiKKABH5N9QP6Xr8xh
mUBOeNnoKzmBeePIhB+gQRSTRd84tLGI0+U5hJmP+y3sPtaP1/fFqIgxi71t/c54
/2+bvVw02/GGw/AwdAtBn/TGp/BI1oljeBgb9GmwtHmcgZ7TsQ+qq+RwCg1jzhvk
LNL44In7JCp5BCNhH5g8XlwIWBFVwsl3qhk5Dq9RDSjAIzwgyTP4PcCz7lcckgEZ
BQP3kq45V+nHxUC7PP5lmLgvSLelIkT1aBkcB+7hAQFwjrx6vz1deZjVxgfdDgaQ
sdALrAVyE8Q0Ni17J4e8tdpzXO9VBxK/onYJdBcEme2XMdI+7T58eEfXysZhjfoY
FOmDhm3jxmPPAE0eCBNlT3B7Z0ec5TLId1eS9SOrs1vwQYUWgxTRSV7bCqOYK603
swAIjreur0N8s/S8Hek9wKaSy0uyjtMoCw+gcJOyWWFsmByMttUWcXvWVQOAq416
oqnPiyaFst/jKsXHkaCn4ukmIUFhW8pnHqGeisLKxHz729xc2OjI12VNRomLnfr5
ym9T3GYVegbdmz5NuLcJBKMV97/lL37kjhi+VJWLdKyDJ1R6iq7mxIPUyiA9aT0V
0yPU1sqSJAAmXaWrmMHSU9GkILpm4xgUe10relLYNovJ9Zyx/8PRCxoVgyMAZIhp
ughHMB+79paKojOmGAvA/ofjnfUWVLryi5fsvoQAcsEg5+IGQDcNDiPMc0Hhtpe4
uvCDilwq82NXq7833r9wyo8aVumJwhyZRcZ3kOi7WRsgIWWNf3egapIQHtSwx6vj
VFResofgt7W16OaPlFpAIixGwoUOTqT5qc1+OpVo7hCHOhXBlAEnOv4+mymunlm9
Er9j3770bMhYz26RoS1Rzw48R7UlP7F2pf0R/A2+r8ZIeuDZQGLlxBn9p77yRHCn
fw2uc4wQAo28N2uvXms7mYfc7CT5YA==
=kIXP
-----END PGP SIGNATURE-----
