-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Oct 2013 04:12:35 +0000
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium chromium-dbg chromium-l10n chromium-inspector
Architecture: source all amd64
Version: 30.0.1599.101-1~deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
chromium - Google's open source chromium web browser
chromium-browser - Chromium browser - transitional dummy package
chromium-browser-dbg - chromium-browser debug symbols transitional dummy package
chromium-browser-inspector - page inspector for the chromium-browser - transitional dummy pack
chromium-browser-l10n - chromium-browser language packages - transitional dummy package
chromium-dbg - Debugging symbols for the chromium web browser
chromium-inspector - page inspector for the chromium browser
chromium-l10n - chromium-browser language packages
Changes:
chromium-browser (30.0.1599.101-1~deb7u1) stable-security; urgency=high
.
* New stable release:
- High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of
OUSPG.
- High CVE-2013-2926: Use after free in editing. Credit to
cloudfuzzer.
- High CVE-2013-2927: Use after free in forms. Credit to
cloudfuzzer.
- CVE-2013-2928: Various fixes from internal audits, fuzzing and other
initiatives.
- Medium CVE-2013-2906: Races in Web Audio.
Credit to Atte Kettunen of OUSPG.
- Medium CVE-2013-2907: Out of bounds read in Window.prototype object.
Credit to Boris Zbarsky.
- Medium CVE-2013-2908: Address bar spoofing related to the "204
No Content" status code. Credit to Chamal de Silva.
- High CVE-2013-2909: Use after free in inline-block
rendering. Credit to Atte Kettunen of OUSPG.
- Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to
Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
- High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte
Kettunen of OUSPG.
- High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal
de Silva and 41.w4r10r(at)garage4hackers.com.
- High CVE-2013-2913: Use-after-free in XML document parsing.
Credit to cloudfuzzer.
- High CVE-2013-2914: Use after free in the Windows color
chooser dialog. Credit to Khalil Zhani.
- Low CVE-2013-2915: Address bar spoofing via a malformed scheme.
Credit to Wander Groeneveld.
- High CVE-2013-2916: Address bar spoofing related to the "204
No Content” status code. Credit to Masato Kinugawa.
- Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit
to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
Security Center (GTISC).
- High CVE-2013-2918: Use-after-free in DOM. Credit to
Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
- High CVE-2013-2919: Memory corruption in V8. Credit to Adam
Haile of Concrete Data.
- Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to
Atte Kettunen of OUSPG.
- High CVE-2013-2921: Use-after-free in resource loader. Credit
to Byoungyoung Lee and Tielei Wang of Georgia Tech Information
Security Center (GTISC).
- High CVE-2013-2922: Use-after-free in template element. Credit
to Jon Butler.
- CVE-2013-2923: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 30).
- Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.
Checksums-Sha1:
cb9f8973d6d2bdc780b30eca3f0b6296a77a4c14 4375 chromium-browser_30.0.1599.101-1~deb7u1.dsc
cd0cddd9792bc971957075350cd6e32d2c380b5f 619355960 chromium-browser_30.0.1599.101.orig.tar.xz
d1d279b933d35cc54c99c0ccdcfda2d7915812ab 258184 chromium-browser_30.0.1599.101-1~deb7u1.debian.tar.gz
f12b935743d99eb97a70b7cfad68bd05b66e89e1 162048 chromium-browser_30.0.1599.101-1~deb7u1_all.deb
2c3f15215ab4b19976a0cce1983137263072b200 161324 chromium-browser-dbg_30.0.1599.101-1~deb7u1_all.deb
5c19c71b1e9722a1259dc55f993082c3d1f6accc 161482 chromium-browser-l10n_30.0.1599.101-1~deb7u1_all.deb
e2e155d5982bb49199a9e57f3e51041976425974 161350 chromium-browser-inspector_30.0.1599.101-1~deb7u1_all.deb
16ac261985db930fa601c34e857665795c365199 2882322 chromium-l10n_30.0.1599.101-1~deb7u1_all.deb
98075013f30e317466761d89b82e704a0411c03e 690126 chromium-inspector_30.0.1599.101-1~deb7u1_all.deb
c4ecd7c54f0129935fe35c1eee8c4a705398220b 50209032 chromium_30.0.1599.101-1~deb7u1_amd64.deb
069c5982744109fc6a0d9f3ddeb88667f15a86f2 466617918 chromium-dbg_30.0.1599.101-1~deb7u1_amd64.deb
Checksums-Sha256:
ea9301f0bf842b4f9603abaebde07625b0da0a057c369201a5bdcbaa539ec34a 4375 chromium-browser_30.0.1599.101-1~deb7u1.dsc
270731d645cb06c1a4403231c7a9d40d6ea708581473c1ec79988182d590a125 619355960 chromium-browser_30.0.1599.101.orig.tar.xz
c0ac1b9b91087d8b82a840923cc0fbeccfe19a4a145fdbfc5919522d125d793a 258184 chromium-browser_30.0.1599.101-1~deb7u1.debian.tar.gz
b2a62725530faaa33bf7f6ef1b65e92d11eea58d3b28aa2db33dbac328230e2a 162048 chromium-browser_30.0.1599.101-1~deb7u1_all.deb
7a0d397e75670f32c8c2e2a591507fc3aa556ed7ad0a84ae3bc090cd0ab60a39 161324 chromium-browser-dbg_30.0.1599.101-1~deb7u1_all.deb
2c1b743cefacced85fc54a84010cfcc45acbd40cd36dab994cc65d26a06ee1bf 161482 chromium-browser-l10n_30.0.1599.101-1~deb7u1_all.deb
3093457c74f4ee7a53f3c901426373a54501e439beae154d0be2ee2edfb92d9b 161350 chromium-browser-inspector_30.0.1599.101-1~deb7u1_all.deb
2c2d807130fe99e0e5e2212fa3bac0c659f4d5ec6634996b52afd8b93ef618af 2882322 chromium-l10n_30.0.1599.101-1~deb7u1_all.deb
c101bdfefe619d8cf03817695049fe3e913c0ed9a08ede97c05d959b45f81c6e 690126 chromium-inspector_30.0.1599.101-1~deb7u1_all.deb
8f9a9a3d4754eef9a55b1037c114fea7ad3d7638bf1c016b3fb43229ae57fd02 50209032 chromium_30.0.1599.101-1~deb7u1_amd64.deb
cbd33e5e0658fe05510c656f1c08f7cd649bd97408f970fa232e3cf3f39e95a1 466617918 chromium-dbg_30.0.1599.101-1~deb7u1_amd64.deb
Files:
1174793cc2b4686320fb52df8dc52ff1 4375 web optional chromium-browser_30.0.1599.101-1~deb7u1.dsc
ce6eefe72b0a483197dd82ab87c7e1db 619355960 web optional chromium-browser_30.0.1599.101.orig.tar.xz
34f1c1b8d967437da1a509f836d6e523 258184 web optional chromium-browser_30.0.1599.101-1~deb7u1.debian.tar.gz
aaf643dfb4eada9413d51d749225b7fd 162048 oldlibs optional chromium-browser_30.0.1599.101-1~deb7u1_all.deb
8b8d726cd666db0af4e4019580f05655 161324 oldlibs extra chromium-browser-dbg_30.0.1599.101-1~deb7u1_all.deb
23e1c41015a58311d8021ed01e5ef33d 161482 oldlibs optional chromium-browser-l10n_30.0.1599.101-1~deb7u1_all.deb
5534718213f9720289b6e6b6576ad678 161350 oldlibs optional chromium-browser-inspector_30.0.1599.101-1~deb7u1_all.deb
dece511f6d91ecd9692c7cc55bd55896 2882322 web optional chromium-l10n_30.0.1599.101-1~deb7u1_all.deb
976242e925bfeb03f4b5483ab2f60f72 690126 web optional chromium-inspector_30.0.1599.101-1~deb7u1_all.deb
8d38e5c577441b383f75bcac343319fd 50209032 web optional chromium_30.0.1599.101-1~deb7u1_amd64.deb
91ce7ee31fb6d91a52f064c68bb1cb31 466617918 debug extra chromium-dbg_30.0.1599.101-1~deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQQcBAEBCgAGBQJSaR8wAAoJELjWss0C1vRzHyEf/jqpX+bYn7YnEzL9Ck+M+vae
Pl76ao/fJ517DrdHDY026HsYaK9YJWCoKFs5vf/yqEcPBeoSGzi+MGU2K03wgwyF
nsYUpT3zzzu1B9Cfj2ImNiWeUQorcaebSWj9bO4pKtBxIMyEvLuvGXFEFFHG/Css
UAG6d2o0ZPSVZIMwymM4q3JyR3GFJ+Uw1sEU+4p2aicwtbNZ0nlt0GRRc7wA7QWI
aXbKkloY3fMYngX1ivA/XVC6Mw/YDmj/juA3HXfjNBiC+kSxDCFWFSjDeMXwDmgP
U1goufDRnT6BiYJllAvh7rr5XF9EhGtVeKeU6DZbjhGDkOGcPRzMSDyu3d3GaqVM
Rsa+2pV2h3iK2QmoItrB+vvRIhGlZ00xNdR0qJX5sGAelWO+PqO5RSUC9tOHfCOb
VsA/PMHDklIK6A9DWDhlSeiBdADeDsTEYHETNdP0IjJeNLvJ1WNTItJvVQZ4c3P5
goGQT8zPA3VtVXaKJZSix/JtNmLuL9WWxqFMMtvhkUXUT9QnHmrqWcVA+R5mjVCr
zisEq8HZ+IVG92slfc0xkE1cYIGo++XVPRKQOKBRH48fh95tHTueG2go13LCqzVa
z1z4fccFFRT7soW68cJMSuTprkE3YYILTdHWPWJMjNXjpLoEgyktZCnJTBMJW+Yc
smDM0KjNV3vB+I0dvWGADDdTldCRqaIBVwz8JD4uHRbiAkP/uQRUCIPtxQSityeN
SlEFkRecLYCX3AwrkXrlz1kRwui2f+CBernn8I+rRYiH4BOIuhYIdXmYqo2B5ULn
3sp3oqfAf6f+Oaqc72yvc5aPkF8/mgIrScWbyY7GopPStDKJBjnRcN/Vbi34bb0o
vDT/THrbRelddS2XhAg3FH7E+OePf7eInGIlQ7DqgeiaP+TSzk4lL9/3n79AkOOJ
GnCYzkR4DrD1QZJjD3hK6G7J+aKg/8IjZVql8s8ol4D99NUKzD49rcykfTV8lQV/
Pz6//ayYtKMgM5vFjkamzlLX2vqGIlb4GiUgk2el5qD34BXjln7aXrOCdjk6JjFl
vLRLtI1Pj/6u/BjSezKpPluQ9W7ZrsVE/o1QxK/TNNf2qZOvFN5d15YEvoKFOELt
zlUSLRJnM5M0SjEnZ9mRGgLcvZwo6y+ikxwPpdr5nL/xtlZ7buMgiYWRDAMWtdBE
bAZS7j7HVNgnW/fZI1hZwNWisX1HCj8z9Ono2c8ItRqWEcPO8xs9ET+9kKGtV33V
/Kwjzoj/burkR2YLAhQM2oMdm05Zik/H+DoU50z3XSSHw0tSzftlDofunFeKdPk/
I3ZCLJzErXYcewVDll1mecT3rF+7p8//6mEPVXQT+Rondr0d/H6osYoB2u1Yucg=
=2S8F
-----END PGP SIGNATURE-----
