[ubuntu/disco-proposed] chromium-browser 73.0.3683.75-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Tue Mar 12 20:55:30 UTC 2019 

chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium

  * Upstream release: 73.0.3683.75
    - CVE-2019-5787: Use after free in Canvas.
    - CVE-2019-5788: Use after free in FileAPI.
    - CVE-2019-5789: Use after free in WebMIDI.
    - CVE-2019-5790: Heap buffer overflow in V8.
    - CVE-2019-5791: Type confusion in V8.
    - CVE-2019-5792: Integer overflow in PDFium.
    - CVE-2019-5793: Excessive permissions for private API in Extensions.
    - CVE-2019-5794: Security UI spoofing.
    - CVE-2019-5795: Integer overflow in PDFium.
    - CVE-2019-5796: Race condition in Extensions.
    - CVE-2019-5797: Race condition in DOMStorage.
    - CVE-2019-5798: Out of bounds read in Skia.
    - CVE-2019-5799: CSP bypass with blob URL.
    - CVE-2019-5800: CSP bypass with blob URL.
    - CVE-2019-5801: Incorrect Omnibox display on iOS.
    - CVE-2019-5802: Security UI spoofing.
    - CVE-2019-5803: CSP bypass with Javascript URLs'.
    - CVE-2019-5804: Command line command injection on Windows.
  * debian/patches/add-missing-cstring-include.patch: removed, no longer needed
  * debian/patches/additional-search-engines.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
  * debian/patches/search-credit.patch: updated
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

Date: Tue, 12 Mar 2019 21:37:28 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/73.0.3683.75-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Mar 2019 21:37:28 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 73.0.3683.75-0ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium
 .
   * Upstream release: 73.0.3683.75
     - CVE-2019-5787: Use after free in Canvas.
     - CVE-2019-5788: Use after free in FileAPI.
     - CVE-2019-5789: Use after free in WebMIDI.
     - CVE-2019-5790: Heap buffer overflow in V8.
     - CVE-2019-5791: Type confusion in V8.
     - CVE-2019-5792: Integer overflow in PDFium.
     - CVE-2019-5793: Excessive permissions for private API in Extensions.
     - CVE-2019-5794: Security UI spoofing.
     - CVE-2019-5795: Integer overflow in PDFium.
     - CVE-2019-5796: Race condition in Extensions.
     - CVE-2019-5797: Race condition in DOMStorage.
     - CVE-2019-5798: Out of bounds read in Skia.
     - CVE-2019-5799: CSP bypass with blob URL.
     - CVE-2019-5800: CSP bypass with blob URL.
     - CVE-2019-5801: Incorrect Omnibox display on iOS.
     - CVE-2019-5802: Security UI spoofing.
     - CVE-2019-5803: CSP bypass with Javascript URLs'.
     - CVE-2019-5804: Command line command injection on Windows.
   * debian/patches/add-missing-cstring-include.patch: removed, no longer needed
   * debian/patches/additional-search-engines.patch: removed, no longer needed
   * debian/patches/configuration-directory.patch: refreshed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix-extra-arflags.patch: refreshed
   * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
   * debian/patches/gn-no-last-commit-position.patch: refreshed
   * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
   * debian/patches/search-credit.patch: updated
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/title-bar-default-system.patch-v35: refreshed
   * debian/patches/widevine-enable-version-string.patch: refreshed
Checksums-Sha1:
 61e956cabc55b10f442af4122d2544b4ec3ab0ae 2593 chromium-browser_73.0.3683.75-0ubuntu1.dsc
 230d57ff148afe44bfa77819cc37d2cba78e4ba7 710439908 chromium-browser_73.0.3683.75.orig.tar.xz
 d2ceb4aca995ac65017c35d7ef5f78bc8bbfe861 2360772 chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
 30b459c25950876d13c7f0e69f8032a585994b02 19572 chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo
Checksums-Sha256:
 6e6a3d4f7ca7927c56238b766b9ba6dc4135f47ea4283beea70d46a494a7f0cf 2593 chromium-browser_73.0.3683.75-0ubuntu1.dsc
 8304810626c69c296b3262844e20052e7476280b634c525a711a7f6c0e3dd57c 710439908 chromium-browser_73.0.3683.75.orig.tar.xz
 68081d620eb2203871c0df8de08a97dbe772962672d3ee5fa22813536caf32cf 2360772 chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
 5901985b488ecc792fd45368c78d43a509b78142f2263ae364e2b2f76149ced8 19572 chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo
Files:
 a90ff2dfb35f63ed70ce89d933a76735 2593 web optional chromium-browser_73.0.3683.75-0ubuntu1.dsc
 5acadb18a18526beaa8f49982be57c5d 710439908 web optional chromium-browser_73.0.3683.75.orig.tar.xz
 9473581e5b0fdad47443665f443b70da 2360772 web optional chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
 39320e14f48936c52633955c72f94c7c 19572 web optional chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlyIG2gACgkQ0yjXIxis
5sf1JQf/Sy6P4z62qpKUR1+SngOvvUMF20A9xJhIAuYIkMXHpjnp+gsluhF0XfuF
yILX4JkZsCWenNV8aWrBJgFysVOHbFWFMzPBWKJTkhc2tF9nk/KPVqlsE0ItF7mx
JVO6K8gi20msxw14FC98yKL/dHCjca9vLTHz+pNk4qTiwemd/VCaKinXntvtXle4
GcWBL1KfQ9jx+U+ZxVC2+eacvKx0X4mw/zaFU58kyllD4WJecIdL802L93reEadd
RxHRpJB1Q9zJJ3fYuP5wZ2fRG7nsCojbXPjql3lMuliV/LlPmbGcJ0xmNjeQTb9h
dVj1wQkQI5lsHJeRXvsiBUnVc4qaiQ==
=jb03
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list