[ubuntu/bionic-security] chromium-browser 78.0.3904.70-0ubuntu0.18.04.2 (Accepted)

Chris Coulson chris.coulson at canonical.com
Wed Nov 6 00:39:12 UTC 2019


chromium-browser (78.0.3904.70-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/patches/widevine-other-locations: updated

chromium-browser (78.0.3904.70-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 78.0.3904.70
    - CVE-2019-13699: Use-after-free in media.
    - CVE-2019-13700: Buffer overrun in Blink.
    - CVE-2019-13701: URL spoof in navigation.
    - CVE-2019-13702: Privilege elevation in Installer.
    - CVE-2019-13703: URL bar spoofing.
    - CVE-2019-13704: CSP bypass.
    - CVE-2019-13705: Extension permission bypass.
    - CVE-2019-13706: Out-of-bounds read in PDFium.
    - CVE-2019-13707: File storage disclosure.
    - CVE-2019-13708: HTTP authentication spoof.
    - CVE-2019-13709: File download protection bypass.
    - CVE-2019-13710: File download protection bypass.
    - CVE-2019-13711: Cross-context information leak.
    - CVE-2019-15903: Buffer overflow in expat.
    - CVE-2019-13713: Cross-origin data leak.
    - CVE-2019-13714: CSS injection.
    - CVE-2019-13715: Address bar spoofing.
    - CVE-2019-13716: Service worker state error.
    - CVE-2019-13717: Notification obscured.
    - CVE-2019-13718: IDN spoof.
    - CVE-2019-13719: Notification obscured.
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/default-allocator: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (77.0.3865.120-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 77.0.3865.120
    - CVE-2019-13693: Use-after-free in IndexedDB.
    - CVE-2019-13694: Use-after-free in WebRTC.
    - CVE-2019-13695: Use-after-free in audio.
    - CVE-2019-13696: Use-after-free in V8.
    - CVE-2019-13697: Cross-origin size leak.

Date: 2019-11-01 09:23:14.661392+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/78.0.3904.70-0ubuntu0.18.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list