[ubuntu/cosmic-proposed] chromium-browser 67.0.3396.62-0ubuntu1 (Accepted)
Olivier Tilloy
olivier.tilloy at canonical.com
Wed May 30 12:16:58 UTC 2018
chromium-browser (67.0.3396.62-0ubuntu1) cosmic; urgency=medium
* Upstream release: 67.0.3396.62
- CVE-2018-6123: Use after free in Blink.
- CVE-2018-6124: Type confusion in Blink.
- CVE-2018-6125: Overly permissive policy in WebUSB.
- CVE-2018-6126: Heap buffer overflow in Skia.
- CVE-2018-6127: Use after free in indexedDB.
- CVE-2018-6128: uXSS in Chrome on iOS.
- CVE-2018-6129: Out of bounds memory access in WebRTC.
- CVE-2018-6130: Out of bounds memory access in WebRTC.
- CVE-2018-6131: Incorrect mutability protection in WebAssembly.
- CVE-2018-6132: Use of uninitialized memory in WebRTC.
- CVE-2018-6133: URL spoof in Omnibox.
- CVE-2018-6134: Referrer Policy bypass in Blink.
- CVE-2018-6135: UI spoofing in Blink.
- CVE-2018-6136: Out of bounds memory access in V8.
- CVE-2018-6137: Leak of visited status of page in Blink.
- CVE-2018-6138: Overly permissive policy in Extensions.
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
- CVE-2018-6141: Heap buffer overflow in Skia.
- CVE-2018-6142: Out of bounds memory access in V8.
- CVE-2018-6143: Out of bounds memory access in V8.
- CVE-2018-6144: Out of bounds memory access in PDFium.
- CVE-2018-6145: Incorrect escaping of MathML in Blink.
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views.
* debian/rules: stop installing an outdated chromium-browser.svg icon
(LP: #1771847)
* debian/chromium-browser.svg: removed (outdated)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/fix-crashpad-linux-compat.patch: added
* debian/patches/fix-extra-arflags.patch: added
* debian/patches/revert-clang-nostdlib++.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-disable-neon.patch: removed, no longer needed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/widevine-allow-enable.patch: added
* debian/patches/widevine-other-locations: updated
Date: Wed, 30 May 2018 12:22:22 +0200
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/67.0.3396.62-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 30 May 2018 12:22:22 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 67.0.3396.62-0ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Launchpad-Bugs-Fixed: 1771847
Changes:
chromium-browser (67.0.3396.62-0ubuntu1) cosmic; urgency=medium
.
* Upstream release: 67.0.3396.62
- CVE-2018-6123: Use after free in Blink.
- CVE-2018-6124: Type confusion in Blink.
- CVE-2018-6125: Overly permissive policy in WebUSB.
- CVE-2018-6126: Heap buffer overflow in Skia.
- CVE-2018-6127: Use after free in indexedDB.
- CVE-2018-6128: uXSS in Chrome on iOS.
- CVE-2018-6129: Out of bounds memory access in WebRTC.
- CVE-2018-6130: Out of bounds memory access in WebRTC.
- CVE-2018-6131: Incorrect mutability protection in WebAssembly.
- CVE-2018-6132: Use of uninitialized memory in WebRTC.
- CVE-2018-6133: URL spoof in Omnibox.
- CVE-2018-6134: Referrer Policy bypass in Blink.
- CVE-2018-6135: UI spoofing in Blink.
- CVE-2018-6136: Out of bounds memory access in V8.
- CVE-2018-6137: Leak of visited status of page in Blink.
- CVE-2018-6138: Overly permissive policy in Extensions.
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
- CVE-2018-6141: Heap buffer overflow in Skia.
- CVE-2018-6142: Out of bounds memory access in V8.
- CVE-2018-6143: Out of bounds memory access in V8.
- CVE-2018-6144: Out of bounds memory access in PDFium.
- CVE-2018-6145: Incorrect escaping of MathML in Blink.
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views.
* debian/rules: stop installing an outdated chromium-browser.svg icon
(LP: #1771847)
* debian/chromium-browser.svg: removed (outdated)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/fix-crashpad-linux-compat.patch: added
* debian/patches/fix-extra-arflags.patch: added
* debian/patches/revert-clang-nostdlib++.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-disable-neon.patch: removed, no longer needed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/widevine-allow-enable.patch: added
* debian/patches/widevine-other-locations: updated
Checksums-Sha1:
a27c250bdf272cfa21fd7c7f9159d3e24c1a3fb4 2562 chromium-browser_67.0.3396.62-0ubuntu1.dsc
60df9ab6a5e902dc2cdc38cf7cf82643a774540c 591452000 chromium-browser_67.0.3396.62.orig.tar.xz
4ebf9eacc0731151dea043966226175535862be2 2358408 chromium-browser_67.0.3396.62-0ubuntu1.debian.tar.xz
743df4a4f74812b96be7e47107eafae9e954cb15 17913 chromium-browser_67.0.3396.62-0ubuntu1_source.buildinfo
Checksums-Sha256:
588852de64f3138faa2a2030125ebae2b69b608eeda97af6966b16d805cc093d 2562 chromium-browser_67.0.3396.62-0ubuntu1.dsc
d5ee63932ff1c8c4a5f69c834f6577e7127b416681eddd23bc54886caffd770d 591452000 chromium-browser_67.0.3396.62.orig.tar.xz
a0a284d627734580af28b4acd481a83a5e40547bc9d77d9e83ce584c397eb344 2358408 chromium-browser_67.0.3396.62-0ubuntu1.debian.tar.xz
ab54c2cbd4b7711d8d5713bddea039c31f68df77f9b7c4ba34a3f95ad48eb3ca 17913 chromium-browser_67.0.3396.62-0ubuntu1_source.buildinfo
Files:
2982865c415cc37682a7c54cf8f28cc6 2562 web optional chromium-browser_67.0.3396.62-0ubuntu1.dsc
febeb64d1fcdef2bf1b9ef5cdc3dab7f 591452000 web optional chromium-browser_67.0.3396.62.orig.tar.xz
0b815ce705e4abf7cfb6d45b32d44e24 2358408 web optional chromium-browser_67.0.3396.62-0ubuntu1.debian.tar.xz
ad6c9e5727c3be23dd67f6d4a94f43dd 17913 web optional chromium-browser_67.0.3396.62-0ubuntu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlsOffwACgkQ0yjXIxis
5scI5Qf/ZySCSCmm+kupCoYo75UupB+sREpG4DIcLTc/O6C3c1++/55iDXT0UQMy
E6X6qyKv33V1tu0V2sRhajBv95r96Nr9vanrwVjoNP+Fc+CmjUIoTe36jeRAko7N
64+BAYxuMB9Wme/91Snj2CLF4rLMAv76BtK8CdVm9vmf9cdrsXv58fOr+fTWAQqe
FB6QX2TaTKDTeY7guDKyCPKaq26rieM0wYauzAlAxnljkWlDPbPxMAiCHCMIkm6z
R6sV6pcaPCeRWu2iidzw6/hsVC7SA9rDWGrGnhCYJ93s0NJEcphDhLbczPXed/pb
g94inGQ64FTXyinOUFT4P3UV693O2w==
=/NwT
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list