[ubuntu/artful-proposed] chromium-browser 60.0.3112.78-0ubuntu1.1363 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Thu Aug 10 14:59:39 UTC 2017 

chromium-browser (60.0.3112.78-0ubuntu1.1363) artful; urgency=medium

  * Upstream release: 60.0.3112.78
    - CVE-2017-5091: Use after free in IndexedDB.
    - CVE-2017-5092: Use after free in PPAPI.
    - CVE-2017-5093: UI spoofing in Blink.
    - CVE-2017-5094: Type confusion in extensions.
    - CVE-2017-5095: Out-of-bounds write in PDFium.
    - CVE-2017-5096: User information leak via Android intents.
    - CVE-2017-5097: Out-of-bounds read in Skia.
    - CVE-2017-5098: Use after free in V8.
    - CVE-2017-5099: Out-of-bounds write in PPAPI.
    - CVE-2017-5100: Use after free in Chrome Apps.
    - CVE-2017-5101: URL spoofing in OmniBox.
    - CVE-2017-5102: Uninitialized use in Skia.
    - CVE-2017-5103: Uninitialized use in Skia.
    - CVE-2017-5104: UI spoofing in browser.
    - CVE-2017-5105: URL spoofing in OmniBox.
    - CVE-2017-5106: URL spoofing in OmniBox.
    - CVE-2017-5107: User information leak via SVG.
    - CVE-2017-5108: Type confusion in PDFium.
    - CVE-2017-5109: UI spoofing in browser.
    - CVE-2017-5110: UI spoofing in payments dialog.
    - CVE-2017-7000: Pointer disclosure in SQLite.
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/default-allocator: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/fix-gn-bootstrap.patch: added
  * debian/patches/last-commit-position: refreshed
  * debian/patches/linux-dma-buf.patch: removed, no longer needed
  * debian/patches/memory-free-assertion-failure: removed, no longer needed
  * debian/patches/revert-llvm-ar.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/snapshot-library-link: removed, no longer needed
  * debian/patches/stdatomic: removed, no longer needed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-gcc-versioned: removed, no longer needed
  * debian/tests/html5test:
    - updated test expectations
    - refactored test to not fail early, thus giving the test a chance to
      list all failed expectations before bailing out

Date: Mon, 31 Jul 2017 16:03:31 +0200
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/60.0.3112.78-0ubuntu1.1363
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 31 Jul 2017 16:03:31 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 60.0.3112.78-0ubuntu1.1363
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (60.0.3112.78-0ubuntu1.1363) artful; urgency=medium
 .
   * Upstream release: 60.0.3112.78
     - CVE-2017-5091: Use after free in IndexedDB.
     - CVE-2017-5092: Use after free in PPAPI.
     - CVE-2017-5093: UI spoofing in Blink.
     - CVE-2017-5094: Type confusion in extensions.
     - CVE-2017-5095: Out-of-bounds write in PDFium.
     - CVE-2017-5096: User information leak via Android intents.
     - CVE-2017-5097: Out-of-bounds read in Skia.
     - CVE-2017-5098: Use after free in V8.
     - CVE-2017-5099: Out-of-bounds write in PPAPI.
     - CVE-2017-5100: Use after free in Chrome Apps.
     - CVE-2017-5101: URL spoofing in OmniBox.
     - CVE-2017-5102: Uninitialized use in Skia.
     - CVE-2017-5103: Uninitialized use in Skia.
     - CVE-2017-5104: UI spoofing in browser.
     - CVE-2017-5105: URL spoofing in OmniBox.
     - CVE-2017-5106: URL spoofing in OmniBox.
     - CVE-2017-5107: User information leak via SVG.
     - CVE-2017-5108: Type confusion in PDFium.
     - CVE-2017-5109: UI spoofing in browser.
     - CVE-2017-5110: UI spoofing in payments dialog.
     - CVE-2017-7000: Pointer disclosure in SQLite.
   * debian/patches/additional-search-engines.patch: refreshed
   * debian/patches/default-allocator: refreshed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
   * debian/patches/fix-gn-bootstrap.patch: added
   * debian/patches/last-commit-position: refreshed
   * debian/patches/linux-dma-buf.patch: removed, no longer needed
   * debian/patches/memory-free-assertion-failure: removed, no longer needed
   * debian/patches/revert-llvm-ar.patch: refreshed
   * debian/patches/search-credit.patch: refreshed
   * debian/patches/snapshot-library-link: removed, no longer needed
   * debian/patches/stdatomic: removed, no longer needed
   * debian/patches/title-bar-default-system.patch-v35: refreshed
   * debian/patches/use-gcc-versioned: removed, no longer needed
   * debian/tests/html5test:
     - updated test expectations
     - refactored test to not fail early, thus giving the test a chance to
       list all failed expectations before bailing out
Checksums-Sha1:
 13eb6a2fb6f624566fb6d10b059fb6f5d6656e3d 2586 chromium-browser_60.0.3112.78-0ubuntu1.1363.dsc
 29caa17aff61a6172e4d48031b4ba4490260b061 2668912 chromium-browser_60.0.3112.78-0ubuntu1.1363.debian.tar.xz
Checksums-Sha256:
 a3500909525ec5233f9b284627f439c98618500136c80890673514b13b388cc3 2586 chromium-browser_60.0.3112.78-0ubuntu1.1363.dsc
 361227bb31c2a8e1faa25ac3421382a8db93fd3c101bd033d1b32a250826fccd 2668912 chromium-browser_60.0.3112.78-0ubuntu1.1363.debian.tar.xz
Files:
 a9bed8e16cf2eb4f42572f781b534581 2586 web optional chromium-browser_60.0.3112.78-0ubuntu1.1363.dsc
 b1805c29f9e5eba9c54ef0d9928a8025 2668912 web optional chromium-browser_60.0.3112.78-0ubuntu1.1363.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQE5BAEBCAAjBQJZjHMwHBxjaHJpcy5jb3Vsc29uQGNhbm9uaWNhbC5jb20ACgkQ
YR+97NWUbg/46Qf+OKNsVcNwF4fE1OipbSk3dQq2bjIjTJUSWIQ0gkw/MrOBYEv3
sVyOiH15ZzCBdd8BiYr5lQdAPFtDTvwcz5Zs1aKUZ1AaFaX+FUPnW+27gxMW7akc
4MfSQP0No5fu0Y+VvAKgXFvV4+ecbAa0kJpCE0kNwV2dc3QrHEZWQUJYHSFAC5mu
+uDnhhvc6l5ElXxcxqitCKwo2zFwmK/QdSObSzNg5ukU03/v9CmupN4CT1YNv/jN
TYP0xRW7mieq7T3wGl4425VcOzoC2muzwavdsM15f4YcxZKPf+eBgUNFk3KQMvlz
4bq8C7MblUSkUyIWd4M7rAMWjetwMHaGoKvO6Q==
=Arlc
-----END PGP SIGNATURE-----

More information about the Artful-changes mailing list