[SECURITY] [DSA 2939-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2939-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
May 31, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746
CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152
Several vulnerabilities were discovered in the chromium web browser.
CVE-2014-1743
cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
document object model implementation.
CVE-2014-1744
Aaron Staple discovered an integer overflow issue in audio input
handling.
CVE-2014-1745
Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
scalable vector graphics implementation.
CVE-2014-1746
Holger Fuhrmannek discovered an out-of-bounds read issue in the URL
protocol implementation for handling media.
CVE-2014-1747
packagesu discovered a cross-site scripting issue involving
malformed MHTML files.
CVE-2014-1748
Jordan Milne discovered a user interface spoofing issue.
CVE-2014-1749
The Google Chrome development team discovered and fixed multiple
issues with potential security impact.
CVE-2014-3152
An integer underflow issue was discovered in the v8 javascript
library.
For the stable distribution (wheezy), these problems have been fixed in
version 35.0.1916.114-1~deb7u2.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 35.0.1916.114-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTiYO1AAoJELjWss0C1vRz2cMf/ixDiv7EKNOdYllZu0pGCtPu
wQ2G+zBv3EIV4vsmXzhp4sQS2hK2U4FLtCJz8lR3tSjOYkVca4sEAdKIp7kpsVMM
OONydls7xoiJGgUT5DU38SFHXtJ9svhx54ENY+1MY7+DZerfRqTWt7Hl87G2Tw0M
VctpPkY6z93qlREF2RQTnuMYiBzpK5cuwqRbvbgZHODYDoDb1PnIsV+g9kIha4I+
XE4zC2GAsQnf3StxEZXY+SQ/Xoqr+LDaMo1xq2mJ/8X+SERlMPEWOZXtFn4OMO51
C7WO3jwSvZcHqpj/85milzUafkYb/C8URpXb6QdOape5Sga7zTVHHxP06VAcG5Rs
9ZndOqPb6D8dchCBOGdM7cNZ/8vWyn01kT6XgWwySq1EsF1hA6oX9FWtteijpOpX
9SxtDhQTcb/oUKjWYoc7czudBl85y9ZBUVEmh7AoOrsiMbM/TT3p71+z0zAPILV9
ksbn5eLgzMY4dXr2CO4FjnCztx6Nq1QSP2sWa7x/bnHHc3KFI7UirlGRpa6Ke417
q0Mj2BnlQCli684dffV66jYUrr/6OamzJr8LzR1iM4/UWRkN5rmm6diSqm0CXPTn
Mfo/7Qe8g2gr6jKibb9ZOBy/pmwvLgnslvWpkk8LbvgrNVrizbl6zoWc7B/Gh/Z2
xBXkVEwptEltAeShDBvroAnLFbBlEV6TqncF1+evJKA4c8vcbBkjQMHVJ720V4jE
c9YbQGQnegOLwODHQujYYoQpu4xhBZir/Kzl3dcBLDTLTrb/+MqyGaHyNMl9XU83
dYJGh05pTnvwwsOZzJz7G78ZTWkw5ocpuj6a/lQGTK6nW5XD+UScgV5c1qCxLOw7
fqmYripUx7uFPf7Fz85XZNGVO+GU7rKV7M4np2MzvsGOavo3VJKBnx//vJd3CDsu
R88G0rGFPzKCKjYMMkHjC+A5tls2SHH+nzUm7ZV8gknMGJX7YgvDIg4Tg8qsKLQj
uktm9VDUa3whrT3AdCSjw/Fjr70S/J96ZF59s4qfZmqqNEQ0xs3gYX9is9ufNI+8
fPUHv0bogLmngZjulfulmrsX/Ai5bpnSph2gG6uIks5d82iQrco9cS87/rd1hovK
ZNV7jJlQE6t1bB2A8JH/UZn3l+yy/guanKdGwiJOZT4UMqY/hurfZDfFKHIBejZl
03D3Gxd7oGi31nO7EvXGRjLm0xw0dNN+CBzRsxrRu2WPbbWh2OWwr9UrcEF3jdqR
7dBA/UVCEKloOEZuu2H3vrko1mhewy4C7aAvQS2ZWBzUp8weQ9NZl9bR8KimcsSH
xM6qzuZhfH1xY+sYfROnuoyuQK4edf5rssE4jowL3CzHAiFLw8fL9//xlbZRqTw=
=Tlbj
-----END PGP SIGNATURE-----
Reply to: