-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Dec 2016 04:48:45 +0000 Source: chromium-browser Binary: chromium chromium-dbg chromium-l10n chromium-inspector chromedriver Architecture: source i386 all Version: 55.0.2883.75-1~deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromedriver - web browser - WebDriver support chromium - web browser chromium-dbg - web browser - debugging symbols chromium-inspector - web browser - page inspection support chromium-l10n - web browser - language packs Closes: 844631 Changes: chromium-browser (55.0.2883.75-1~deb8u1) jessie-security; urgency=medium . * New upstream stable release: - CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go - CVE-2016-5183: Use after free in PDFium. Credit to Anonymous - CVE-2016-5184: Use after free in PDFium. Credit to Anonymous - CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer - CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman - CVE-2016-5187: URL spoofing. Credit to Luan Herrera - CVE-2016-5188: UI spoofing. Credit to Luan Herrera haojunhou@gmail.com - CVE-2016-5189: URL spoofing. Credit to xisigr Alqabandi - CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen - CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes - CVE-2016-5192: Cross-origin bypass in Blink. Credit to - CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab - CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han - CVE-2016-5201: Info leak in extensions. Credit to Rob Wu - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi - CVE-2016-5219: Use after free in V8. Credit to Rob Wu - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek - CVE-2016-9651: Private property access in V8. Credit to Guang Gong - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives - Certificate validity is now independent of the browser build date (closes: #844631). - No longer supports gyp build system, so update to use gn instead. Checksums-Sha1: c708b399bf09b950a2543fbc7efe64e58552a685 4087 chromium-browser_55.0.2883.75-1~deb8u1.dsc 7e19210a25ae94e17b0fd93625642d1d59697dc8 472986664 chromium-browser_55.0.2883.75.orig.tar.xz 22043abb4ee3fe9f3a9566482e0a08a3625ea1f0 183480 chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz 1c7eaf51d1d5f7da58e6216c86cac5e1d9072d6e 42461718 chromium_55.0.2883.75-1~deb8u1_i386.deb 1ae8009a9095a527790365f7f4697a748e2d2432 6933910 chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb b4231eed97d384edb380b8660adb4aa95cf23a98 3339348 chromium-l10n_55.0.2883.75-1~deb8u1_all.deb fb8186b902598cfcdf1fd2e576441892d4872461 1404218 chromium-inspector_55.0.2883.75-1~deb8u1_all.deb 052dcc08525b2ad6ec3907e97bcdebc6cbb2acd4 2624408 chromedriver_55.0.2883.75-1~deb8u1_i386.deb Checksums-Sha256: fda2905fabd8557dd8e0d85e8fdbee46acda16e7a62f5792306e0457b9846d18 4087 chromium-browser_55.0.2883.75-1~deb8u1.dsc 8b4a7109aeb40f1804d584151649a6b2ca70d0da459fe86daeaa0f5f3c6ea358 472986664 chromium-browser_55.0.2883.75.orig.tar.xz 055a9f090d001a6c7b619c291796b17611c8d935e617da1f06501ce1d2238ff7 183480 chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz d2b25c5f689f5dc45467a355b93f310d49602b54ba3116993750a9400e4222be 42461718 chromium_55.0.2883.75-1~deb8u1_i386.deb b1d1d6ec538fc76f9d83a4d99da102b0c42ebd87fd91403bb065b2888871fd8a 6933910 chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb a5120d3ba01a5cb4966ce540318a0b6904d95125515cea9356372da7077e8ea6 3339348 chromium-l10n_55.0.2883.75-1~deb8u1_all.deb f623318dabe60bda281db285d26a1a14ccb3302cffdcdb52166bd759dedc27ce 1404218 chromium-inspector_55.0.2883.75-1~deb8u1_all.deb b3e537c0bf35ea168ecd3d3935d220def7c49c06771a4f020df7675c87445662 2624408 chromedriver_55.0.2883.75-1~deb8u1_i386.deb Files: 4a5091cc667678b97a0d71d7cf9efd83 4087 web optional chromium-browser_55.0.2883.75-1~deb8u1.dsc 6ea097ad1d73444f40359f54ad9bf396 472986664 web optional chromium-browser_55.0.2883.75.orig.tar.xz a2fbf7b8e7b607a89dd96d11645f4c6d 183480 web optional chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz 615f1cc64b6b8b2c4ac670a91470c1d1 42461718 web optional chromium_55.0.2883.75-1~deb8u1_i386.deb 75d710eb62663e3d63c3c84a8e7db9a4 6933910 debug extra chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb 327a01b2d004d15c0f5a76fdf745ea5f 3339348 localization optional chromium-l10n_55.0.2883.75-1~deb8u1_all.deb 493f5fffc7c88d53e20e3e0242399a35 1404218 web optional chromium-inspector_55.0.2883.75-1~deb8u1_all.deb baab5cb8f34c2b7d8bf63e0a6f583b34 2624408 web optional chromedriver_55.0.2883.75-1~deb8u1_i386.deb -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlhNYboACgkQuNayzQLW 9HN/3B//azWVQoO6a+Txr9FEvvbRfpKpT3U+R3AKv6a2QBJJQ/tUYyBs+2SKb5Yb YXmYNn9p3wKvU2taZTyO6pBgD4/DeAjVAvNssCsrRbB7azB/BfLjZhBrr5vC5+cj LGZz0GTqOSIHjEg0aGMeZX2qReZN2X+keM6Sf2oAmmSPgsl1hdpR2NsrDgi+x/ZX itOyDkE4KUdKkxbAuZnxrofWsaHPARPHf9jYnH2RKudHzbwx1kDFQprr/F/7UxpD vIWpG67eoiol+S+DE4OVTJ2pb8Jm8EJsGJk+JBXaXmWX6r4PRFHYTcPoQKxfe5QW O5ijXwB4ISwetJw6dhqgSZu2Kc9IFLNp1hghO72+ZVdcKXxditiziRL3PnLo/+dZ wlA+ADEen96OlTvSRCqjWJhYtU6WK4zQrvEyBGr+q0KMCf8c2pd67qfdel/hbTUx d92om6zm21Txy/SaeTuwY4RydGmtdRSS3OMyFpgcaHqmxz/PtXkgS6oAJ4vnipdQ eVhZW6Uv30rZmMeGHjRHiYG1K6h6wjLcdcl/7STWF2psWPGFkxH6iQsKpfOw4/Qq C42seyk/bM2bpDscV9Jn8tcxK060+b+eUcFiUPVaGGYa9nqsybfHo2vo/oMhWLzB lli6Yj7psaV+hyMi9o41fVEc1WwfV+fJAcDTfol4cIt0jeBWZUnGqJeHA81v86xX jrIPzacNfWWSfu/RSMkSz90H9Ruc6F4IFHwa4sK8xiMvyl03ukNR8dLXb4Y3DZCC uQ3pECw1k88OWRQc6iuCN1Igwiav/jUWqRmM21SVSRx1BPaHpAVeGk/O/3BJYcJX 3hpNAVh9XhoA+6viF+qVkJ4nW3hVdZqNWQ8okw1Dq0hC/z6MfkQ+iuWyrJNhe3ZS zlxThr6CyUOQPW1cbt4muHmZV4rsburEjP443em/9XTkeB0hyN+7pUf7mbQ8rq5h pSviLTjz+5pa38QdNVikOAF5eS65BXmQL+boGiWyrBOVxjBePDfGMXP9oZhkjz/5 e6o2Sr3Hy+SXbjLgbi3uRj4LuS1fHlVkIbuLKdZOGTd6vivBWi8uq1xyD3+wqyDl lI9NmfvD3d6PvHIj4RmB6AsfkaADveKQ5avBBNxumD4xGliPYYdALhmG7mRDsE6z wKbZbGxM7BmhpK44gRkHLyr8U8URbnz4N3siTZGKXHrPGAKCTpU5fvPLGGBW7dqN iYCuepafY9ZcFuBarWGgZo58bfzyNQUbaKNSyyVnb23z+ZrHGAgHuanZ4wrWd8gN idAm9QWAAkZK8T7HdTCYWlCMWaVcgxn7rIiQf44hkpqiUfOTrpOcpRI2igm/gkKi TBdQ1SNl4HHKV89/0YVL2K62QPmuBg== =OJL5 -----END PGP SIGNATURE-----
