-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 15 Jul 2018 20:09:38 +0000 Source: chromium-browser Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver Architecture: source Version: 68.0.3440.75-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: chromedriver - web browser - WebDriver support transitional package chromium - web browser chromium-driver - web browser - WebDriver support chromium-l10n - web browser - language packs chromium-shell - web browser - minimal shell chromium-widevine - web browser - widevine content decryption support Closes: 902909 Changes: chromium-browser (68.0.3440.75-1~deb9u1) stretch-security; urgency=medium . * New upstream stable release. - CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - CVE-2018-6044: Request privilege escalation in Extensions . Reported by Rob Wu - CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang - CVE-2018-6169: Permissions bypass in extension installation . Reported by Sam P - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani - CVE-2018-6179: Local file information leak in Extensions. * Correct a regression in audio/video file handling caused by the ffmpeg 3.4 support patch introduced in the previous security upload (closes: #902909). Checksums-Sha1: 895fc8e6808d0f703c92b9e1d1702ddbad9e28c9 4370 chromium-browser_68.0.3440.75-1~deb9u1.dsc 72e6cf3875b0b03df551cb94ba5df20f2d7ea8e2 209142896 chromium-browser_68.0.3440.75.orig.tar.xz c8c833da09f114dbb26969bbc66fee96354f08be 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz 6327084d79b14653050ce1bcf4e0c0d5b726746e 19992 chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo Checksums-Sha256: 916dc8e2a809e2881a12be4779dc38173b18608e5cd6c4ca9b31b4b82128abc6 4370 chromium-browser_68.0.3440.75-1~deb9u1.dsc d5b196eab81459271f4ae98bcb96c6ce032f8c3bce53a111d6c47d99a3c09575 209142896 chromium-browser_68.0.3440.75.orig.tar.xz 08be23658a0fb27dcd36957b04896d98d7c38b3f8f73dc85a167c4f6befd73aa 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz 7ccccf946e3c667a85e415f6c55970131cd48cdfde369bc6ceb083a4667a3098 19992 chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo Files: de84809ac3e32893d93a14e34de35f8d 4370 web optional chromium-browser_68.0.3440.75-1~deb9u1.dsc 7d48d695075a2c034bb58d830ed21ac7 209142896 web optional chromium-browser_68.0.3440.75.orig.tar.xz 2ee75338a5fdb36a7cc12720e3a4a0dd 144580 web optional chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz 00525931caecc6d906a6d0ba73828a38 19992 web optional chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaWEsACgkQuNayzQLW 9HN2Jx//XW6MGnoUlL/mAx5V0gaLY7lq72uOOPX3KNxqbPlMJwYR0ISoojgtYKKW CGfCjxW/Kz/+rqarFSQobQIs3VcaQZ7+k15XMJapxPkMz0JXoOl9sU69xtoWladO WOiGLp4nq6Fo8TKhUTrz1YhWP7p3WljzYYz5S5jXnMXQBxsPi7AF5VPiaSkkmhAe 24Ld0IEW8g83XB0R3cP0rSOO6cD6uOrxiLK75pLZybsB/mJHrYGG+L8SCGOIJk56 Chl7027zFtpI4Z7D6f/m3Xk45ZWp9kHSb5l5gETorlmHFIBti2POBvXKCXXbGPik kKIaV9tq0EirVso/oc3l99/Kr3c226YoUdT/8fDdW6RZsz2b1vVddBUk6mBQQJ1g mJTHEe4ZikJXps/ktW2aaWv3Kbqwi8c1JZFFHC1RY26+Q35YGMpoqlzzH9T7iy9I EwF9011/11RyNY4Ft0lHX32YewruKYHjB59NpmmRKiHtDtmGEto98qs1Xk/WTn17 fTXci/ebvrf5JFNbgLS/4UD33q8C0r/k3dtFaEUxHucVFvuOMNfhCCehsEEIQOaw i2cBX+xHGWBDLcbuatb2Bk8D+5N/YzNzoauZpm9tImxjndVNnxwu+1dg1ksNWXuh dXGcBSyy/cBXtg1URWGWAX4L9ZrgsIuXwMqopclUqK2uo6EergSwewV0CdqmM5It 22r4WsLs+Q4l2UwU2yRTombv9qQLWQThziLZKX/5LZIqH4gDqWeAzqBmI+LeV8MP i48HxhH/s1o74Lk5vzXThii8zr7RCd59y5bbBiAhsR6iaJ77QUG83f3bBe2iu4AN E6JuYHpsgmPVnS9SFdaGM6ZnYcyWLHDNmVCrMIvQlIA9FGJYwKK0qlK4pddErZBB TnM5px34rBBsoY1pnjG2kff9nP+Dkfz89PAQ908hTvu+qne6m+AQBE5HUqtNmVcw lk5VhPCsw3EplJjA9fF2/ukfJchwWq0EDmwzhP5W6lKQL7vpPABD6Trz9exvofRE yuZ7rfSbZBYnQj0UoKg4T7f/NEXV/NSaTrc39cqXy363ERiVUPhrvOa/Q+ajXDRM 5fILKu3mlEVRIPH5TZzXE17ed+MKMM0C6zEbSc6yvmxlYHddnpXBbl+3BSzypwri 7Fy7rswNWNX/ceK0+ehxWWKxCcsIgHu4Ob9nKtQpNhGpFlKd1sZy3MVVSdIZs/F2 smb/2lNMucmN42iuSoOWBUo16EvV04JXsJ1fCaGlq0oDdhNKkIzL96LLE4V1uUrC d8NQ1MZOwUfC6pwzLk0PdvnNDQIYMcsHHY4kc1KWGgeT72N/VabTCcZm6zyQR9ZS QwFDs6DYQtaU5hAKo/C4AdgZ16AErw== =1ONE -----END PGP SIGNATURE-----
