[ubuntu/disco-proposed] chromium-browser 72.0.3626.81-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Wed Jan 30 10:19:29 UTC 2019 

chromium-browser (72.0.3626.81-0ubuntu1) disco; urgency=medium

  * Upstream release: 72.0.3626.81
    - CVE-2019-5754: Inappropriate implementation in QUIC Networking.
    - CVE-2019-5782: Inappropriate implementation in V8.
    - CVE-2019-5755: Inappropriate implementation in V8.
    - CVE-2019-5756: Use after free in PDFium.
    - CVE-2019-5757: Type Confusion in SVG.
    - CVE-2019-5758: Use after free in Blink.
    - CVE-2019-5759: Use after free in HTML select elements.
    - CVE-2019-5760: Use after free in WebRTC.
    - CVE-2019-5761: Use after free in SwiftShader.
    - CVE-2019-5762: Use after free in PDFium.
    - CVE-2019-5763: Insufficient validation of untrusted input in V8.
    - CVE-2019-5764: Use after free in WebRTC.
    - CVE-2019-5765: Insufficient policy enforcement in the browser.
    - CVE-2019-5766: Insufficient policy enforcement in Canvas.
    - CVE-2019-5767: Incorrect security UI in WebAPKs.
    - CVE-2019-5768: Insufficient policy enforcement in DevTools.
    - CVE-2019-5769: Insufficient validation of untrusted input in Blink.
    - CVE-2019-5770: Heap buffer overflow in WebGL.
    - CVE-2019-5771: Heap buffer overflow in SwiftShader.
    - CVE-2019-5772: Use after free in PDFium.
    - CVE-2019-5773: Insufficient data validation in IndexedDB.
    - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
    - CVE-2019-5775: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5776: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5777: Insufficient policy enforcement in Omnibox.
    - CVE-2019-5778: Insufficient policy enforcement in Extensions.
    - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
    - CVE-2019-5780: Insufficient policy enforcement.
    - CVE-2019-5781: Insufficient policy enforcement in Omnibox.
  * debian/control: add default-jre-headless as a build dependency
    (needed to compile the new lite JS mojom bindings)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-bootstrap-remove-sysroot-options.patch: removed, no longer
    needed
  * debian/patches/gn-do-not-build-with-icf.patch: added
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
    needed
  * debian/patches/swiftshader-gl-entry-trampoline.patch: removed, no longer
    needed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-other-locations: refreshed
  * debian/tests/html5test: update test expectations

Date: Wed, 30 Jan 2019 10:53:04 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/72.0.3626.81-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Jan 2019 10:53:04 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 72.0.3626.81-0ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (72.0.3626.81-0ubuntu1) disco; urgency=medium
 .
   * Upstream release: 72.0.3626.81
     - CVE-2019-5754: Inappropriate implementation in QUIC Networking.
     - CVE-2019-5782: Inappropriate implementation in V8.
     - CVE-2019-5755: Inappropriate implementation in V8.
     - CVE-2019-5756: Use after free in PDFium.
     - CVE-2019-5757: Type Confusion in SVG.
     - CVE-2019-5758: Use after free in Blink.
     - CVE-2019-5759: Use after free in HTML select elements.
     - CVE-2019-5760: Use after free in WebRTC.
     - CVE-2019-5761: Use after free in SwiftShader.
     - CVE-2019-5762: Use after free in PDFium.
     - CVE-2019-5763: Insufficient validation of untrusted input in V8.
     - CVE-2019-5764: Use after free in WebRTC.
     - CVE-2019-5765: Insufficient policy enforcement in the browser.
     - CVE-2019-5766: Insufficient policy enforcement in Canvas.
     - CVE-2019-5767: Incorrect security UI in WebAPKs.
     - CVE-2019-5768: Insufficient policy enforcement in DevTools.
     - CVE-2019-5769: Insufficient validation of untrusted input in Blink.
     - CVE-2019-5770: Heap buffer overflow in WebGL.
     - CVE-2019-5771: Heap buffer overflow in SwiftShader.
     - CVE-2019-5772: Use after free in PDFium.
     - CVE-2019-5773: Insufficient data validation in IndexedDB.
     - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
     - CVE-2019-5775: Insufficient policy enforcement in Omnibox.
     - CVE-2019-5776: Insufficient policy enforcement in Omnibox.
     - CVE-2019-5777: Insufficient policy enforcement in Omnibox.
     - CVE-2019-5778: Insufficient policy enforcement in Extensions.
     - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
     - CVE-2019-5780: Insufficient policy enforcement.
     - CVE-2019-5781: Insufficient policy enforcement in Omnibox.
   * debian/control: add default-jre-headless as a build dependency
     (needed to compile the new lite JS mojom bindings)
   * debian/patches/additional-search-engines.patch: refreshed
   * debian/patches/chromium_useragent.patch: refreshed
   * debian/patches/configuration-directory.patch: refreshed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix-extra-arflags.patch: refreshed
   * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
   * debian/patches/gn-bootstrap-remove-sysroot-options.patch: removed, no longer
     needed
   * debian/patches/gn-do-not-build-with-icf.patch: added
   * debian/patches/gn-no-last-commit-position.patch: refreshed
   * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
     needed
   * debian/patches/swiftshader-gl-entry-trampoline.patch: removed, no longer
     needed
   * debian/patches/title-bar-default-system.patch-v35: refreshed
   * debian/patches/widevine-other-locations: refreshed
   * debian/tests/html5test: update test expectations
Checksums-Sha1:
 2a91dc2ba5759cfa115267d21925f7e7f03ede22 2593 chromium-browser_72.0.3626.81-0ubuntu1.dsc
 16836d6f211aad133d184d1d0e347f47ea024336 686338420 chromium-browser_72.0.3626.81.orig.tar.xz
 9fdcb4653eb6509a0316deea2771a565b4aa17ad 2360680 chromium-browser_72.0.3626.81-0ubuntu1.debian.tar.xz
 8052932a9a0231e7df9e8cf4227975ccf9deb383 19542 chromium-browser_72.0.3626.81-0ubuntu1_source.buildinfo
Checksums-Sha256:
 9221a47bf25073e9415286e3a5d0a1972f21fd1cde7f63e741527e8691a15a28 2593 chromium-browser_72.0.3626.81-0ubuntu1.dsc
 dfe89fe389008e6d2098099948d10774989d2f3e8dca6ace78ea4ec636dd8006 686338420 chromium-browser_72.0.3626.81.orig.tar.xz
 80d7f591e73caaba3fc356481e844421ea3c3bb2c24d1d066cd73688ef994bab 2360680 chromium-browser_72.0.3626.81-0ubuntu1.debian.tar.xz
 07b4cda25ed7b2adf0fe57ae835ae7aa7738d923963e8eae885a7733a4a87b36 19542 chromium-browser_72.0.3626.81-0ubuntu1_source.buildinfo
Files:
 3f3d6391280d1eb9d654156d487525a4 2593 web optional chromium-browser_72.0.3626.81-0ubuntu1.dsc
 ac57ccbec0aceee41101ac1255b3c14b 686338420 web optional chromium-browser_72.0.3626.81.orig.tar.xz
 5dde04bd7d88be4257d35539948793a6 2360680 web optional chromium-browser_72.0.3626.81-0ubuntu1.debian.tar.xz
 86421a1f849fa5f75844b368d760ab9f 19542 web optional chromium-browser_72.0.3626.81-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlxRdmYACgkQ0yjXIxis
5sdEUwf+JrGoS0nQusshpXjaViBsLaWOjTD8AqfzUNaY1Vu8nTEbyhRcxhLvolER
6uwT2X+F0FA+RQjrGgXS4935hjiCpz4ubhmO+ASL9Nupa5wjyEnyn/YGqfpb2z0Y
m0UpjrvYqYatIvtLYNNi7wU3mGmIlxWsm223VRyzcRMlQr4R63m9kjRiegZfCiKw
zeM3mpYCbNW+OMnCBwN8iEq+BFBtnhrGGRwMjguuw0MiXy6Cq1vC63PKOYfeTFQ7
bDkOxUwMAFwZ7pQZG5EFnAG2/KVI8NpkYsy0DCVgwAvVsNvtNP4/XGoa2ovh/zs5
OF7KfMVXW8nv/EqMoF0Xpuuwk6L47Q==
=DESF
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list