[ubuntu/disco-proposed] chromium-browser 71.0.3578.80-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Tue Dec 4 21:13:14 UTC 2018


chromium-browser (71.0.3578.80-0ubuntu1) disco; urgency=medium

  * Upstream release: 71.0.3578.80
    - CVE-2018-17480: Out of bounds write in V8.
    - CVE-2018-17481: Use after frees in PDFium.
    - CVE-2018-18335: Heap buffer overflow in Skia.
    - CVE-2018-18336: Use after free in PDFium.
    - CVE-2018-18337: Use after free in Blink.
    - CVE-2018-18338: Heap buffer overflow in Canvas.
    - CVE-2018-18339: Use after free in WebAudio.
    - CVE-2018-18340: Use after free in MediaRecorder.
    - CVE-2018-18341: Heap buffer overflow in Blink.
    - CVE-2018-18342: Out of bounds write in V8.
    - CVE-2018-18343: Use after free in Skia.
    - CVE-2018-18344: Inappropriate implementation in Extensions.
    - CVE-2018-18345: Inappropriate implementation in Site Isolation.
    - CVE-2018-18346: Incorrect security UI in Blink.
    - CVE-2018-18347: Inappropriate implementation in Navigation.
    - CVE-2018-18348: Inappropriate implementation in Omnibox.
    - CVE-2018-18349: Insufficient policy enforcement in Blink.
    - CVE-2018-18350: Insufficient policy enforcement in Blink.
    - CVE-2018-18351: Insufficient policy enforcement in Navigation.
    - CVE-2018-18352: Inappropriate implementation in Media.
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18356: Use after free in Skia.
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
    - CVE-2018-18358: Insufficient policy enforcement in Proxy.
    - CVE-2018-18359: Out of bounds read in V8.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-allow-enable.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/patches/widevine-revision.patch: renamed to
    debian/patches/widevine-enable-version-string.patch and updated
  * debian/tests/html5test: update test expectations

Date: Tue, 04 Dec 2018 21:54:05 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/71.0.3578.80-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Dec 2018 21:54:05 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 71.0.3578.80-0ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (71.0.3578.80-0ubuntu1) disco; urgency=medium
 .
   * Upstream release: 71.0.3578.80
     - CVE-2018-17480: Out of bounds write in V8.
     - CVE-2018-17481: Use after frees in PDFium.
     - CVE-2018-18335: Heap buffer overflow in Skia.
     - CVE-2018-18336: Use after free in PDFium.
     - CVE-2018-18337: Use after free in Blink.
     - CVE-2018-18338: Heap buffer overflow in Canvas.
     - CVE-2018-18339: Use after free in WebAudio.
     - CVE-2018-18340: Use after free in MediaRecorder.
     - CVE-2018-18341: Heap buffer overflow in Blink.
     - CVE-2018-18342: Out of bounds write in V8.
     - CVE-2018-18343: Use after free in Skia.
     - CVE-2018-18344: Inappropriate implementation in Extensions.
     - CVE-2018-18345: Inappropriate implementation in Site Isolation.
     - CVE-2018-18346: Incorrect security UI in Blink.
     - CVE-2018-18347: Inappropriate implementation in Navigation.
     - CVE-2018-18348: Inappropriate implementation in Omnibox.
     - CVE-2018-18349: Insufficient policy enforcement in Blink.
     - CVE-2018-18350: Insufficient policy enforcement in Blink.
     - CVE-2018-18351: Insufficient policy enforcement in Navigation.
     - CVE-2018-18352: Inappropriate implementation in Media.
     - CVE-2018-18353: Inappropriate implementation in Network Authentication.
     - CVE-2018-18354: Insufficient data validation in Shell Integration.
     - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
     - CVE-2018-18356: Use after free in Skia.
     - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
     - CVE-2018-18358: Insufficient policy enforcement in Proxy.
     - CVE-2018-18359: Out of bounds read in V8.
   * debian/patches/chromium_useragent.patch: refreshed
   * debian/patches/configuration-directory.patch: refreshed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix-extra-arflags.patch: refreshed
   * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
   * debian/patches/gn-no-last-commit-position.patch: refreshed
   * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
   * debian/patches/search-credit.patch: refreshed
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
     needed
   * debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
   * debian/patches/title-bar-default-system.patch-v35: refreshed
   * debian/patches/touch-v35: refreshed
   * debian/patches/widevine-allow-enable.patch: removed, no longer needed
   * debian/patches/widevine-other-locations: refreshed
   * debian/patches/widevine-revision.patch: renamed to
     debian/patches/widevine-enable-version-string.patch and updated
   * debian/tests/html5test: update test expectations
Checksums-Sha1:
 8a69e913372e100a79b3fcc6f938c367e4189c0e 2571 chromium-browser_71.0.3578.80-0ubuntu1.dsc
 1b7060e5c9ca875e9840003149892c3f3fd9322b 633878288 chromium-browser_71.0.3578.80.orig.tar.xz
 66a18e5b0f1e565aaac0ea132556c53b8cf1eaa4 2378152 chromium-browser_71.0.3578.80-0ubuntu1.debian.tar.xz
 09dae7d6203d59a12035b668365596a37a0ac30c 18899 chromium-browser_71.0.3578.80-0ubuntu1_source.buildinfo
Checksums-Sha256:
 2373d9a80456a29268218f7a113df91ebcd5395f40a79bcd07f2b878f8805ea1 2571 chromium-browser_71.0.3578.80-0ubuntu1.dsc
 025b3520750d11f260acc4cbff5759137444ffb4c82361138dfd22f87b77ad0d 633878288 chromium-browser_71.0.3578.80.orig.tar.xz
 99ed1d54287c4f59b00ff06c80052a101c2bf929bfb55d3c689297568669b271 2378152 chromium-browser_71.0.3578.80-0ubuntu1.debian.tar.xz
 1e6188586a4989de4f7ac974b06a80852248de95a86169c1a4db3fe673dd59bf 18899 chromium-browser_71.0.3578.80-0ubuntu1_source.buildinfo
Files:
 7fb6cf429e641ae628b456ee593cf5d2 2571 web optional chromium-browser_71.0.3578.80-0ubuntu1.dsc
 2cd599a74930294cd01fa79d6ada2198 633878288 web optional chromium-browser_71.0.3578.80.orig.tar.xz
 de244f337b50649acd39413ae6cb0707 2378152 web optional chromium-browser_71.0.3578.80-0ubuntu1.debian.tar.xz
 69a8e8d8aa0136b4f21968199fa5a219 18899 web optional chromium-browser_71.0.3578.80-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlwG68MACgkQ0yjXIxis
5scaZwf+LtpRS5Vzy7xf6tf4WlEqM3+pB1Msg9JxpAsT491l0XYdWMTscT8clwKn
lbA38BdPREz3Na3HCiCk/TQE3kKhYA2qn+3Q2Un9l/3mzSix0FxcHfnydTgcKFJm
uQHeDMcQUXtmjlga2ssHIV8MhlDv8aY8B0qk5bpl28fgWFS7DXErO3pOFFHC8PHh
tp1ihHf6Kf5WzVlkH6LFQ76MNzJ0KKyYHtcyLliBrNgJl8g2SXNEGoL8df/0PbIV
5DCNRyxMnsqrkJ3V9m2tBk0cj38ScER0Y1NH1KXpwONKFHSTeY5wHKHDF1xgjhgJ
RopzPbLKswvcaZWgsxM4ApAsHMUXBw==
=fLUZ
-----END PGP SIGNATURE-----


More information about the Disco-changes mailing list