-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 08 Mar 2020 12:30:34 +0000 Source: chromium Architecture: source Version: 80.0.3987.132-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Changes: chromium (80.0.3987.132-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu - CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov - CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov - CVE-2020-6386: Use after free in speech. Reported by Zhe Jin - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen and Rui Zhong - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov - CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen - CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh - CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato Moraes and Altieres Rohr - CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne - CVE-2020-6420: Insufficient policy enforcement in media. Reported by Taras Uzdenov Checksums-Sha1: f9e5a0b5f4a34e3f3802093c746e106c9b40063a 4262 chromium_80.0.3987.132-1~deb10u1.dsc 17b24f323e4b59ab219d8e219d499c644e45ea5d 313257260 chromium_80.0.3987.132.orig.tar.xz 1980dca8a8477812a2ecb8dd521902dd0a02638a 193852 chromium_80.0.3987.132-1~deb10u1.debian.tar.xz a2f70d6fda58d22144ff1ca16863894d9811c96e 22266 chromium_80.0.3987.132-1~deb10u1_source.buildinfo Checksums-Sha256: 0a0aa11477d406cc7afdcdab3a61eaad6c4ba6a2ab376819e9c3417d65d51114 4262 chromium_80.0.3987.132-1~deb10u1.dsc 67a5052ae4cb0150df381131c4cec238fc6b3da1dd9444cd485eddfe0ee2177e 313257260 chromium_80.0.3987.132.orig.tar.xz 94b6db752dee0692cb4ef5da5233f85f442176d111c56c112e4da3515c9d93c3 193852 chromium_80.0.3987.132-1~deb10u1.debian.tar.xz cf91d48a619f21e825591ad5cc7499c56e3e28161b53776d3d1c3470c45714ea 22266 chromium_80.0.3987.132-1~deb10u1_source.buildinfo Files: ac7cacb53119b0ad2289c2736174b819 4262 web optional chromium_80.0.3987.132-1~deb10u1.dsc 2383785af91e97cc985501de543e6d1c 313257260 web optional chromium_80.0.3987.132.orig.tar.xz d09150907f75673f4331a75239b98605 193852 web optional chromium_80.0.3987.132-1~deb10u1.debian.tar.xz 6ae49a6aa90a0177221716cddd85015f 22266 web optional chromium_80.0.3987.132-1~deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5mQ+8ACgkQmD40ZYkU ayhWnyAAvMXgJoDuwwlztbpVvRhHex59/WzwJd3s9EtDHxiFvfaEqkS9pObAgH+M 1kWalUCp93aQkcC0GhAqW5oksTc2rlCveH6r8GyEq+DBuB9APyWgnK3H9kVn4xfM DTBoDxyKB5pCnuUgOg5u5wPUSAMXi5U7MKTC7QX/FL9cnczswBjUcFE140SB/OfU MWOZeTXyQBAK4VbGLFFIEl7uiqAyXfPXEkYaswcpN1Q+av/tSl1ffdOT75k94+kK KK6+7+gQiSm4F8t/t0A4vMVsUwaRChFGiGr0CvFVP4Rn5gZrrHpd7xOwDFtTMJeA YZZj0aMXXLf3WcqFtAzR18V+vLGQMK/PSe/Ytxc5uxGLJi1QhM+QC6/zx0enBsYc 4mFPYgvT22aDlMLxBAEEQNZJ4IxpxsNBolXucWBvqFQZIFQnCgyKweOWo/8iUfH3 EekUHx6wS5Gnv+xBEhqJ7McbCyFSnF6sF/6MGiaYd0355zRfrfIKsEzJAHOAo6bd 2q0evIo+RKB2SyQBwC3ta/na38rJwrJYkDz1MdAn9rkMsJ+LVr9Bhk/M1+0sSg5Q NwqUVI8OY4p8Tx1W5J+5MHy+xCGZWJwQ6GWWbi5AafzHUJIbJr8Xf6CO0slCIxL5 18gKwm+vIzbJR1U4agBo1Br6m/8ZUhgySGsf4lrPFcxTPeELKEsVfy4Hz1UqbgZC AhleolQ/ho9Uv7Q64oUfvYmKLnR9LEOgVYSs67/9Skf7R5rPIVHHQf9VnU5Y/8W4 O4f5Q1oki+P7Nkt0Qu2H1NkusjSRs8F5XuMZrspGe7Rw6r7g3fhzOfGibR2oLRNF +AdUaQmIv0337fMisnRZd3iw+xgBqYkTsrINs05E8Q2zN1rgiznzKBqYijPvlJjZ KPaZaZn14wlYDBOf+xV+CJhe+YrvG8zFmGHVlCqiYnOZDxsYF+RuDWHXkQZoa+Dz ZdT11vzKpi/W2fmi0qpXa135Xg0c9stPdYCU2Iz3CjP9dP65sRXFiHm9+x6y9f2k c2KINfgpWzI9odIcf9yeuoL1jf/PyVWtA4yndMGTdtTorJEnmu9TmxWb/XW0pyke kOaPM1ZY8GWF5N+WJrdM6gsDBA0mfyxlXOTOF6IisaV7qbAFOWpjV7IEE4F9zKYk UbxnVdK5ihbkZf4/+tksPN2HWlJlDDOll0aRIjJZcYShyD/n4JqnAOBoclcMY7Jy 2meUjncdvef7FfWjQVcLYP8GjaV9ViqN+CCWPl6/FA5wVDyqRLOXEiSOIA86eMGm pLGEHJ81srcXG/vx5hVJiOfpb+yb0guPTxmSn13uazUe4kGeOxnsO19EOW0FO3uM 2RpYtvzFXo7q9sAl1iA63HzMFOsArg== =2Scx -----END PGP SIGNATURE-----