-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Nov 2017 19:01:28 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromium-common Architecture: source Version: 62.0.3202.75-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell chromium-widevine - web browser - widevine content decryption support Closes: 878244 879451 Changes: chromium-browser (62.0.3202.75-1) unstable; urgency=medium . * New upstream stable release (closes: #879451). - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair - CVE-2017-5129: Use after free in WebAudio. Reported by Omair - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng * Enable chromecast feature switch (closes: #878244). Checksums-Sha1: d65eac6bb01b4e3717181a5fc261cfa49aa20eab 4329 chromium-browser_62.0.3202.75-1.dsc d74022d1e7d811dbb066dd1a9661e36f019df094 466908680 chromium-browser_62.0.3202.75.orig.tar.xz 2a1afdbf3952a38153fb178b31793385a0410e42 139684 chromium-browser_62.0.3202.75-1.debian.tar.xz 58c975de32ecfba2bb9da53c7efcec352c8923b0 19397 chromium-browser_62.0.3202.75-1_source.buildinfo Checksums-Sha256: 8aa89c8e69060a37e0776cc435125b01009e461762f8b5677c101f3895f46566 4329 chromium-browser_62.0.3202.75-1.dsc b45f623b78603574d6f8b2e06c6c9a8c648c2144d96d66d3fd86af0763e45045 466908680 chromium-browser_62.0.3202.75.orig.tar.xz d03ff6f7e377233e61a019630620b35d340f33c38476ed1c5125218bf86ebdd2 139684 chromium-browser_62.0.3202.75-1.debian.tar.xz 0ae58fb0aa1f5b8c55783d41181a34e8f3d262d17ccc333ffb7d78cd83fb7db5 19397 chromium-browser_62.0.3202.75-1_source.buildinfo Files: b6918e2ffc86b19ab5c93d85e86b07e6 4329 web optional chromium-browser_62.0.3202.75-1.dsc 0fa998f5567cea973263988bbf0e950c 466908680 web optional chromium-browser_62.0.3202.75.orig.tar.xz 16edbd6fc46722839725459fb5c749cc 139684 web optional chromium-browser_62.0.3202.75-1.debian.tar.xz ed2d7a16c1619abdfd278a9eda0a1611 19397 web optional chromium-browser_62.0.3202.75-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAln+Zh8ACgkQuNayzQLW 9HNqBh/+I9SEFf/PVbkHUOK22PEGOqyIQhxCRWOu51afoqu4V+ND+pybuDnhuSph sO9xeWHWkkwmxOYBduqoTFB484mPAmqPzr8+LfQUQ4Sg0YeRHeSzZY0cpICWlnjz EBxLSLFSeZOGCjXcY//F9UELtdNpIWmVi2PgV6HnmW0zOUFioszOZ61KK+qwh2tt vsafrSRtInMShBl3VFREXOWtELEGpwbj5N+bIH7mTtsaAzSlUqs5zPd9oVzZH0tc 0E9Xpnzeo//T2DiUR8XpAoYWF7j9pm+6XWA7eIqAyBEeEio8bi2OCikiJYQrbJkZ 20bszlOpfsF4txh/G0DvWxOtBgjMg4kErI3EHa5RxnJGv2PdwhUY9BZRHDzZgpHD QCf2OcUncbYlrjcE7VYLwxsetCfyGh0ft6wfgacYYuam0ZTVyuuJZFVYua0WC6Eg bUkaHnIZrzf25gMM73d4a/aVp/15Vd+TAuLioaqQezGLs28eGilKcZQF665KnFDA u43/G8A81bZJYhMtATfA6JcNJAcRUF88QtH0gX/ZVASX5PKvqhIQGKpga96Xolon pOCrVryHRImJkERfnivAn2a/vofAHpPWRfV6Zg4GjMeRk043ma+wUfSiIYc1iHMo T1R6DR6qiDkiNlTsroB1npTrDO3t81KBMxZivS3MuwmxK3OTKT/HjYAK9a0JZHIZ MlvqfKh04Os1C6/MLcS7oA7Ztzzan7Mgm82YXvYu2TgWHedpJw/au7dBUZQwwGU0 6JBC+7a1WZMUZKU02AU4zuswQGspsuz9BaQKgeo3nbCEnfX2Hrs2ImO91jyRQtFI cNSb1mM4HTsxEonG6/9EBI59qqvum9mbLEpM0UsA9ITlHd+OwKXtHcPIrjaCGHvX 3ZMTs5CTWhG4OK8xtBvoGFI5KmplDJMEsgU2Z29whGq0vB+uGelGZAziEs3i2avy nBes/yYxCYMHD9C66BIWjlI3djfpQPzr65hjkvUu2OKeImOWN7NH8mLI8ME24h17 o9sqDcRqFQtwq+hRSTQl0fI+1XDBL7HFJ+/FuZdtqMpOQb5mBhTuS0viySVNR2Dl flOTegYNISRqxT2tbZsYYBzAaqBQLXWNKdOZB6dPC8CjElHV/ERRarAyhr/W4oj0 pXuByviVj3EW2LIU+ImtO/uu+0tKgPXxge7Z8Xk1OJJaccBV4Y+06VC+bMq2CWir sC0p5wqNdw3knZwNznBgfc9ZtzCiq935awBgZG77sa4MQcmkzk2FpSrcIBxPIiqx Aic/5VWffsVU6PShG/vwz1M1v8HLvXM4bRdFQWPJ1CsHHXOe5vbrxg3E0loEf3kl uImZiQFVoyFWRWmadcVhV+O2r28NSg== =BIUE -----END PGP SIGNATURE-----