Accepted chromium 79.0.3945.130-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Jan 2020 15:22:38 +0000
Source: chromium
Architecture: source
Version: 79.0.3945.130-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium
.
* New upstream security release.
- CVE-2020-6377: Use after free in audio. Reported by Zhe Jin
- CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti
Levomäki and Christian Jalio
- CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang
Gong
- CVE-2020-6380: Extension message verification error. Reported by Sergei
Glazunov
- CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and
Jianyu Chen
- CVE-2019-13726: Heap buffer overflow in password manager. Reported by
Sergei Glazunov
- CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported
by @piochu
- CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and
Guang Gong
- CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin
- CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
- CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov
- CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian
- CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and
Zhen Feng
- CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu
- CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous
- CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported
by Mark Amery
- CVE-2019-13738: Insufficient policy enforcement in navigation. Reported
by Johnathan Norman and Daniel Clark
- CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr
- CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani
- CVE-2019-13741: Insufficient validation of untrusted input in Blink.
Reported by Michał Bentkowski
- CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13743: Incorrect security UI in external protocol handling.
Reported by Zhiyang Zeng
- CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by
Prakash
- CVE-2019-13745: Insufficient policy enforcement in audio. Reported by
Luan Herrera
- CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by
David Erceg
- CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan
Popelyshev and André Bonatti
- CVE-2019-13748: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13750: Insufficient data validation in SQLite. Reported by
Wenxiang Qian
- CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian
- CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian
- CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian
- CVE-2019-13754: Insufficient policy enforcement in extensions. Reported
by Cody Crews
- CVE-2019-13755: Insufficient policy enforcement in extensions. Reported
by Masato Kinugawa
- CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil
Zhani
- CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13758: Insufficient policy enforcement in navigation. Reported
by Khalil Zhani
- CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu
- CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil
Zhani
- CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by
csanuragjain
- CVE-2019-13763: Insufficient policy enforcement in payments. Reported by
weiwangpp93
- CVE-2019-13767: Use after free in media picker. Reported by Sergei
Glazunov
Checksums-Sha1:
09b49e7f84d9287f479c393e54857f25c7daf58c 4242 chromium_79.0.3945.130-1~deb10u1.dsc
cab2484a4586d743ca9a6fd8507403cc710705d3 266756640 chromium_79.0.3945.130.orig.tar.xz
d23c9ba9e7af79afbd379f782ee0bfd0b9856ce5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
eb33c7841ad6193dc047554eb85da7f3f5be30a8 21561 chromium_79.0.3945.130-1~deb10u1_source.buildinfo
Checksums-Sha256:
41c5b7650e2b5d79d8d8affd420d13866cd0df298ae462c8eec44bc3298c100b 4242 chromium_79.0.3945.130-1~deb10u1.dsc
73d982161090d2c2af26f547cc6a8e1ef935a87d4d193789ced8c6ef07cf7a8d 266756640 chromium_79.0.3945.130.orig.tar.xz
1b71e851491c13cb82e60028e906a867db80f7d1d51448cce67979f82d50bde5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
1429950cfc28233fa2a2393a9b62b2a7f7a237fbac43d59c92c84b2fd08a03c2 21561 chromium_79.0.3945.130-1~deb10u1_source.buildinfo
Files:
b851e1538ebc543c6ec8b1aa3c970795 4242 web optional chromium_79.0.3945.130-1~deb10u1.dsc
b085e08af49bd9e9de7eef43e4d45886 266756640 web optional chromium_79.0.3945.130.orig.tar.xz
8b8bf1dcdd7cff4f958ddc3d6405ccfc 187468 web optional chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
53f128693bcf425b47d9a00bccb34d9f 21561 web optional chromium_79.0.3945.130-1~deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4kqtsACgkQmD40ZYkU
ayhceyAA4q2uspCB7M2G69i5QLCHgBxs5jGwfd7sTtU70zpuRrLFY6hFJ0KmwuPs
y8gSkPeKEp3dIBUYqsbVyVsbcXdqfB92RGsoO9tM7VG1OFlye1avbeBJnz5qywIW
syVB5zMOX8WUfAWu04HXfPb4/P2p2cVVrjY4iW4HYMuc0DGzVEySW8Hqac0PmFXY
9wAMwimnJwZRHBeSx3c+hU8haWZxKbCz0aqst+o7xVGoWkiKf/PIJWFPTI6UXK0g
UYPkpPRXgG875lL0rK+7movfvFmgR/zspIQFrv8MdIfIVMrFn16ZUX7XlKPcUwLD
KPjAKKwmh2q0YuGv5mBzEJhQFp6v6E7tiTFptqrebhkqL71YnLDATod6VzK+KK31
vB9b1UCr8+BEk3wt+wSSTME57mlNJURUqGWVA99+ozb96VsYiUI3+zNkRtDAj11g
598MBJGzh0ZNOW8jl+/KkSwvIsz5x0UbsIR3pI2zrYoz9cSBPxSkXIsdzIgX511Q
XCGTE3L2l9okgV7F6umf1nw4VX+jH4pe5kcei0cEfjm7brhLjQh4h4EtWEmx1uPW
8kFyCi8yrhfdlFE22tgeiQhqS3/bxxRyhzynxhTF15vqaTaDnYKp81Kq9xDMTJGz
qTuXTDR8pOPa8DJtOwqzWN01DzDqsQXcsimPZJB4khO85fk+PFTidZaBqJtJ2iQN
FPq7OMDk0TATzK3YCYJ6185R63cUKmlz98cuDGePmvmJtP/p44NKJxiOY0N9wfYc
ZpGD63QKL8+hsZWtDEAyZeT8mfOnnE932cMvdAu4iq528bcLvleVXTtnf3c98FmQ
fdTKuc9BmiA5gVL3L7aKR2Eu1zvhXS1pmfci7liY1qm+Zgl4Dl2XcKHr/SuyD0rJ
z/LXPlYGD4YSGMfr2b7cXl/Akwttd9Seb6uxHetKPq5uvSTggMboUql16gaF0XVz
FSQ2Jnp5LD2UH61QGVZ7OoQI9JVceJurkPyv0lJ698Ih861f9/ZOpAfApLsHjKge
b7LC20ldBwWyjG3QevPJugv+4ZltDxlxzB0fsCb43jY5u4vRcZFkfEWemRtxM0Gm
Pv9+dROz60iAN4J8KkDlxugHWEToLeI53M7fbX0TjCCoPUyR4aXRBI3rZMeMDzCy
gtyIgpmeh2FR+lJVkQcAn57ljW3y8ow/V4tCywyu3+RR+45PHtJzwsWh2oX1UiMq
tXVOJD9zRT6b+HVkODL2Tj3tY0SYCWGBzwBTePThwKxCDA5hTNZmuETexwF78UtK
B4/xhY87wuQaF2dmVcjbI7udxzLkcAdilz1+dFcxSLLuUxzQW0uef32ToT+dt7OB
VlPzv0fraptTMCMA/01OxSsSV6U7Bg==
=uEyh
-----END PGP SIGNATURE-----
Reply to: