-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Jun 2018 23:47:08 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 67.0.3396.87-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
chromedriver - web browser - WebDriver support transitional package
chromium - web browser
chromium-driver - web browser - WebDriver support
chromium-l10n - web browser - language packs
chromium-shell - web browser - minimal shell
chromium-widevine - web browser - widevine content decryption support
Changes:
chromium-browser (67.0.3396.87-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-6123: Use after free in Blink. Reported by Looben Yang
- CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong
- CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico
- CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang
- CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported
by Natalie Silvanovich
- CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald
E. Crane
- CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane
- CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong
- CVE-2018-6137: Leak of visited status of page in Blink. Reported by
Michael Smith
- CVE-2018-6138: Overly permissive policy in Extensions. Reported by
François Lajeunesse-Robert
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang
- CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo
Han
- CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong
- CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk
- CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato
Kinugawa
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views. Reported by Michail Pishchagin
- CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał
Bentkowski
- CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and
Jundong Xie
* The widevine adaptor package is now empty, it is no longer required to
use the widevine content decryption module.
Checksums-Sha1:
38b0975cc6c28552dc7da5a047369d3e8b389861 4352 chromium-browser_67.0.3396.87-1~deb9u1.dsc
abdaf339fcc3a35d19c319aa6f134ff9f0b190e5 420694684 chromium-browser_67.0.3396.87.orig.tar.xz
b1d7d372833466f7f6077b04075f299d5d9ec103 148628 chromium-browser_67.0.3396.87-1~deb9u1.debian.tar.xz
6ef0056235201160bd7d5a4b50b7587f293f9b7c 19940 chromium-browser_67.0.3396.87-1~deb9u1_source.buildinfo
Checksums-Sha256:
c5ebd2091bbf87a145bf6b9b4d30139c021b18d78ecd322624c0aba5559c6420 4352 chromium-browser_67.0.3396.87-1~deb9u1.dsc
4745b1e51cc4831193f86684b74ff47cad2dd5800b52c04704df927e85c6e8f4 420694684 chromium-browser_67.0.3396.87.orig.tar.xz
423eb12d353f4a51fe75987189113d1cc00bc3002e1463152db2ea59d5ab3038 148628 chromium-browser_67.0.3396.87-1~deb9u1.debian.tar.xz
ab1a9a7ecbe4efa5984e228570a4b0f4ff3e64eb295eb6a1798e7152dc7178d5 19940 chromium-browser_67.0.3396.87-1~deb9u1_source.buildinfo
Files:
c7b65030d5c27bae08e622869982596e 4352 web optional chromium-browser_67.0.3396.87-1~deb9u1.dsc
bba246fb81e374d005aadcd882beefe3 420694684 web optional chromium-browser_67.0.3396.87.orig.tar.xz
42758fd298658f5826e5fb64fd728322 148628 web optional chromium-browser_67.0.3396.87-1~deb9u1.debian.tar.xz
4fb864047fed1b831ce3d1f6eb1236d1 19940 web optional chromium-browser_67.0.3396.87-1~deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls3H28ACgkQuNayzQLW
9HOOKR//U7tQqL8pIBKrD51CivaNRrSb6up/e9x4O2Vp7H6lKncy0nwnAgrdhuXJ
vWXidJ/EZ5z+AaZLDKfE3jYVFta/tpT4lxZT6kjta2jwDCktY+e7Lya90v85nxeH
pERMdiJ6Y6NkgQMU14a9IkQ+HGrimHkOeoMnpP5xL0lvK/4T2TcjZ+8NqaHCkEIq
ZdDxC/rofMaGfRPLFUxM1lxk8/vqGZaJ0GC6Aj71Ec1smbgiqINtqgwT5EdkgEtc
IHHyixBmoylI6IbWXNmelcHr1M2th91q5Q4Iqz7VOVtODUhsYvl5dzwIRiwaWulr
C31CuHwULUnj+YnwwpgzRqm3cFCus5inDG6K/he9fVTg73gsa96rLagiKZ22PvQi
T4ASTLvuUkRDdw0/DBlsQgHR2io8Z15pK6S4fuNTWermin2IPbADwmc7GLzDMY61
u/tqrlZAWmmRpkZcrkhPg2TtZuT7I/SoGuKzxssng3xoFx+ygvNoceLOAA82QOJf
5RN4nhsHOlEu3xUarBu8sYb+1PwNMh/St8reoACdAqcXcUFMusD/O+go7i+y60zn
569olr3PAU7bW9uoq3iFKJZD8GNpD7mMxJK1m9IFekN+50JkJJKo+wGZaZE5v4Pi
D5wBDLpEY2MAAhNEOI04jNMvOpOJ+AevnlE3IpvO87x1gMC7Qmg9geORnh2FhekI
tPO/tpBegm6R/TXvO+gzhXADGRv69sI6Bpm6ixlV8zaSZlFamvu5KtPJtuMkVTT/
SMgTj3sytNdOOcyW9yjx5BpuCETncMJ7UgRMahsw8SNj0qwurOCD7Mdj6qE4oDuc
tthyW7sfOTZURS5Jwyp/+uWyMH0195qB9MvD9SSOz7ktp5ZS1Y7bnuRBQuzNbWe4
L3lGrO6KizHHwotj0ATaqpHTCj0IEEe8DA3RfQkmoaA8iGKjPt3uOy8MZPMJZe46
8uLgyr6RJE0crCFI6rCOH4W5NF937KDzU/DbwcI1GucVvTkJUJlsWzrH/OeOhwbm
HNyMLz3bOFECFIfNblb5HTGSZypgP3JcLXYGPOkmBe8ftC11kskNUVhkJNxZ2Hxo
Q7NnfN2DwmxH8HiqSIfipOQ5+xVyku8rSF7Ue/+tc8cbdfkblZvEUl3hsESWuv6k
5JBIbMF0M0+2cJMPIJBT72iJDqZDYpYoIajDHdcQOjrwaIXqgLlhdoDE3tBBlcKU
IojWKEXbuofFytYB6KXUmNuKZwAp/WtfAc25YEh6goOauTSxqjcuqtZM9nh8LrdS
3o/nL1rFwbPzLS93yCMkA5CXnLzczJgvpnIk3rcs4i6uAcfZVIiy77EtzlM0Fo90
NJH5V6+mSoYGUUmZN67hxSZJRIMnrw==
=W0Ps
-----END PGP SIGNATURE-----
