[ubuntu/artful-security] chromium-browser 64.0.3282.119-0ubuntu0.17.10.1 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Wed Jan 31 17:40:38 UTC 2018

chromium-browser (64.0.3282.119-0ubuntu0.17.10.1) artful; urgency=medium

  * Upstream release: 64.0.3282.119
    - CVE-2018-6031: Use after free in PDFium.
    - CVE-2018-6032: Same origin bypass in Shared Worker.
    - CVE-2018-6033: Race when opening downloaded files.
    - CVE-2018-6034: Integer overflow in Blink.
    - CVE-2018-6035: Insufficient isolation of devtools from extensions.
    - CVE-2018-6036: Integer underflow in WebAssembly.
    - CVE-2018-6037: Insufficient user gesture requirements in autofill.
    - CVE-2018-6038: Heap buffer overflow in WebGL.
    - CVE-2018-6039: XSS in DevTools.
    - CVE-2018-6040: Content security policy bypass.
    - CVE-2018-6041: URL spoof in Navigation.
    - CVE-2018-6042: URL spoof in OmniBox.
    - CVE-2018-6043: Insufficient escaping with external URL handlers.
    - CVE-2018-6045: Insufficient isolation of devtools from extensions.
    - CVE-2018-6046: Insufficient isolation of devtools from extensions.
    - CVE-2018-6047: Cross origin URL leak in WebGL.
    - CVE-2018-6048: Referrer policy bypass in Blink.
    - CVE-2017-15420: URL spoofing in Omnibox.
    - CVE-2018-6049: UI spoof in Permissions.
    - CVE-2018-6050: URL spoof in OmniBox.
    - CVE-2018-6051: Referrer leak in XSS Auditor.
    - CVE-2018-6052: Incomplete no-referrer policy implementation.
    - CVE-2018-6053: Leak of page thumbnails in New Tab Page.
    - CVE-2018-6054: Use after free in WebUI.
  * debian/control: update reference URL for chromedriver
  * debian/rules:
    - remove enable_hotwording build flag
    - exclude build artifacts from the binary package (LP: #1742653)
  * debian/patches/add-missing-cstddef-include.patch: added
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: added
  * debian/patches/last-commit-position: refreshed
  * debian/patches/no-xlocale-header.patch: removed, no longer needed
  * debian/patches/revert-clang-nostdlib++.patch: updated
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-other-locations: updated (LP: #1738149)
  * debian/known_gn_gen_args-*: remove enable_hotwording build flag

Date: 2018-01-24 22:21:12.358160+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list