-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Dec 2017 15:26:02 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver Architecture: source Version: 63.0.3239.84-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromedriver - web browser - WebDriver support transitional package chromium - web browser chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell chromium-widevine - web browser - widevine content decryption support Changes: chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium . * New upstream stable release. - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan Checksums-Sha1: 414794fe3ec24f68319a091a11e8fd21ed8a2640 4352 chromium-browser_63.0.3239.84-1~deb9u1.dsc f5e73f37f5d629eba5f56a2ce2bf1cfe469100a6 453410544 chromium-browser_63.0.3239.84.orig.tar.xz 5083088abd66483b2d2221bcc48551b09116c1d6 134112 chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz 335698892411b4f3b59a9b3fe0995875b1a38e0b 19645 chromium-browser_63.0.3239.84-1~deb9u1_source.buildinfo Checksums-Sha256: d099256bfe01d46e278c694cf42afb7a4c8c170d85ad2b75fdd1b211d54fd798 4352 chromium-browser_63.0.3239.84-1~deb9u1.dsc 70ba5f11dcf433c35ff964ca65f138e9faaf5f2c7c1980c8a4a1f79ca9c176a4 453410544 chromium-browser_63.0.3239.84.orig.tar.xz 91e9f1b2edebd2e220058af8b8088d9924d421b75f5dd73b86ea9e39dbd55caa 134112 chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz ef32683a037d4c059d2dce4f9cd8d325379f8c29055ccc4a0c63c95d5f3ac313 19645 chromium-browser_63.0.3239.84-1~deb9u1_source.buildinfo Files: 8fa60db860eb35b0337dac647c8b1ca5 4352 web optional chromium-browser_63.0.3239.84-1~deb9u1.dsc be13fd185f0de5835f2fddb8041ff9ad 453410544 web optional chromium-browser_63.0.3239.84.orig.tar.xz 2dd75865e8753ab96e0f2a1b1fbc3ec2 134112 web optional chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz f09b4c75d97ac9151094c9b2609c79d5 19645 web optional chromium-browser_63.0.3239.84-1~deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlotrcIACgkQuNayzQLW 9HNbKh/9HJ8iTICgSTH8i9zpbLkkz5MExivKGcTcEsWqv42AAgLYrvPlO1wJ4uQQ PPh0NOtenkOh8QJTpebBgH0n0Glabb1HzXtkCe4bSs+1psL99QLvRmjotgQKIytF XI6ZyM+85E+8jrksa5k5S3V83/cEsaaxCpflmW5OQ42mBxLn8+7dJPjMvTHrLcnv obFHIWcwuPb+Z0sb4Oc6qQsqKv8Tu8sAuASD8yKujEP0QHBpMTR1XSGzjPIYxAFt OXrRATzR/oodFJLRBQwzoR4EbaRNWgBF4Kttqrrhvaw7Ag94jWNZcKwkwc4oU8A+ wcoMnlKP1q4WOwmm9w4yggBDJZkZfPEMDwY53Cfb64HyEkRt1MzWzdsEbTJXrX5y EiN8RPb2d6FX3WWXr3IxE/bvS23uCe2NEzcEE0OAWGwT5d2V2KVL8eqXKgLf12JV bHxy8l+rG57pFzj4z9+uRVgpnGlU/KOV5EA6foZgCT+Pk6OExo8fyqICyarXBYqx TivYyzMvXvozgpfo4rXIwn1aWpYTLeAfmf4CelonXZeB9XKAYme04oYsJsTcXkuA viYSVrYzau0PndXTAspceL0eX9U2/oXIIdAISJxOmqUrkVJUyHzMEG/YdVgmrY7j d97XOHKabjrzU5gajOj7+g6pOBcYbCAbz1q7hJTTuHCoU4OK7rviR0pEyuwZNo8k LPU8OCPlWA9jo6yNEuxBkYaTU+rR+e1yIYRraQvNA8HRBB0qCxZ+3V5nqyERD3pY S2dU8khq0HkAsPW9lRF6zqNNEHQis8s0M813o15DSQdj3ptJ8HWeTzELCtHJiqqq y07GzU5sjwsNz/11RYb8jf5axhAo34q1qLMOCJcntQ/zxc9VnPZ8pm782p99If0X RI0L6FpMpN98fwTQa9UkEcqZvEa0tMpdkz4gPzvdMigwombjYqszaKXv9DQCpO3N cxLtmNBWt2AtUz1x69YPRkWtnO0x+74pdWiIcRNLeoco5yyGMemZ3hSkh2ElZP0k eFNnxLptI1Mf6TBZRms8aVdHKW5mGV5Meg8tfZYTKCbhhYpqDRNI+jN8ABfMNT9e 5gvie7Y9aF0x3bbmVSntOFwrs57J0rrg8DxClepIFvPdOsTdE0ncL1AXcPTWwTmR Af86DM6qx8Kz4sDA1kbQ2/f6QR/yd5tPzNIcUsTeowvsQcJDFeC4hUipaextvvXR /e0JaD77y8K7jl81Z9o6R6cjbKyGFUN8RtLvHsAnofH6lWv5ktwoRfM1OAVwR0ND PulJSC7CE4VOCt+BmaoBDsONJEDmbkWD0xwhWL67Lahkyd5TQovYnMIrQtPvAp1j y/9kYga0ZcAFXBCBn7f0+bQRGI5acA== =IacN -----END PGP SIGNATURE-----