-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Nov 2017 03:09:35 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver Architecture: source Version: 62.0.3202.75-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromedriver - web browser - WebDriver support transitional package chromium - web browser chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell chromium-widevine - web browser - widevine content decryption support Changes: chromium-browser (62.0.3202.75-1~deb9u1) stretch-security; urgency=medium . * New upstream stable release. - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair - CVE-2017-5129: Use after free in WebAudio. Reported by Omair - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng Checksums-Sha1: c49e9bb1bfcce1e6bc027f5f2cae17ac1d008917 4352 chromium-browser_62.0.3202.75-1~deb9u1.dsc d74022d1e7d811dbb066dd1a9661e36f019df094 466908680 chromium-browser_62.0.3202.75.orig.tar.xz 4e78cce275c0c2ad6b6ed4f5d8f1c934c9ddd4d6 133584 chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz 51b5f5754d947798bbfdc3810b6604c0e2575864 19560 chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo Checksums-Sha256: 41e70ae457f96f08d39fe8da982f15a89bdb751cbfd4a8b88d0ec1ce755b888b 4352 chromium-browser_62.0.3202.75-1~deb9u1.dsc b45f623b78603574d6f8b2e06c6c9a8c648c2144d96d66d3fd86af0763e45045 466908680 chromium-browser_62.0.3202.75.orig.tar.xz 5d9a759fe10b30a6a303cae49cdebfcb1edd4d0063f9defe27d1b30a8677b507 133584 chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz be06bb85d5478c374a93475c2d6b31999ccfa6803225d6addb3072b5f430cf8c 19560 chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo Files: 6870826dd2cdf292f0b23329a35d33e6 4352 web optional chromium-browser_62.0.3202.75-1~deb9u1.dsc 0fa998f5567cea973263988bbf0e950c 466908680 web optional chromium-browser_62.0.3202.75.orig.tar.xz 6bf476adc04b30d2df1e06b30cee89ff 133584 web optional chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz 18f384fb9810e49c4dff903357506a9b 19560 web optional chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAln+97kACgkQuNayzQLW 9HPONx/+P+cF/vEFhwkDSGq+NRXJafL+U1gGoPg0fcGg/trNm+3YYKlZxuqzaiJB AFHyF7e2273b62WkYjeFjjqbLIYIGEWMAamlCJbhRnFsTo//HgqBaRau2oApA60p rXVW2AN65PJZ+MVlJkYHJtXVAOISzNv0Rjd+V2iyk+QZJO0iMlCZchO0tPSTzjA7 2krMzkNblyComzBiLT8ln84qtszLx91BQSuYHg+vlvSab+EkWEBgX33XkfqLSX1I Qk/gqcsUn9+PeaCoNYZJ0kTNMq7th21xHpW+nVGwP+v+qbyE7lPCSVKb+UzuZ3A2 sNVutNL4Js6IGaYeEZXypX24Y0kGmXxGJr7j3D/047MzjuF0IxZWrsHdxgXPFz1b 9DEFhp1w3Asogg9GK4IzH73ltwYp6+FeBraUlTHO4zr1szCD7z+2G4eknNkfsuSn lvZDpYYrbGd5CdrcvkSGlNvh4h6MYF8SAl7OpMf7rmsPK3qwxZshXIeCWVXkf7Dk GkIdOQ3k3AOulEKBoyH54u+EGK2UR7I18nuXjfPdCKiyl2DBlViyCalBGFsYeIBm GKN2mTITbb+JdBRN1Gt3xU8ASMrvvZwzKi5HBAvoWnZzVkFXtqR8sphVFaXvAOo5 Ox8fGGiA3jUvgXCznXrNptPjibZC6LCqCmeDoXnawqE60jYCHaWioLg6q363+qpL kxQucnHNj0lY3u9gwsxLTcyxTCjtEB04inBl94o3eRi9bkep2jl7P7GZpkIB25Hs big/ynRoBBlZHIILWWHPydAnvfV5PDBiIFsq+xZfSFoObQRdau6exbfO+pMCCwcw anBs/eFLS1F3+I9Y4+HeQm2arh/dq9+eUKy8fZm9wzMYKUncF4n51PWraZwc26Jv 5Je0v8DHUaKH6mvPjxH7E3VGv8XxZm9UvZTSj75HCkZV+q+yR6B94P5dQ+FJNAaa nb3NynHwN4MAloyi01Yf7CS/aisUGGRlDmH2e1TeqXjsQQmn4Tp3+EGVJQ0EAQXY dV2o4HN6ff3WmeVjc9tUGl3I8ae+BNkhu2/zvKeYi6qc3gn7GfXSxcHLrS3PGoRg Rfjp5mzuoP7LXPZsCkehvQ206Yv0pXt0FqUuD/7vfQRzuwqyBHiFvdFd4RpsW/0p NHCKCyKA9QsfmoqtafwoOx7Nt5WkV7ZYsEM344OeWWn8L/2QGnIwek54n524P3oP gvNvQqUvuQ40meR/fn+/v+MvPYQUISfKJKM3HQVEiaAL9/6/W37M44THyJKp4fn2 5zdP/pLlTaXZKzAaPsJ9E1Qn0j0qTMSyq0dgJbkvFKThvUxT2POHgwn7fRo/cXmj j4a3LYiyySgaMz3uPHmfRSOKlTtt8w== =nP55 -----END PGP SIGNATURE-----