-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 May 2018 13:03:02 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-driver chromium-common Architecture: source Version: 67.0.3396.62-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team <chromium-browser@packages.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell Changes: chromium-browser (67.0.3396.62-1) unstable; urgency=medium . * New upstream stable release. - CVE-2018-6123: Use after free in Blink. Reported by Looben Yang - CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong - CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico - CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric - CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang - CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski - CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane - CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane - CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong - CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith - CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert - CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang - CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han - CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong - CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk - CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin Checksums-Sha1: 1ccd8901ed3f43cf03f790f05035f7dee8943d2b 4188 chromium-browser_67.0.3396.62-1.dsc 5938942ea1275c7d81f25103b11cd56b8a68b329 411476116 chromium-browser_67.0.3396.62.orig.tar.xz ece04125aa9935bb193cbb133869ee24373bed9b 143880 chromium-browser_67.0.3396.62-1.debian.tar.xz 8df6fd51af20e6738297c8214e690339e26ccf5f 19319 chromium-browser_67.0.3396.62-1_source.buildinfo Checksums-Sha256: 73368b49d21a8213d8caabe5fd6fbdaa4418ff94ce580209a745bb0ae9d8f7a1 4188 chromium-browser_67.0.3396.62-1.dsc 30991f0b86195dbf0a4b85207e063dd3f2f45354d9d9c19d50055334331ab20d 411476116 chromium-browser_67.0.3396.62.orig.tar.xz e17095e878124f8174725f241ac019700aca5deecf3a8450f32404944fdb3bd0 143880 chromium-browser_67.0.3396.62-1.debian.tar.xz 0e9b718bc902fdc54d657d20e086991c91a6f049d21f66a5ac3321fae504d2ff 19319 chromium-browser_67.0.3396.62-1_source.buildinfo Files: 1654bfffa566c543ec32847f01c45d74 4188 web optional chromium-browser_67.0.3396.62-1.dsc 3b78b2b2302a90e80b2985c2d88c6d57 411476116 web optional chromium-browser_67.0.3396.62.orig.tar.xz dc176455865e61dff92106b9e2bb9fdd 143880 web optional chromium-browser_67.0.3396.62-1.debian.tar.xz 0388d3570ec331bd77009a21c85cdfae 19319 web optional chromium-browser_67.0.3396.62-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlsPSTsACgkQuNayzQLW 9HMHUCAAjb1ag4WPyiVhCzgREp2wbzuFpGfnwAHAKUygbp2qVyrluOZLupK0fg+d tOSB6RIzZxinCFB+06bGcAv7BYwl1RNJYzJMGMfX6d/v1e7/de370IT4wqy75TLw YSQqW/73nQnTrDZFh/jhaV6qRB2yHevrYfhwQKw7nYpGKRc0QZoq55YPC3ivd2i5 sMs5/rRhdW4AGKXrvGohbB46NI4mV829i+cIIxEY4/vbkXEhGPJkXWdDDBqG6MnL xULoT3sE6dJ6TUO7jdOaYSBojI+RkjN9rqlDagfnfesdtbB+zHAfq/4JNnOdszcr ALFqViLGrnkG8zK6utIXhUF2LDkRHoAloGsTkiwJlu+SIQwD0/eF0+CDgcW0vtFL uY2NtS3aFtl/U3d54pigHRewJ5lNDqFPvBA8MTBPRFT8F3TdkMMAxSDklDdNN5QB iAXOahxUc7cwwHlPiY+33UUY+8tCcApydvTEkFoTllO1/nMmr2jop8XZvQYbeZuJ lh3D6ZoqxixhIF4McDx6E0VgmqBr+2pm7DGaXRu/Og/BzFZWNVW7GuUVUaWiwn1E hsew6VVOqFdx3bxamx9He5+h4CM026lY3/3NPpeJ6Y23Wk63sh57/sNplze2OgAc EzZzAfpL+IWl01XHJARBL62vzrHo4rdtwmzh3AnToDp+4vjUtUunPZ3r55v+BLVL SZC1f6gzKPYd8hKPpjv17D/ERPNK/wJe+8LK7hTFuTRBh91lx18KarcQhQzVke7r w21Yev2L/csal91wYqhqbvoYWTP61Or7zitQgoq1wistGxqOKQKjXXllSKlTOy28 p3KAsR+cDASkK+Bkicb7R7nqMZch4Toe3DHo/zJlD6xtHJOBjMVXt9hj2Z5OPI9e SU08OQicB6t5oToPzDheA6ApJIiA/bWbd55IUKPaWEaQwzOLZN9x1KImGpy0ZBys w+AkJQm3UqIvFJk1kICAnhNcRW8QBOHeADsK/zDBznQqY6+P+EWBGF0JuAFZb8tE +kZGwvOxERLjH0sECednph7psk7SA1ChTjeeuXuCicX/eqwI+4pOdszKHCTVIdJX B3Y6IXcScuZevyFp0dfKK+e5Gz0LA2yf9PEnsxl/hVK+41iBKH3wGTrkuoqbs0+T FQyAFfdswdwre7oWpY7kSYb58yv+um2zQnLi03zY6o2tTSEAEv+l1OXN72AvLOQI 7Jg0QAuEFxyRx9xcK5bFaM/2l0qjD8CNmu+cWdVxSUVCKzS1UFM++kWDBp2ze6mF Idlhz26fUgsOxGaFond0AOzz2utx7LQ6PDyILEoP1d0oCxyj0VE5+q6pYfwbGzB8 THl0kIo6qg5nb+aYhfNn7Pdjyxy9Wg== =bddD -----END PGP SIGNATURE-----