Debian Package Tracker

From: Michael Gilbert <mgilbert@debian.org>
To:
Subject: Accepted chromium 79.0.3945.130-1~deb10u1 (source) into stable->embargoed, stable
Date: Mon, 20 Jan 2020 11:49:53 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Jan 2020 15:22:38 +0000
Source: chromium
Architecture: source
Version: 79.0.3945.130-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
 chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream security release.
     - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin
     - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti
       Levomäki and Christian Jalio
     - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang
       Gong
     - CVE-2020-6380: Extension message verification error. Reported by Sergei
       Glazunov
     - CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and
       Jianyu Chen
     - CVE-2019-13726: Heap buffer overflow in password manager. Reported by
       Sergei Glazunov
     - CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported
       by @piochu
     - CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and
       Guang Gong
     - CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin
     - CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
     - CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov
     - CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian
     - CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and
       Zhen Feng
     - CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
     - CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous
     - CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported
       by Mark Amery
     - CVE-2019-13738: Insufficient policy enforcement in navigation. Reported
       by Johnathan Norman and Daniel Clark
     - CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr
     - CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani
     - CVE-2019-13741: Insufficient validation of untrusted input in Blink.
       Reported by Michał Bentkowski
     - CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil
       Zhani
     - CVE-2019-13743: Incorrect security UI in external protocol handling.
       Reported by Zhiyang Zeng
     - CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by
       Prakash
     - CVE-2019-13745: Insufficient policy enforcement in audio. Reported by
       Luan Herrera
     - CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by
       David Erceg
     - CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan
       Popelyshev and André Bonatti
     - CVE-2019-13748: Insufficient policy enforcement in developer tools.
       Reported by David Erceg
     - CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil
       Zhani
     - CVE-2019-13750: Insufficient data validation in SQLite. Reported by
       Wenxiang Qian
     - CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian
     - CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian
     - CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian
     - CVE-2019-13754: Insufficient policy enforcement in extensions. Reported
       by Cody Crews
     - CVE-2019-13755: Insufficient policy enforcement in extensions. Reported
       by Masato Kinugawa
     - CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil
       Zhani
     - CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil
       Zhani
     - CVE-2019-13758: Insufficient policy enforcement in navigation. Reported
       by Khalil Zhani
     - CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu
     - CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil
       Zhani
     - CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by
       csanuragjain
     - CVE-2019-13763: Insufficient policy enforcement in payments. Reported by
       weiwangpp93
     - CVE-2019-13767: Use after free in media picker. Reported by Sergei
       Glazunov
Checksums-Sha1:
 09b49e7f84d9287f479c393e54857f25c7daf58c 4242 chromium_79.0.3945.130-1~deb10u1.dsc
 cab2484a4586d743ca9a6fd8507403cc710705d3 266756640 chromium_79.0.3945.130.orig.tar.xz
 d23c9ba9e7af79afbd379f782ee0bfd0b9856ce5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
 eb33c7841ad6193dc047554eb85da7f3f5be30a8 21561 chromium_79.0.3945.130-1~deb10u1_source.buildinfo
Checksums-Sha256:
 41c5b7650e2b5d79d8d8affd420d13866cd0df298ae462c8eec44bc3298c100b 4242 chromium_79.0.3945.130-1~deb10u1.dsc
 73d982161090d2c2af26f547cc6a8e1ef935a87d4d193789ced8c6ef07cf7a8d 266756640 chromium_79.0.3945.130.orig.tar.xz
 1b71e851491c13cb82e60028e906a867db80f7d1d51448cce67979f82d50bde5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
 1429950cfc28233fa2a2393a9b62b2a7f7a237fbac43d59c92c84b2fd08a03c2 21561 chromium_79.0.3945.130-1~deb10u1_source.buildinfo
Files:
 b851e1538ebc543c6ec8b1aa3c970795 4242 web optional chromium_79.0.3945.130-1~deb10u1.dsc
 b085e08af49bd9e9de7eef43e4d45886 266756640 web optional chromium_79.0.3945.130.orig.tar.xz
 8b8bf1dcdd7cff4f958ddc3d6405ccfc 187468 web optional chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
 53f128693bcf425b47d9a00bccb34d9f 21561 web optional chromium_79.0.3945.130-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4kqtsACgkQmD40ZYkU
ayhceyAA4q2uspCB7M2G69i5QLCHgBxs5jGwfd7sTtU70zpuRrLFY6hFJ0KmwuPs
y8gSkPeKEp3dIBUYqsbVyVsbcXdqfB92RGsoO9tM7VG1OFlye1avbeBJnz5qywIW
syVB5zMOX8WUfAWu04HXfPb4/P2p2cVVrjY4iW4HYMuc0DGzVEySW8Hqac0PmFXY
9wAMwimnJwZRHBeSx3c+hU8haWZxKbCz0aqst+o7xVGoWkiKf/PIJWFPTI6UXK0g
UYPkpPRXgG875lL0rK+7movfvFmgR/zspIQFrv8MdIfIVMrFn16ZUX7XlKPcUwLD
KPjAKKwmh2q0YuGv5mBzEJhQFp6v6E7tiTFptqrebhkqL71YnLDATod6VzK+KK31
vB9b1UCr8+BEk3wt+wSSTME57mlNJURUqGWVA99+ozb96VsYiUI3+zNkRtDAj11g
598MBJGzh0ZNOW8jl+/KkSwvIsz5x0UbsIR3pI2zrYoz9cSBPxSkXIsdzIgX511Q
XCGTE3L2l9okgV7F6umf1nw4VX+jH4pe5kcei0cEfjm7brhLjQh4h4EtWEmx1uPW
8kFyCi8yrhfdlFE22tgeiQhqS3/bxxRyhzynxhTF15vqaTaDnYKp81Kq9xDMTJGz
qTuXTDR8pOPa8DJtOwqzWN01DzDqsQXcsimPZJB4khO85fk+PFTidZaBqJtJ2iQN
FPq7OMDk0TATzK3YCYJ6185R63cUKmlz98cuDGePmvmJtP/p44NKJxiOY0N9wfYc
ZpGD63QKL8+hsZWtDEAyZeT8mfOnnE932cMvdAu4iq528bcLvleVXTtnf3c98FmQ
fdTKuc9BmiA5gVL3L7aKR2Eu1zvhXS1pmfci7liY1qm+Zgl4Dl2XcKHr/SuyD0rJ
z/LXPlYGD4YSGMfr2b7cXl/Akwttd9Seb6uxHetKPq5uvSTggMboUql16gaF0XVz
FSQ2Jnp5LD2UH61QGVZ7OoQI9JVceJurkPyv0lJ698Ih861f9/ZOpAfApLsHjKge
b7LC20ldBwWyjG3QevPJugv+4ZltDxlxzB0fsCb43jY5u4vRcZFkfEWemRtxM0Gm
Pv9+dROz60iAN4J8KkDlxugHWEToLeI53M7fbX0TjCCoPUyR4aXRBI3rZMeMDzCy
gtyIgpmeh2FR+lJVkQcAn57ljW3y8ow/V4tCywyu3+RR+45PHtJzwsWh2oX1UiMq
tXVOJD9zRT6b+HVkODL2Tj3tY0SYCWGBzwBTePThwKxCDA5hTNZmuETexwF78UtK
B4/xhY87wuQaF2dmVcjbI7udxzLkcAdilz1+dFcxSLLuUxzQW0uef32ToT+dt7OB
VlPzv0fraptTMCMA/01OxSsSV6U7Bg==
=uEyh
-----END PGP SIGNATURE-----
News for package chromium
