[ubuntu/cosmic-proposed] chromium-browser 68.0.3440.75-0ubuntu1 (Accepted)
Olivier Tilloy
olivier.tilloy at canonical.com
Wed Jul 25 09:45:00 UTC 2018
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
Date: Wed, 25 Jul 2018 09:22:28 +0200
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/68.0.3440.75-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jul 2018 09:22:28 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 68.0.3440.75-0ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Launchpad-Bugs-Fixed: 1772448
Changes:
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
.
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
Checksums-Sha1:
83ec4394eb5ec85055f6f78e2c60d875c1079e78 2562 chromium-browser_68.0.3440.75-0ubuntu1.dsc
2bcfa6a458441a78975ef808d65a716d9b969d47 630277224 chromium-browser_68.0.3440.75.orig.tar.xz
82669d1454e123fdbf39cf82de898cc53e3e5a0b 2359248 chromium-browser_68.0.3440.75-0ubuntu1.debian.tar.xz
7a6006b2aa999681e08942e3ba927c34d153e2b3 18184 chromium-browser_68.0.3440.75-0ubuntu1_source.buildinfo
Checksums-Sha256:
1076b325185deb8181cd09dbc6717780081d23089335a7637afb97ba7c7153db 2562 chromium-browser_68.0.3440.75-0ubuntu1.dsc
dc17783267853bdc0fb726363d2b8e30a0bf43b6cc2c768e1f37c92e8eb59541 630277224 chromium-browser_68.0.3440.75.orig.tar.xz
c1b8c8908f7b44a07bf5cb9329bdc94e97856bd84ef6827221ade719c31b8ba5 2359248 chromium-browser_68.0.3440.75-0ubuntu1.debian.tar.xz
dd6be11b2411ef41a712ce0f3f85ae80b8268293d897098ebe343a4e8dba84fb 18184 chromium-browser_68.0.3440.75-0ubuntu1_source.buildinfo
Files:
a6079ffe767e7a2113ca2b8c8c62b192 2562 web optional chromium-browser_68.0.3440.75-0ubuntu1.dsc
2c1e7b023fd50fb6e09c7b9ffc6621a0 630277224 web optional chromium-browser_68.0.3440.75.orig.tar.xz
ba19627a093ea80576a2885037a0fb3f 2359248 web optional chromium-browser_68.0.3440.75-0ubuntu1.debian.tar.xz
4ba5730e1186fcd984cdbb5ce239edd8 18184 web optional chromium-browser_68.0.3440.75-0ubuntu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAltYKx4ACgkQ0yjXIxis
5sdXZgf+NLBSFTxF6U4r0z7G+n2+lWrqUq1aILNHVPDiwMRUSOzgNio42qTcCOQ+
eVXiA71vydh1HXgDzhLVqin/CV+bwm1+kfkMdCBH2M2vUiYv66TSsdCVEsccXBzr
cvh9/ROn10tmPa8SK6Y1xOlJJb6S8xyr1mJ4nRxR1UdzKk1NElaC+xqGDwNyW+8x
ti3rMDE2E+QQRwBJbSrL2W4/WKcAjdBA/TFw8/DHUKDdrCRB987hNThxVaiL/Vwu
agLv0ugP5qEwO70qlvp+b58k3boggbN3dGw8qBp0UuuKZAybsA8d6wkRrT4uP+hA
VVzC8BCP/fIp2UUWo5LvcDS2fDbDUg==
=gqFQ
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list