[ubuntu/bionic-security] chromium-browser 73.0.3683.75-0ubuntu0.18.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Mon Mar 18 13:24:59 UTC 2019


chromium-browser (73.0.3683.75-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/control: bump the clang and llvm build dependencies to version 7
    which was recently backported to bionic
  * debian/rules: build gn with clang 7
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: added
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (72.0.3626.121-0ubuntu0.18.04.2) UNRELEASED; urgency=medium

  * debian/chromium-chromedriver.links: added for backwards compatibility with
    existing selenium scripts that expect the chromedriver executable in
    /usr/lib/chromium-browser/ (LP: #1667208)

Date: 2019-03-12 21:20:14.251131+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/73.0.3683.75-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list