Debian Package Tracker

From: Michael Gilbert <mgilbert@debian.org>
To:
Subject: Accepted chromium 78.0.3904.97-1~deb10u1 (source) into stable->embargoed, stable
Date: Sun, 10 Nov 2019 08:30:12 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Nov 2019 19:01:23 +0000
Source: chromium
Architecture: source
Version: 78.0.3904.97-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
 chromium (78.0.3904.97-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin
     - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong
     - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous
     - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin
     - CVE-2019-5874: External URIs may trigger other browsers. Reported by
       James Lee
     - CVE-2019-5875: URL bar spoof. Reported by Khalil
       Zhani
     - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo
     - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong
     - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong
     - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo
       Kim
     - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu
     - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang
     - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu
     - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu
     - CVE-2019-13662: CSP bypass. Reported by David Erceg
     - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang
     - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell
     - CVE-2019-13665: Multiple file download protection bypass. Reported by
       Jun Kokatsu
     - CVE-2019-13666: Side channel using storage size estimate. Reported by
       Tom Van Goethem
     - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by
       Khalil Zhani
     - CVE-2019-13668: Global window leak via console. Reported by David Erceg
     - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani
     - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong
     - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr
     - CVE-2019-13673: Cross-origin information leak using devtools. Reported
       by David Erceg
     - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani
     - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported
       by Jun Kokatsu
     - CVE-2019-13676: Google URI shown for certificate warning. Reported by
       Wenxu Wu
     - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported
       by Jun Kokatsu
     - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing
     - CVE-2019-13679: User gesture needed for printing. Reported by Conrad
       Irwin
     - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs
       Alkemade
     - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg
     - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu
     - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg
     - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani
     - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon
     - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo
     - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo
       Tiszka
     - CVE-2019-13691: Omnibox spoof. Reported by David Erceg
     - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu
     - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong
     - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin
     - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo
     - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong
     - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera
     - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo
     - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo
     - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg
     - CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip
       Langlois and Edward Torkington
     - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani
     - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu
     - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera
     - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk
     - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo
     - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani
     - CVE-2019-13709: File download protection bypass. Reported by Zhong
       Zhaochen
     - CVE-2019-13710: File download protection bypass. Reported by
       bernardo.mrod
     - CVE-2019-13711: Cross-context information leak. Reported by David Erceg
     - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg
     - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu
     - CVE-2019-13715: Address bar spoofing. Reported by xisigr
     - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman
     - CVE-2019-13717: Notification obscured. Reported by xisigr
     - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani
     - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani
     - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and
       Alexey Kulaev
     - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin
Checksums-Sha1:
 377717f7c2b4a5faab14ee36483a96242d7095f1 4235 chromium_78.0.3904.97-1~deb10u1.dsc
 50b9bc5f76bdcc0a352a34ed757835ac2e76fcc6 262087832 chromium_78.0.3904.97.orig.tar.xz
 12cfe602ce32a836926fafed39f1e18dff317db4 188204 chromium_78.0.3904.97-1~deb10u1.debian.tar.xz
 65ef2e271473db506597733b13410ad9ae0c19a8 21477 chromium_78.0.3904.97-1~deb10u1_source.buildinfo
Checksums-Sha256:
 f117d76c89175b602754ec01ef47eb716b0e47647f043e7a89b6df5b330078f4 4235 chromium_78.0.3904.97-1~deb10u1.dsc
 67d24abe35375e125f8cce507a3df07f2d0e89bc592194c36df1d4b6692a9e65 262087832 chromium_78.0.3904.97.orig.tar.xz
 19de26c1229e4955d88ae65d9754ec81299e4bdb719ed8bf8a45717f2da3cf11 188204 chromium_78.0.3904.97-1~deb10u1.debian.tar.xz
 bcf23f67a4855f0e2ffe2280917e448c47dd832430b978c1e1e0e7bacb63632e 21477 chromium_78.0.3904.97-1~deb10u1_source.buildinfo
Files:
 58250f26bec11095afc13409cd0c1587 4235 web optional chromium_78.0.3904.97-1~deb10u1.dsc
 4a9336b874e9dd9865650db0c27dd2ee 262087832 web optional chromium_78.0.3904.97.orig.tar.xz
 a3aac2aa54508c2c4ff9fbca96977837 188204 web optional chromium_78.0.3904.97-1~deb10u1.debian.tar.xz
 6034d21021ac7101bf130b607e7b3100 21477 web optional chromium_78.0.3904.97-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl3HSS8ACgkQmD40ZYkU
aygmXCAAgaf6PdwfPR4lMEOZDy518kXhaKH/mNs2nVr/MtYnu//upny1yuvnHCw/
fK2NnTYW5XtHWs+PkpWKJzaKKyzHpZ5J7Nt5yDew/zGHKAN5EzzHMN8R9Uj/7L5e
HFZY2Pr45nsXZtCwDXiknXzKL17+AABn3aCjL14mOnDFNcCuymfNKqZn/oaYQaoT
OfTw3EH8Mp0VcERPvhutDXcM8qKaN925jLN6eA4UW9UIO0JZ2kDxwWnHypbMqMM9
bGxURJ+A2r0lvQLGOot56VOP0qC5teAZ1+kVJ2BU2XczO6jreEePG2KHLme20YUF
8i+nd2Ql0tFACpPWbrMYULkH0ZHWqLkdQgK1ChcWVPr6iz5Ll9k8UKWrvrs3Nc7d
S47CDV018jOeMPgGQHtdxqzrx6cUTsedZ6GSorUWsXQsmkb2YtvV7XgXsKB5N7/j
FahHb5FDf6iJ1Fppqk+pAe2VP3v5rEpQKBYuQE0dZLe/oih5/Ay3V2bDRgL4HMK3
rkoYtDrJXojTQdH7NodN3e1XmBa6s8G0ljHOrVUGJLo8HSduCuAfjAyuXOLrEBeQ
2BNkrhta9SyoJu0JfLZyfNb+q9EouIQfcoTolp+FH93nJ04uhmOWjPMv8wAB0Fql
kKWkjwzMHu79f8W/DVfdcROwStAqVbYTFiuJxI4sLY33NFCHiFE94ij29VO+VMXh
WMe8B7AhmEKyxWa+9ZgA0vWZ9HoiyGBM3V6i31fVfqO0NffwfY9l4BpE2OSwHTEH
AV1i3qk4jfOEgJwg4XQHZjJuEg22FkwfBnDpnsuMCF6l2iPjAR/ag3JnC6a2oRD9
kAu9HIW1YcSq4A82QqAASb9Q9eVspYtAPfqo9iZh02xI2xGgQgLeRt7VhF1j3NV2
NKmUCSrEqQ1Vd9rHZf8IkyDdp1KeujiHZZdOCsrLBFRUcfRykJZYJgwD6M3fxyGe
tId24HJy5KP4K35RDHdH3NMI+6xSuAGMARKqZRo/ZPgG5HmPi535CYqCSuznsw2/
GlV8y2pIALZlqsTuS+299oL1jg8ChZ3xxTYdu7wwkYS3n23iRy8+ZNW26xeZyEud
ArWJtVubTfvOLjRXWG0ZhE1wvlqarLn9mbWLq07FsuaKZnSBeiEX8uKdx44aLVEH
tjlkn3BZ57ChARXmcyNWKmpehiXsfbt3qzJfShMNL3bBkcvbHlrUUiGcxJitJGkO
3lF+jLk+mizu5ckEdJalyNhwcx7D3y/t95T5P6Yp0EtRF5bT+qTNes3L2Uj/ciXo
eUOUNlnh+UsURgIS1p1YcQCQPJsOHsLkJIfSRv4RRn2wqToP/zIsPHcjTGcLRikN
xTASXf4XzpxrpXj8LobMkecBYePSZg==
=R55U
-----END PGP SIGNATURE-----
News for package chromium
