-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Jul 2017 19:56:20 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver Architecture: source i386 all Version: 60.0.3112.78-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromedriver - web browser - WebDriver support transitional package chromium - web browser chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell chromium-widevine - web browser - widevine content decryption support Changes: chromium-browser (60.0.3112.78-1~deb9u1) stretch-security; urgency=medium . * New upstream stable release. - CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson - CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong - CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski - CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson - CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng - CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera - CVE-2017-5094: Type confusion in extensions. Reported by Anonymous - CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous - CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada - CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous - CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim - CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou - CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous - CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera - CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani - CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora - CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac - CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner - CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong - CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado - CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr - CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab Checksums-Sha1: 43b83bc9bdd3306b7994a18f853666a8d3aaae37 4352 chromium-browser_60.0.3112.78-1~deb9u1.dsc e2ab7b66c3ef9fb4c21de1ab8efe39b07dc3a6d0 446448212 chromium-browser_60.0.3112.78.orig.tar.xz 9b7e14791250132e9881560c380113c9f3b8cf3a 133696 chromium-browser_60.0.3112.78-1~deb9u1.debian.tar.xz 0aff9ba621370febc33d166e9b979668605cf5ae 122840 chromedriver_60.0.3112.78-1~deb9u1_i386.deb 579a30f1a7b315c15c629131f5aa9eb9540ab4e2 21902 chromium-browser_60.0.3112.78-1~deb9u1_i386.buildinfo 33c8efaf2a9f499b323ff7b5b9571610875cdec8 6575534 chromium-dbgsym_60.0.3112.78-1~deb9u1_i386.deb 1decdd3629a22c4e81bf6e967059395d4231c1c0 402726 chromium-driver-dbgsym_60.0.3112.78-1~deb9u1_i386.deb a7131cc2806763f68a46201368de3a5e4beb1b5c 3928014 chromium-driver_60.0.3112.78-1~deb9u1_i386.deb 8779df0f18d39b40c33c6753b2f7a50836455601 2793108 chromium-l10n_60.0.3112.78-1~deb9u1_all.deb fc1aef3114f90c6157fddf2ce58c668a88edffcc 4398502 chromium-shell-dbgsym_60.0.3112.78-1~deb9u1_i386.deb f3e3da5c2757f32dac49560e3ae7d5c2428ef45f 31878252 chromium-shell_60.0.3112.78-1~deb9u1_i386.deb d15265418398ee706e610da577430241cd20a715 159294 chromium-widevine_60.0.3112.78-1~deb9u1_i386.deb 16cfe4c4621ffb4152aab76f9dcf4e86f3c8bf75 57448758 chromium_60.0.3112.78-1~deb9u1_i386.deb Checksums-Sha256: 36a346f101d2aa0488b1ea161899dc53b33ab959c1e1c1c7dd2fe73e2a62b285 4352 chromium-browser_60.0.3112.78-1~deb9u1.dsc 89cad006ebdb9aa75fe0376aa40911fc57f71f7245aecbecc99c2443216ee8ca 446448212 chromium-browser_60.0.3112.78.orig.tar.xz a643b0f50c127e8b2deb2573978913b6207675240f78a6f247af614d71886363 133696 chromium-browser_60.0.3112.78-1~deb9u1.debian.tar.xz 792287cc8bac550b40459640c45abae1c47c2e74025615b70537e16e1af4f34a 122840 chromedriver_60.0.3112.78-1~deb9u1_i386.deb 8196722946409e6903250455b92df34aba43f58c3818da13a2c264387057d4cb 21902 chromium-browser_60.0.3112.78-1~deb9u1_i386.buildinfo c3be0e376a5ce8f1b2c59339bb91ed8377e57985ec8c1871bbe84be03ac73559 6575534 chromium-dbgsym_60.0.3112.78-1~deb9u1_i386.deb d16e61feec7bd9d194f27dba54bdb2ce91847ba1f2b518537eb40ce3b83218d4 402726 chromium-driver-dbgsym_60.0.3112.78-1~deb9u1_i386.deb db166c9eead90329c30a5b386b0fa1fe674ced5470b81cadee2f6a02ffb38825 3928014 chromium-driver_60.0.3112.78-1~deb9u1_i386.deb 984f39accba8c1340dc0a593407fc8d304b8ad980e96604e6ca259ec72768d1e 2793108 chromium-l10n_60.0.3112.78-1~deb9u1_all.deb 2198c5f1cb858d71981b2f5ebd4b4f0bf5c8f251dffe9f5e4175019e4e4d2bf8 4398502 chromium-shell-dbgsym_60.0.3112.78-1~deb9u1_i386.deb 5161350c3a8e40b88040b2db00a3a090f3dd0c610e9d59e53aa5164e61c34d56 31878252 chromium-shell_60.0.3112.78-1~deb9u1_i386.deb bfdad5f0dfac04e2043ef27c5b5eb731b6f2fa80cfc1f50bdec7583199bccf33 159294 chromium-widevine_60.0.3112.78-1~deb9u1_i386.deb b84314536b50b6afa8eca08daf96122861c4b05987bb6f5c395aca708f7931e0 57448758 chromium_60.0.3112.78-1~deb9u1_i386.deb Files: a50b5434be49fab960f6edc45de260f3 4352 web optional chromium-browser_60.0.3112.78-1~deb9u1.dsc 66dc14bd4000ef0d1ed861271f17c1d5 446448212 web optional chromium-browser_60.0.3112.78.orig.tar.xz 2e09e4952361797d6bbcabff9591c367 133696 web optional chromium-browser_60.0.3112.78-1~deb9u1.debian.tar.xz 66229fa88877ab35568e266c9c5a37da 122840 web optional chromedriver_60.0.3112.78-1~deb9u1_i386.deb 899c2aa5f23e51aef9f2bf4909ca2f27 21902 web optional chromium-browser_60.0.3112.78-1~deb9u1_i386.buildinfo 238e8c1368cffec4f29543c6a19dbe95 6575534 debug extra chromium-dbgsym_60.0.3112.78-1~deb9u1_i386.deb 6da70a1ccfad140a5d6a8ede8bbc8547 402726 debug extra chromium-driver-dbgsym_60.0.3112.78-1~deb9u1_i386.deb 8935ea8ccbae84e7a5c41d144d55a0ee 3928014 web optional chromium-driver_60.0.3112.78-1~deb9u1_i386.deb d03abbcc3561cacf597e5c7317014d86 2793108 localization optional chromium-l10n_60.0.3112.78-1~deb9u1_all.deb 84c3612e6cbb5d028750aebbaee6b4dd 4398502 debug extra chromium-shell-dbgsym_60.0.3112.78-1~deb9u1_i386.deb e245c50908f9df663dd6369fdc25f6de 31878252 web optional chromium-shell_60.0.3112.78-1~deb9u1_i386.deb 50b2f48e162c072ff4d7996bd769bc28 159294 contrib/web optional chromium-widevine_60.0.3112.78-1~deb9u1_i386.deb ef39adbb5b65697bc9b1a9469e547294 57448758 web optional chromium_60.0.3112.78-1~deb9u1_i386.deb -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAll9R/AACgkQuNayzQLW 9HOUmCAAqIQBCPHYWraEwl+9oV9Gjhkx3IIoyJKxtM76OYXRY659fctwMT7kA9Hj J3XT3A5PLqlTSQWKIGumEpTgVdcAXr8HelM3EWkhhhsTGlc4ChgK5BjXhEKJT8OI boFhLZSmXJylYXda0m30YSeYF6xtgYvDJ49EfQ/y7U8m58sxu2FrSeMGI06+bcI8 ZuTBQGWX64Xmxg5taXjr5tuu/g0n+ebQw5QVCFrjWROQ5jaeUdjNzhs4Bi9yTsyo IEJihuKung7c631Dh6kT7ANkUdYCTfMP3Eb3KohPnwudpvshgO0vLc+VEasg+jf8 O6O/n1h3lzoom441vxRlN02b2Q+hn1PJdmMaj3jqLH13LYnywM+/XGtQ758j42nF pXfdEBHgJm4o/RqxuHsVv7ObLxrdmghV0FfLlDxFqKNpjCBIBf2XRfxF0kbWtANH V+ARDdgmTBwxKDa6lwwc2KBCoaQavjYZ5vfR/dWJB6tm58mlJSjeVTkt99yCaKIV n6VlEkISuTh1Cwuv5F6HPH5GSI56EwxAzHMJFarDL6wsMJXkZ/OZtSgj+lb3UN4a ZBGdxfgSjXerH0XwfgYVzSkkjE3qiOZyASwm5u162PxZdb2QTOE2Hic2EeuuZyRG ApGF3TkFYujADvORsdOkYtfxWD4r0r+XNoOo1TmpjFf+qicWsuV5YRuMvd9ROklT ikFjoZPXUAl9bIe6Ccunp18EBTcwWSDxw8qeI5lEqouaPZXr4aRGpDvj04Sl/HPz O71/u/opqFmUsmjpvT5QTtmLiRjCuAxopA4cgps/M6nyKSBlWqVS55hnk2LskKoe GAAfx+LqLJuRgBRI8eGR0yoGJZn4pcGpLvimTtV8FDkfnp3lW9JySkUBQMATTwpO oJoaUPZwlgLwS/r8sFPBk+phoAFLmDifD1+peNzK/5zqWVfOHugt/YcZeK8YashJ MI1deUjjGmhM8p9DmrHCsiqZ13e550ucTShDwzP+aHASs1aFe9+GpzVGk75cbqQe cdOedue4zfUaFnUOBrL9r4hd/TKVVuAbLUW2pVEQBZpkFuJIMXDgbKxYK3B2r2HP e+lD04oKFxY4ZMjErOwibeYlD0A3rHXcC0GwAEF4/kHFByfaUev5vmlJQJHIdz9i 3SfEhmuorqYQNG+QqkCkRxUHV72u4zbCBKFhQpVB23iBQZJLU9FfS/z3DBgg4Ek2 0qotsfsTdxz40wT0zSZ0rx3wJ3TqfTWhZ96N+1Owtm4tvQqBf+tk3aqWheIvIZKj 5F4YRuxQCfXQcAm0B3oIQL+fwQSg5dQQJ2KQXDi7z603Rrebbli0C7WWBYFIrQMo 0c08pvfFka68ALjgNhBJoLnS2UdMoQ== =pai1 -----END PGP SIGNATURE-----