[ubuntu/bionic-updates] chromium-browser 84.0.4147.105-0ubuntu0.18.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Aug 4 19:04:01 UTC 2020 

chromium-browser (84.0.4147.105-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 84.0.4147.105
    - CVE-2020-6537: Type Confusion in V8.
    - CVE-2020-6538: Inappropriate implementation in WebView.
    - CVE-2020-6532: Use after free in SCTP.
    - CVE-2020-6539: Use after free in CSS.
    - CVE-2020-6540: Heap buffer overflow in Skia.
    - CVE-2020-6541: Use after free in WebUSB.

chromium-browser (84.0.4147.89-0ubuntu0.18.04.2) bionic; urgency=medium

  * debian/tests/data/chromium-version.html: update test expectations after
    the custom UA string was removed (LP: #1868117)

chromium-browser (84.0.4147.89-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 84.0.4147.89
    - CVE-2020-6510: Heap buffer overflow in background fetch.
    - CVE-2020-6511: Side-channel information leakage in content security policy.
    - CVE-2020-6512: Type Confusion in V8.
    - CVE-2020-6513: Heap buffer overflow in PDFium.
    - CVE-2020-6514: Inappropriate implementation in WebRTC.
    - CVE-2020-6515: Use after free in tab strip.
    - CVE-2020-6516: Policy bypass in CORS.
    - CVE-2020-6517: Heap buffer overflow in history.
    - CVE-2020-6518: Use after free in developer tools.
    - CVE-2020-6519: Policy bypass in CSP.
    - CVE-2020-6520: Heap buffer overflow in Skia.
    - CVE-2020-6521: Side-channel information leakage in autofill.
    - CVE-2020-6522: Inappropriate implementation in external protocol handlers.
    - CVE-2020-6523: Out of bounds write in Skia.
    - CVE-2020-6524: Heap buffer overflow in WebAudio.
    - CVE-2020-6525: Heap buffer overflow in Skia.
    - CVE-2020-6526: Inappropriate implementation in iframe sandbox.
    - CVE-2020-6527: Insufficient policy enforcement in CSP.
    - CVE-2020-6528: Incorrect security UI in basic auth.
    - CVE-2020-6529: Inappropriate implementation in WebRTC.
    - CVE-2020-6530: Out of bounds memory access in developer tools.
    - CVE-2020-6531: Side-channel information leakage in scroll to text.
    - CVE-2020-6533: Type Confusion in V8.
    - CVE-2020-6534: Heap buffer overflow in WebRTC.
    - CVE-2020-6535: Insufficient data validation in WebUI.
    - CVE-2020-6536: Incorrect security UI in PWAs.
  * debian/control:
    - add build dependencies on python-xcbgen and xcb-proto
      (needed since https://chromium.googlesource.com/chromium/src.git/+/e43aa4b)
    - build-depend on nodejs-mozilla instead of nodejs to get a newer version,
      required to build the devtools frontend (LP: #1873996)
    - bump the clang and llvm build dependencies to version 10 which was
      recently backported to bionic
  * debian/rules: build gn with clang 10
  * debian/patches/chromium_useragent.patch: removed (LP: #1868117)
  * debian/patches/default-allocator: refreshed
  * debian/patches/node-use-system-wide.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: updated
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (83.0.4103.116-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 83.0.4103.116
    - CVE-2020-6509: Use after free in extensions.

chromium-browser (83.0.4103.106-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 83.0.4103.106
    - CVE-2020-6505: Use after free in speech.
    - CVE-2020-6506: Insufficient policy enforcement in WebView.
    - CVE-2020-6507: Out of bounds write in V8.

chromium-browser (83.0.4103.97-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 83.0.4103.97
    - CVE-2020-6493: Use after free in WebAuthentication.
    - CVE-2020-6494: Incorrect security UI in payments.
    - CVE-2020-6495: Insufficient policy enforcement in developer tools.
    - CVE-2020-6496: Use after free in payments.
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed

Date: 2020-07-29 15:00:19.542566+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/chromium-browser/84.0.4147.105-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list