[ubuntu/bionic-proposed] chromium-browser 65.0.3325.146-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Wed Mar 7 11:08:04 UTC 2018 

chromium-browser (65.0.3325.146-0ubuntu1) bionic; urgency=medium

  * Upstream release: 65.0.3325.146
    - CVE-2018-6058: Use after free in Flash.
    - CVE-2018-6059: Use after free in Flash.
    - CVE-2018-6060: Use after free in Blink.
    - CVE-2018-6061: Race condition in V8.
    - CVE-2018-6062: Heap buffer overflow in Skia.
    - CVE-2018-6057: Incorrect permissions on shared memory.
    - CVE-2018-6063: Incorrect permissions on shared memory.
    - CVE-2018-6064: Type confusion in V8.
    - CVE-2018-6065: Integer overflow in V8.
    - CVE-2018-6066: Same Origin Bypass via canvas.
    - CVE-2018-6067: Buffer overflow in Skia.
    - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
    - CVE-2018-6069: Stack buffer overflow in Skia.
    - CVE-2018-6070: CSP bypass through extensions.
    - CVE-2018-6071: Heap bufffer overflow in Skia.
    - CVE-2018-6072: Integer overflow in PDFium.
    - CVE-2018-6073: Heap bufffer overflow in WebGL.
    - CVE-2018-6074: Mark-of-the-Web bypass.
    - CVE-2018-6075: Overly permissive cross origin downloads.
    - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
    - CVE-2018-6077: Timing attack using SVG filters.
    - CVE-2018-6078: URL Spoof in OmniBox.
    - CVE-2018-6079: Information disclosure via texture data in WebGL.
    - CVE-2018-6080: Information disclosure in IPC call.
    - CVE-2018-6081: XSS in interstitials.
    - CVE-2018-6082: Circumvention of port blocking.
    - CVE-2018-6083: Incorrect processing of AppManifests.
  * debian/rules: remove use_gconf build flag
  * debian/patches/3-chrome-xid.patch: removed, unused
  * debian/patches/5-desktop-integration-settings.patch: removed, unused
  * debian/patches/6-passwordless-install-support.patch: removed, unused
  * debian/patches/7-npapi-permission-not-defaults-to-unauthorized.patch:
    removed, unused
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/breakpad: removed, unused
  * debian/patches/cups-include-deprecated-ppd: removed, unused
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: updated
  * debian/patches/display-scaling-default-value: removed, unused
  * debian/patches/do-not-use-bundled-clang: removed, unused
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/enable_vaapi_on_linux.diff: removed, unused
  * debian/patches/flash-redirection: removed, unused
  * debian/patches/format-flag.patch: removed, unused
  * debian/patches/gpu_default_disabled: removed, unused
  * debian/patches/gsettings-display-scaling: removed, unused
  * debian/patches/ld-memory-32bit.patch: removed, unused
  * debian/patches/linker-asneeded-bug.patch: removed, unused
  * debian/patches/lp-translations-paths: removed, unused
  * debian/patches/mir-ozone-module: removed, unused
  * debian/patches/mir-support: removed, unused
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/wayland-ozone: removed, unused
  * debian/patches/xdg-settings-multiexec-desktopfiles.patch: removed, unused
  * debian/known_gn_gen_args-*: remove use_gconf build flag

Date: Wed, 07 Mar 2018 11:40:01 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/65.0.3325.146-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Mar 2018 11:40:01 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 65.0.3325.146-0ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (65.0.3325.146-0ubuntu1) bionic; urgency=medium
 .
   * Upstream release: 65.0.3325.146
     - CVE-2018-6058: Use after free in Flash.
     - CVE-2018-6059: Use after free in Flash.
     - CVE-2018-6060: Use after free in Blink.
     - CVE-2018-6061: Race condition in V8.
     - CVE-2018-6062: Heap buffer overflow in Skia.
     - CVE-2018-6057: Incorrect permissions on shared memory.
     - CVE-2018-6063: Incorrect permissions on shared memory.
     - CVE-2018-6064: Type confusion in V8.
     - CVE-2018-6065: Integer overflow in V8.
     - CVE-2018-6066: Same Origin Bypass via canvas.
     - CVE-2018-6067: Buffer overflow in Skia.
     - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
     - CVE-2018-6069: Stack buffer overflow in Skia.
     - CVE-2018-6070: CSP bypass through extensions.
     - CVE-2018-6071: Heap bufffer overflow in Skia.
     - CVE-2018-6072: Integer overflow in PDFium.
     - CVE-2018-6073: Heap bufffer overflow in WebGL.
     - CVE-2018-6074: Mark-of-the-Web bypass.
     - CVE-2018-6075: Overly permissive cross origin downloads.
     - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
     - CVE-2018-6077: Timing attack using SVG filters.
     - CVE-2018-6078: URL Spoof in OmniBox.
     - CVE-2018-6079: Information disclosure via texture data in WebGL.
     - CVE-2018-6080: Information disclosure in IPC call.
     - CVE-2018-6081: XSS in interstitials.
     - CVE-2018-6082: Circumvention of port blocking.
     - CVE-2018-6083: Incorrect processing of AppManifests.
   * debian/rules: remove use_gconf build flag
   * debian/patches/3-chrome-xid.patch: removed, unused
   * debian/patches/5-desktop-integration-settings.patch: removed, unused
   * debian/patches/6-passwordless-install-support.patch: removed, unused
   * debian/patches/7-npapi-permission-not-defaults-to-unauthorized.patch:
     removed, unused
   * debian/patches/additional-search-engines.patch: refreshed
   * debian/patches/breakpad: removed, unused
   * debian/patches/cups-include-deprecated-ppd: removed, unused
   * debian/patches/define__libc_malloc.patch: refreshed
   * debian/patches/disable-sse2: updated
   * debian/patches/display-scaling-default-value: removed, unused
   * debian/patches/do-not-use-bundled-clang: removed, unused
   * debian/patches/enable-chromecast-by-default.patch: refreshed
   * debian/patches/enable_vaapi_on_linux.diff: removed, unused
   * debian/patches/flash-redirection: removed, unused
   * debian/patches/format-flag.patch: removed, unused
   * debian/patches/gpu_default_disabled: removed, unused
   * debian/patches/gsettings-display-scaling: removed, unused
   * debian/patches/ld-memory-32bit.patch: removed, unused
   * debian/patches/linker-asneeded-bug.patch: removed, unused
   * debian/patches/lp-translations-paths: removed, unused
   * debian/patches/mir-ozone-module: removed, unused
   * debian/patches/mir-support: removed, unused
   * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
   * debian/patches/search-credit.patch: refreshed
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
   * debian/patches/title-bar-default-system.patch-v35: refreshed
   * debian/patches/wayland-ozone: removed, unused
   * debian/patches/xdg-settings-multiexec-desktopfiles.patch: removed, unused
   * debian/known_gn_gen_args-*: remove use_gconf build flag
Checksums-Sha1:
 dc92b241debbc30014e035156038f7d6b6790bda 2569 chromium-browser_65.0.3325.146-0ubuntu1.dsc
 4f736ba24ae34b3b9d7e074ee93f527a85a5b0cb 570305180 chromium-browser_65.0.3325.146.orig.tar.xz
 0982c29049184a14d20b8f3e1a4fa6c95b27d959 2359276 chromium-browser_65.0.3325.146-0ubuntu1.debian.tar.xz
 993a44e0f40ab09b49ca527e7a6934cef4ef32bf 18285 chromium-browser_65.0.3325.146-0ubuntu1_source.buildinfo
Checksums-Sha256:
 daf812edfe0b673132a2059fff0e20723ba84a4056a0df4d749ad966f805e4a5 2569 chromium-browser_65.0.3325.146-0ubuntu1.dsc
 cb4f2f3f5a3344f7c452b61f8086d4b4e56af6f5bc34309c3ede8be6b4ab81a3 570305180 chromium-browser_65.0.3325.146.orig.tar.xz
 24dcbd9b30ef2c06b610de06fa7eba28e5adce3a66c4c7489acb031e12e02bd3 2359276 chromium-browser_65.0.3325.146-0ubuntu1.debian.tar.xz
 a307e0522ea4500d95c287f56bd6b804d1cafd488e6a98e8deaecdd1a43f77b0 18285 chromium-browser_65.0.3325.146-0ubuntu1_source.buildinfo
Files:
 3409866f2bc4473e698dbe0851391497 2569 web optional chromium-browser_65.0.3325.146-0ubuntu1.dsc
 16770a0fb204e39135f78c3c67b911f5 570305180 web optional chromium-browser_65.0.3325.146.orig.tar.xz
 42dbbb84cb901e030830ff5522b0b260 2359276 web optional chromium-browser_65.0.3325.146-0ubuntu1.debian.tar.xz
 4008bc82f5876b56d158e66f70294bd8 18285 web optional chromium-browser_65.0.3325.146-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlqfxHwACgkQ0yjXIxis
5sewvQf9E+HS7O6cDg6SEfj/lhfRc6jvXmy5FVUCqY6owR/HdO/QuyWvrxnPthnn
FK5SW2p+OAz88DVwCFy/cfy9RSqw5VYax3LlEkNFoxDoIpVjS8BGjcI1WmU3c4RL
86VcUMFdEj1lEaztPNDakhhjAaJa9+kNYLu0NtfR7PhHfp0s9H8FgF+IpNuctePW
yveWIItY5bAZ3nWhaqAqbZTtmYN0ramAXbU2LtwQkv3QiZrHa/goHcsNZ2yC5HE5
oimFrpECGpcgP3t2poA64sIWyXZTyQeQmwPDQ2qp4JRpsH3IsrJ+yIn0BUy1n60u
eK7RxidOAhPFR+VUQ28CMpwrhDfPmw==
=mNQE
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list