[ubuntu/bionic-proposed] chromium-browser 64.0.3282.119-0ubuntu1 (Accepted)
Olivier Tilloy
olivier.tilloy at canonical.com
Fri Jan 26 15:58:48 UTC 2018
chromium-browser (64.0.3282.119-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-xlocale-header.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
Date: Wed, 24 Jan 2018 23:18:03 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/64.0.3282.119-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 24 Jan 2018 23:18:03 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 64.0.3282.119-0ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Launchpad-Bugs-Fixed: 1738149 1742653
Changes:
chromium-browser (64.0.3282.119-0ubuntu1) bionic; urgency=medium
.
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-xlocale-header.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
Checksums-Sha1:
979bc7d19500fb3bf619afd73b908370b78ae96f 2544 chromium-browser_64.0.3282.119-0ubuntu1.dsc
f2639e2f84f23673ff9e64caedb09c204bf06da3 482256308 chromium-browser_64.0.3282.119.orig.tar.xz
3654998c9dca8a641a9e2da28c01fdc95cb35747 2672080 chromium-browser_64.0.3282.119-0ubuntu1.debian.tar.xz
07f2270eec34ad0afcde3bec944bed2fa014d51c 17866 chromium-browser_64.0.3282.119-0ubuntu1_source.buildinfo
Checksums-Sha256:
677b15f2bcf405dc6938044ad0be549bb6ba90cb4dbaa92d159f4251a446d436 2544 chromium-browser_64.0.3282.119-0ubuntu1.dsc
342ea80a925d85f5155b2b423a0d3cbcf2ee5729bf107c601d7d902315d03127 482256308 chromium-browser_64.0.3282.119.orig.tar.xz
c6171aa3d6ef02f7cfeb2edcfc0050e5c46cbc6792d125c5e64e07275f259b22 2672080 chromium-browser_64.0.3282.119-0ubuntu1.debian.tar.xz
fa8559239f83ede0e6de813d8f72f82b9b90db26423ff3ec3ea65e96788df397 17866 chromium-browser_64.0.3282.119-0ubuntu1_source.buildinfo
Files:
0f7404bbcf4a87e628cd3dd5bab2a68b 2544 web optional chromium-browser_64.0.3282.119-0ubuntu1.dsc
5b72bcaba2ad920c524cd92a7a6125fe 482256308 web optional chromium-browser_64.0.3282.119.orig.tar.xz
88bb1464f64e68f3c604da4bd3557e74 2672080 web optional chromium-browser_64.0.3282.119-0ubuntu1.debian.tar.xz
a20e20862808ee840fbbf20c2d6d734f 17866 web optional chromium-browser_64.0.3282.119-0ubuntu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJaa0z+AAoJENMo1yMYrObHDXAH/juSMWza3L0q2NANI7H3lyJo
JHscLtRzQINjstWV37/KynP4RSftKej5sQZHiB3l/bqEmnVCxghM6fGAdB2ac2d6
o51YFzBTqqEEBr8CTQtralARGkkNLbBXQrTKjkzbvBYKj4QvL3+M1yd9PZKy/Krx
oopEDm3DiDRAjuyoCVehDRRHYr+dDVROjQ0epiJRV+EnCYF7wlxhBfJ3Yj9/5VzX
zG2iIdSYIloB5DCiKqfeYKeq0V3jKma3tqrukVj/MtEyIWsAr91nJIg5QNLn4VWO
Z0sQ67Gyk1qF3YbWpBkVJ//ECIB0hnqOoXXdMfY27k0jZn0X4C8+fIt5FaUcPE4=
=VqbB
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list