Accepted chromium-browser 68.0.3440.75-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium-browser 68.0.3440.75-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 10 Sep 2018 19:02:30 +0000
Message-id: <[🔎] E1fzRSA-000CM8-DE@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 15 Jul 2018 20:09:38 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 68.0.3440.75-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Closes: 902909
Changes:
 chromium-browser (68.0.3440.75-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2018-4117: Cross origin information leak in Blink. Reported by
       AhsanEjaz
     - CVE-2018-6044: Request privilege escalation in Extensions . Reported by
       Rob Wu
     - CVE-2018-6150: Cross origin information disclosure in Service Workers.
       Reported by Rob Wu
     - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu
     - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu
     - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou
     - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair
     - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich
     - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie
       Silvanovich
     - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich
     - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin
     - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by
       Jun Kokatsu
     - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun
       Kokatsu
     - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair
     - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by
       Jun Kokatsu
     - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0
     - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang
     - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang
     - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y.
       Huang
     - CVE-2018-6169: Permissions bypass in extension installation . Reported by
       Sam P
     - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous
     - CVE-2018-6171: Use after free in WebBluetooth.
     - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand
     - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani
     - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by
       Jann Horn
     - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron
       Masas
     - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani
     - CVE-2018-6179: Local file information leak in Extensions.
   * Correct a regression in audio/video file handling caused by the ffmpeg 3.4
     support patch introduced in the previous security upload (closes: #902909).
Checksums-Sha1:
 895fc8e6808d0f703c92b9e1d1702ddbad9e28c9 4370 chromium-browser_68.0.3440.75-1~deb9u1.dsc
 72e6cf3875b0b03df551cb94ba5df20f2d7ea8e2 209142896 chromium-browser_68.0.3440.75.orig.tar.xz
 c8c833da09f114dbb26969bbc66fee96354f08be 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz
 6327084d79b14653050ce1bcf4e0c0d5b726746e 19992 chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo
Checksums-Sha256:
 916dc8e2a809e2881a12be4779dc38173b18608e5cd6c4ca9b31b4b82128abc6 4370 chromium-browser_68.0.3440.75-1~deb9u1.dsc
 d5b196eab81459271f4ae98bcb96c6ce032f8c3bce53a111d6c47d99a3c09575 209142896 chromium-browser_68.0.3440.75.orig.tar.xz
 08be23658a0fb27dcd36957b04896d98d7c38b3f8f73dc85a167c4f6befd73aa 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz
 7ccccf946e3c667a85e415f6c55970131cd48cdfde369bc6ceb083a4667a3098 19992 chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo
Files:
 de84809ac3e32893d93a14e34de35f8d 4370 web optional chromium-browser_68.0.3440.75-1~deb9u1.dsc
 7d48d695075a2c034bb58d830ed21ac7 209142896 web optional chromium-browser_68.0.3440.75.orig.tar.xz
 2ee75338a5fdb36a7cc12720e3a4a0dd 144580 web optional chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz
 00525931caecc6d906a6d0ba73828a38 19992 web optional chromium-browser_68.0.3440.75-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaWEsACgkQuNayzQLW
9HN2Jx//XW6MGnoUlL/mAx5V0gaLY7lq72uOOPX3KNxqbPlMJwYR0ISoojgtYKKW
CGfCjxW/Kz/+rqarFSQobQIs3VcaQZ7+k15XMJapxPkMz0JXoOl9sU69xtoWladO
WOiGLp4nq6Fo8TKhUTrz1YhWP7p3WljzYYz5S5jXnMXQBxsPi7AF5VPiaSkkmhAe
24Ld0IEW8g83XB0R3cP0rSOO6cD6uOrxiLK75pLZybsB/mJHrYGG+L8SCGOIJk56
Chl7027zFtpI4Z7D6f/m3Xk45ZWp9kHSb5l5gETorlmHFIBti2POBvXKCXXbGPik
kKIaV9tq0EirVso/oc3l99/Kr3c226YoUdT/8fDdW6RZsz2b1vVddBUk6mBQQJ1g
mJTHEe4ZikJXps/ktW2aaWv3Kbqwi8c1JZFFHC1RY26+Q35YGMpoqlzzH9T7iy9I
EwF9011/11RyNY4Ft0lHX32YewruKYHjB59NpmmRKiHtDtmGEto98qs1Xk/WTn17
fTXci/ebvrf5JFNbgLS/4UD33q8C0r/k3dtFaEUxHucVFvuOMNfhCCehsEEIQOaw
i2cBX+xHGWBDLcbuatb2Bk8D+5N/YzNzoauZpm9tImxjndVNnxwu+1dg1ksNWXuh
dXGcBSyy/cBXtg1URWGWAX4L9ZrgsIuXwMqopclUqK2uo6EergSwewV0CdqmM5It
22r4WsLs+Q4l2UwU2yRTombv9qQLWQThziLZKX/5LZIqH4gDqWeAzqBmI+LeV8MP
i48HxhH/s1o74Lk5vzXThii8zr7RCd59y5bbBiAhsR6iaJ77QUG83f3bBe2iu4AN
E6JuYHpsgmPVnS9SFdaGM6ZnYcyWLHDNmVCrMIvQlIA9FGJYwKK0qlK4pddErZBB
TnM5px34rBBsoY1pnjG2kff9nP+Dkfz89PAQ908hTvu+qne6m+AQBE5HUqtNmVcw
lk5VhPCsw3EplJjA9fF2/ukfJchwWq0EDmwzhP5W6lKQL7vpPABD6Trz9exvofRE
yuZ7rfSbZBYnQj0UoKg4T7f/NEXV/NSaTrc39cqXy363ERiVUPhrvOa/Q+ajXDRM
5fILKu3mlEVRIPH5TZzXE17ed+MKMM0C6zEbSc6yvmxlYHddnpXBbl+3BSzypwri
7Fy7rswNWNX/ceK0+ehxWWKxCcsIgHu4Ob9nKtQpNhGpFlKd1sZy3MVVSdIZs/F2
smb/2lNMucmN42iuSoOWBUo16EvV04JXsJ1fCaGlq0oDdhNKkIzL96LLE4V1uUrC
d8NQ1MZOwUfC6pwzLk0PdvnNDQIYMcsHHY4kc1KWGgeT72N/VabTCcZm6zyQR9ZS
QwFDs6DYQtaU5hAKo/C4AdgZ16AErw==
=1ONE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted chromium-browser 67.0.3396.87-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted chromium-browser 69.0.3497.81-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted chromium-browser 67.0.3396.87-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted chromium-browser 69.0.3497.81-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread