-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Feb 2020 23:33:50 +0000 Source: chromium Architecture: source Version: 80.0.3987.106-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Closes: 947207 Changes: chromium (80.0.3987.106-1) unstable; urgency=medium . * New upstream stable release. - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen and Rui Zhong - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen - CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh - CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato Moraes and Altieres Rohr * Remove --ignore-gpu-blacklist from the default flags (closes: #947207). * Update standards version to 4.5.0. * Build with clang instead of gcc. Checksums-Sha1: 75ec0de633fbad97666eedcc25036d97219c411d 4198 chromium_80.0.3987.106-1.dsc eb411ad178b52d6dac084f8789edbbd4cc83b005 316714372 chromium_80.0.3987.106.orig.tar.xz eaf07ac6785571464daa6f82ed7f33b9a5e182e3 194560 chromium_80.0.3987.106-1.debian.tar.xz d5ed36be2a84f572973ddc3a3a6d5fa41c2cc83e 21499 chromium_80.0.3987.106-1_source.buildinfo Checksums-Sha256: aeebf534f69fe8f269f9dc7dee41ee60b506e535f5fd7d6bf872d20db94a0590 4198 chromium_80.0.3987.106-1.dsc c08871586235d4e3df1f89237dfd8c65534a9dc30bb799e29aaf48a9ac5fb6ca 316714372 chromium_80.0.3987.106.orig.tar.xz 91f303a08b8e28b3da80ed6549c78593727e8d2fd807c274586ff990b212484b 194560 chromium_80.0.3987.106-1.debian.tar.xz 99ec997291c6045fc6f3389e194754ffd2f0807049ea65aa819af43392400094 21499 chromium_80.0.3987.106-1_source.buildinfo Files: e4c3dc566f004d4dd640ef5344e0db6c 4198 web optional chromium_80.0.3987.106-1.dsc b0c348f5d830533fe3a100ba7a8a4198 316714372 web optional chromium_80.0.3987.106.orig.tar.xz 01af9ad7625829c6efe46ccbf0cecc4c 194560 web optional chromium_80.0.3987.106-1.debian.tar.xz aa544b5039f429df3dcea393633eaf8b 21499 web optional chromium_80.0.3987.106-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5LNKEACgkQmD40ZYkU ayjaxB//e504nCyYD1fK8GYwmlzNrXbG4MtZ3jSBS1WYU8zPfLTZmb5t4ogL3m9D nVUrAuImTtVoCZg0x+4Jt8CMJGelMaBDcTzfMAYwMrUPDfTb14cofZ96I5ol7mmT Bfl+EGNcMK6rZfZnIikCPpJBY9wpddlrlABf1y8J2jp123Aa1xz4/k3cO+snI6y3 ycpqLScJh6xYmpGIeDoq6Nrc9PCLnw8UNmjOsVpg4g4M7Q9Jb6eYD5UBv+ShNvMm OSsjuYAY0roG/E2sWvsFi8jPrMk1Vc8Kh8fL+bzW7Dt5zUufT/dIckZC3jKfAill LxNJn4o/XBiogLB8zx+/8Yc2EFQrQB7mPFyc5Tm9E0wrm7tIGT76+zhFWdNRxOzk EHlQ9Y+mysPfWN0r6wSXyrfOx9g54EWnNuccaM82Y+tedtvknLqGUa8a4lBI09Aa 8jgH/Mt9BMeW3L52+5udaD23fUR0HsDf+1GkCiXD7pZSYmzmWT7Ws/xcRAU67l2r El4nBAYv34fFCfH1vx439Cv8HSuXbzHPORxcREGEZax9/DT93DRte6RonrAhtyUZ xzDCbmXaVqTVi0CUhYI+1hp/SvTs645U5t3JYTOgYmTFWW3MNrkPttLpT4F4mi0E 1T4BB8ywaRrjj2hHSA3nq6DknQ2pA2o37bU6FbuAJYFOnD0mCvTS9dwiXNzLXpBE sMTA5QWq94FgNK76avygaV6iV6Zp4B6q8kT85hN6zhi0peu4pKop7h4y6ScDmwhK cXJLhe9lmwc/ZvuLEb+aytobg3MQeyG+NQCAyZRjQJMAsTHtZCPsfMEf/y5dAXQN FMLX2a/LKRbHUk+s8253+lnHo7ojn/EsPxbL/UgwWHiPajiQujwtQjhjPFxj2C04 oX0vk+XVRaj6e+FpDch0jZqhqMZFUROBz61HfX8Jw3d+CRNCFeHHYc+TLTCfBrr5 L9tPtnBs+134aMexwsLEMzVa5nrUh6ndUM4DdjSBSWQP/CV1HlNEm0WlwtgKjq89 v1eJJxwHBFdmLCaW1c2y7Nchuxtfqmm81IlUyqyecyD/0raI5i6L/BbB+DL8Cty2 exZgU5naNx0P5JlsXxipglULXg6tC88sTGqN5ixPf+DlMGnlxFPHP7T40HReo4LO IKIvf/GW1rhc4wtZjbeztUrVlJng+lw8UHzddJlWiP86tQIuqD8XcdlmHyllo4Bf kMzIa6Id9PijhbWHGLQHQ6Cyai5N42e7H1BL6V1/Dpq/efTnE2zM2XYp1F4KzePu z67Wt4BBuWcfaM6JmZPG9AzxCOpK1yeAanAxOOZJxeHxbbUG77udi84W+r7ImwMe wJaXsL/c8mqlaOoiCUwzL54y8Qrg6Q== =ly8v -----END PGP SIGNATURE-----