-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Jul 2013 00:17:54 +0000 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium chromium-dbg chromium-l10n chromium-inspector Architecture: source all amd64 Version: 28.0.1500.71-1~deb7u1 Distribution: stable-security Urgency: high Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromium - Google's open source chromium web browser chromium-browser - Chromium browser - transitional dummy package chromium-browser-dbg - chromium-browser debug symbols transitional dummy package chromium-browser-inspector - page inspector for the chromium-browser - transitional dummy pack chromium-browser-l10n - chromium-browser language packages - transitional dummy package chromium-dbg - Debugging symbols for the chromium web browser chromium-inspector - page inspector for the chromium browser chromium-l10n - chromium-browser language packages Changes: chromium-browser (28.0.1500.71-1~deb7u1) stable-security; urgency=high . * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. Checksums-Sha1: 7ded7f6f843618c897cb6f1639bb702dd84ba937 4371 chromium-browser_28.0.1500.71-1~deb7u1.dsc c6170bbe78f16f0ffb2a50870c01d9c52977d655 1192403288 chromium-browser_28.0.1500.71.orig.tar.xz 9ca1d089188911a9fdb6769f39c2e44dccc800a9 257434 chromium-browser_28.0.1500.71-1~deb7u1.debian.tar.gz 7b034de8e9da1a7f01d386a31a27238614d8b6c5 161206 chromium-browser_28.0.1500.71-1~deb7u1_all.deb 9efb75d862a7430f3a101c2d1909c3733a439f83 160562 chromium-browser-dbg_28.0.1500.71-1~deb7u1_all.deb 7ff2be2e8edeff0f49da59b3786fc156baf25322 160610 chromium-browser-l10n_28.0.1500.71-1~deb7u1_all.deb b59302cecdc477566d7b73d3aae8dcec10d1afe7 160536 chromium-browser-inspector_28.0.1500.71-1~deb7u1_all.deb f60e3cd46299b869e4da496803aa39cc95422456 2719538 chromium-l10n_28.0.1500.71-1~deb7u1_all.deb 53c2279caaccbda3ca2e536e02f2f4b53eadc0db 742378 chromium-inspector_28.0.1500.71-1~deb7u1_all.deb ae19c8ecbf8dcec5e9def998efaecaaeef73b748 43655992 chromium_28.0.1500.71-1~deb7u1_amd64.deb e8b856e785332fb64fc8c9ad888a323125c763c2 431389414 chromium-dbg_28.0.1500.71-1~deb7u1_amd64.deb Checksums-Sha256: daa594f9b681017518df9ec3792d0ea564be81f54ce914dfd5c2e74fc00a9b4a 4371 chromium-browser_28.0.1500.71-1~deb7u1.dsc 57c6ec7051a1b14f1c54883f18fc2f2ea624400d8e80b23c7c7375a21282aa6c 1192403288 chromium-browser_28.0.1500.71.orig.tar.xz 4ff8ad30d881bfc09a0f4553ce30681993ee8e28a16593c8388f207adf975d58 257434 chromium-browser_28.0.1500.71-1~deb7u1.debian.tar.gz 313967e986e03985698e806db03cc1447878f407847906dc52246a2c84231e36 161206 chromium-browser_28.0.1500.71-1~deb7u1_all.deb 43582a0eb4c6a6238f39133606e929521e1ba89375d07b3c685c4e7b28e84910 160562 chromium-browser-dbg_28.0.1500.71-1~deb7u1_all.deb 23f5b118bb54da063500f5b3ebc73e2dbf9bfd6a8c12e5abca3351f4169bd98b 160610 chromium-browser-l10n_28.0.1500.71-1~deb7u1_all.deb 5e35b582655424fbeea6f015f4439ed1d39c03514d0101c3503d3c5295bb37a1 160536 chromium-browser-inspector_28.0.1500.71-1~deb7u1_all.deb 56f5efe2a6c280ec0e129dce5a687de4694b55f6c8b21baba8f4ff1c5e7e6685 2719538 chromium-l10n_28.0.1500.71-1~deb7u1_all.deb 59a0617c74e2755ce98d7550a7965690b9666c116a4dbbf8e98959269adb678e 742378 chromium-inspector_28.0.1500.71-1~deb7u1_all.deb 4889c3f65508e52a230f36100022959a08fa6ccd006878df73767d57eb2bc62a 43655992 chromium_28.0.1500.71-1~deb7u1_amd64.deb 0678b3dbf908055d2f1c521554f0b3708094cf4d59fcd91df8714ffbad0b9553 431389414 chromium-dbg_28.0.1500.71-1~deb7u1_amd64.deb Files: 5421c302d33b78c469ff0bdc236af1bb 4371 web optional chromium-browser_28.0.1500.71-1~deb7u1.dsc bccc8f73b95603a1b6c3fb4f55671f28 1192403288 web optional chromium-browser_28.0.1500.71.orig.tar.xz 119e7ddb6852bf6cce2c734c8b4a4416 257434 web optional chromium-browser_28.0.1500.71-1~deb7u1.debian.tar.gz a6b1f17faa16a4338baacd24bfa39150 161206 oldlibs optional chromium-browser_28.0.1500.71-1~deb7u1_all.deb 232b5ea1e06edaed44ff506881973b12 160562 oldlibs extra chromium-browser-dbg_28.0.1500.71-1~deb7u1_all.deb da69d7beed38b910593f6ee3bcbf43b2 160610 oldlibs optional chromium-browser-l10n_28.0.1500.71-1~deb7u1_all.deb 2bbab3952eb75e455c0a086b52efebe6 160536 oldlibs optional chromium-browser-inspector_28.0.1500.71-1~deb7u1_all.deb 1332817b8a1193866d67982b09233631 2719538 web optional chromium-l10n_28.0.1500.71-1~deb7u1_all.deb f68e8ad60990aeba3704170203eff816 742378 web optional chromium-inspector_28.0.1500.71-1~deb7u1_all.deb bc5359350b7d2bdc00aacaf7e49b8268 43655992 web optional chromium_28.0.1500.71-1~deb7u1_amd64.deb 1c1c15a57b29e06356aae5880106a675 431389414 debug extra chromium-dbg_28.0.1500.71-1~deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCgAGBQJR5pdWAAoJELjWss0C1vRzLscf/iueRvu3InXXF78iUZYhmceZ SukxXPZQMVIoIdL5k69ravLha87J96peYZGX6Mw45xn0lUnF53c+ENUubXRvBDEp qdHvGof6yrTmK6otG/fYCLFIHssDDv29U9azH2GBHcxcgCng7LZRKEDutimIOts/ vvZa38lrcIU4FeSPr3TuHD6rrwasyW6pzm2SPq6fYuV/afg2c3sZmCYo8DJnNXeA cmcmfJG4vCQJCm2uONmY1u/QRUNRj7MrGYNAUOw0zt3SBtZDAQu8totarq0m0NgS CGXkPMCTfnNeDIHO1PKO/4Pg6mRMxhRu1eqzPyPgizpRMzzj6FSY5uRonxxtbDU7 GrQwGolz3LzC2OeP59A6eADlE/pqdWEhqI1ndIJNaelC63cDYSAEFhb4XmcUgac1 do0cwEznI/ZC3DiUqCTkf4oV/9SszEK/lJhfgpQsa8aZ72NzVBmdWFNhE+y53qpP LMYQmxBFqcfJO6O7j5knuXFue3hC6WzQp68DbqJPVEIAqN8+0Qq/aGzVMPqlhS2P U+Pql4FmTv/Gw46YTvTG5vKwf9ZE7HboVBBGOiEFJnKHv6AxI2YECKsxiIhjvua6 sNbX0vXYQEBLdYRz6auEoXgaJ0G/y4KB+Ab23F+DEdbnSRpDOfeJPi+a6UJMX13o ymIbElF6hb1Kaix2WW6+aEiHJ+WD7+csATFLOoT1i9J/T10fv6xg9y/9aJUZcI7A 4uVFb+XoZv2Ju2cmGCw7EOsq1Q+6l8jGBtZpFiVgasYcbGG3PRx3ASJYzKs7rlrA L7wspR72Hmpfsg+2I1jgWWJHUplJRLEtjEo/kmVAoh1UZisruwBj41Vv9vd8vmzt /TgJzs7Ay0ahqsJv4ng7ZmJgmnA66evn0D7k3tYY0nlpT8wD4cQIi2p9Hgtd23y2 4ORnEsmYhnHr/WDsIj2fauHVOcDQRCDS9DqpMChg2rDCH8LMWGT7mU3RZLXWNioW 2OZktoVfpTEDVIOneg1HgVZqrKqDth9oGVgXSNO2KQdJtq5KFqOjOz+IDZdYg/mc efLl/xID6iUszg91bO1okDoaGAmLuh1NVylgx1YzP1u8eSN736D01Ig8XzZSJ/dv xX8Tl166WsZH8ip6PcRila3+vMxjCAdHnj4OVjhS/6wchYxWrtkzZ2+LT3P63qLl qUGmtu/7x01wvvoJWDVjq/0Hr2QhLEqSfoNgg6hpANuR+UO7yLXsxZHRLZh7rodk aovH6WiPQ+usE/CuOJv8dLhfpkmw/gDltO3f4aUzMJs+XymAZhfkWFpUuwke9rL4 UdZlTKd+zLlxpWr2Rzk4c7OgPKQrZtLkzcQB0O+UtGwLGnz6InLkXC5TKYDKvgg= =FPlY -----END PGP SIGNATURE-----