[ubuntu/cosmic-proposed] chromium-browser 70.0.3538.67-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Tue Oct 16 22:56:52 UTC 2018 

chromium-browser (70.0.3538.67-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 70.0.3538.67
    - CVE-2018-17462: Sandbox escape in AppCache.
    - CVE-2018-17463: Remote code execution in V8.
    - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
    - CVE-2018-17464: URL spoof in Omnibox.
    - CVE-2018-17465: Use after free in V8.
    - CVE-2018-17466: Memory corruption in Angle.
    - CVE-2018-17467: URL spoof in Omnibox.
    - CVE-2018-17468: Cross-origin URL disclosure in Blink.
    - CVE-2018-17469: Heap buffer overflow in PDFium.
    - CVE-2018-17470: Memory corruption in GPU Internals.
    - CVE-2018-17471: Security UI occlusion in full screen mode.
    - CVE-2018-17472: iframe sandbox escape on iOS.
    - CVE-2018-17473: URL spoof in Omnibox.
    - CVE-2018-17474: Use after free in Blink.
    - CVE-2018-17475: URL spoof in Omnibox.
    - CVE-2018-17476: Security UI occlusion in full screen mode.
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
    - CVE-2018-17477: UI spoof in Extensions.
  * debian/rules:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag
  * debian/patches/arm-neon.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/swiftshader-default-visibility.patch: replaced by
    debian/patches/swiftshader-upstream-entry-points.patch
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gn_gen_args-*:
    - remove enable_google_now build flag
    - remove use_gtk3 build flag

Date: Tue, 16 Oct 2018 22:32:27 +0200
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/70.0.3538.67-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 16 Oct 2018 22:32:27 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 70.0.3538.67-0ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (70.0.3538.67-0ubuntu1) cosmic; urgency=medium
 .
   * Upstream release: 70.0.3538.67
     - CVE-2018-17462: Sandbox escape in AppCache.
     - CVE-2018-17463: Remote code execution in V8.
     - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
     - CVE-2018-17464: URL spoof in Omnibox.
     - CVE-2018-17465: Use after free in V8.
     - CVE-2018-17466: Memory corruption in Angle.
     - CVE-2018-17467: URL spoof in Omnibox.
     - CVE-2018-17468: Cross-origin URL disclosure in Blink.
     - CVE-2018-17469: Heap buffer overflow in PDFium.
     - CVE-2018-17470: Memory corruption in GPU Internals.
     - CVE-2018-17471: Security UI occlusion in full screen mode.
     - CVE-2018-17472: iframe sandbox escape on iOS.
     - CVE-2018-17473: URL spoof in Omnibox.
     - CVE-2018-17474: Use after free in Blink.
     - CVE-2018-17475: URL spoof in Omnibox.
     - CVE-2018-17476: Security UI occlusion in full screen mode.
     - CVE-2018-5179: Lack of limits on update() in ServiceWorker.
     - CVE-2018-17477: UI spoof in Extensions.
   * debian/rules:
     - remove enable_google_now build flag
     - remove use_gtk3 build flag
   * debian/patches/arm-neon.patch: refreshed
   * debian/patches/chromium_useragent.patch: refreshed
   * debian/patches/configuration-directory.patch: refreshed
   * debian/patches/define__libc_malloc.patch: refreshed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix-extra-arflags.patch: refreshed
   * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
   * debian/patches/search-credit.patch: refreshed
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
   * debian/patches/swiftshader-default-visibility.patch: replaced by
     debian/patches/swiftshader-upstream-entry-points.patch
   * debian/patches/widevine-other-locations: refreshed
   * debian/known_gn_gen_args-*:
     - remove enable_google_now build flag
     - remove use_gtk3 build flag
Checksums-Sha1:
 e9e1bbaaabaf3b3b55ce79fc9b79b6e7f3e633f0 2572 chromium-browser_70.0.3538.67-0ubuntu1.dsc
 edfc042c78c141b82bc9aa69e8b4c244e5e76759 623057648 chromium-browser_70.0.3538.67.orig.tar.xz
 d06decd42bcd5b74279ef744071ebe85104351af 2382156 chromium-browser_70.0.3538.67-0ubuntu1.debian.tar.xz
 f870b1c1449a783deb994ccf620859831e76eae5 18742 chromium-browser_70.0.3538.67-0ubuntu1_source.buildinfo
Checksums-Sha256:
 ba3f7d14aa1632a38a8ea9d2e3fcb89478b0ac9bcd232364341e3e910d0c0ecb 2572 chromium-browser_70.0.3538.67-0ubuntu1.dsc
 e956c2031f634300ada8c09e0777f0c560f4798963f144edaaec8d43e1e30e37 623057648 chromium-browser_70.0.3538.67.orig.tar.xz
 1bae4a6ce1aac6aeb8c8ad411110cb3affded2df9edf0673d111b9e07cbcbb4d 2382156 chromium-browser_70.0.3538.67-0ubuntu1.debian.tar.xz
 b93cff5f211b7f85b7b509ebaeca61d69de569126b52776c57b3ba05c4ff62ef 18742 chromium-browser_70.0.3538.67-0ubuntu1_source.buildinfo
Files:
 eb8a599dbeae1f1443b7692363d9f439 2572 web optional chromium-browser_70.0.3538.67-0ubuntu1.dsc
 2c6e39bdbeea70fdd30832fa18bbe6fb 623057648 web optional chromium-browser_70.0.3538.67.orig.tar.xz
 180b0fdf24fdc7f2f4f3b7ad3bc49192 2382156 web optional chromium-browser_70.0.3538.67-0ubuntu1.debian.tar.xz
 6bf47e0b642ab80fc851609d4fe18540 18742 web optional chromium-browser_70.0.3538.67-0ubuntu1_source.buildinfo

More information about the Cosmic-changes mailing list