[ubuntu/disco-proposed] chromium-browser 73.0.3683.75-0ubuntu1 (Accepted)
Olivier Tilloy
olivier.tilloy at canonical.com
Tue Mar 12 20:55:30 UTC 2019
chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium
* Upstream release: 73.0.3683.75
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
* debian/patches/add-missing-cstring-include.patch: removed, no longer needed
* debian/patches/additional-search-engines.patch: removed, no longer needed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: updated
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
Date: Tue, 12 Mar 2019 21:37:28 +0100
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/73.0.3683.75-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 Mar 2019 21:37:28 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 73.0.3683.75-0ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
chromium-browser - Chromium web browser, open-source version of Chrome
chromium-browser-l10n - chromium-browser language packages
chromium-chromedriver - WebDriver driver for the Chromium Browser
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium
.
* Upstream release: 73.0.3683.75
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
* debian/patches/add-missing-cstring-include.patch: removed, no longer needed
* debian/patches/additional-search-engines.patch: removed, no longer needed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: updated
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
Checksums-Sha1:
61e956cabc55b10f442af4122d2544b4ec3ab0ae 2593 chromium-browser_73.0.3683.75-0ubuntu1.dsc
230d57ff148afe44bfa77819cc37d2cba78e4ba7 710439908 chromium-browser_73.0.3683.75.orig.tar.xz
d2ceb4aca995ac65017c35d7ef5f78bc8bbfe861 2360772 chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
30b459c25950876d13c7f0e69f8032a585994b02 19572 chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo
Checksums-Sha256:
6e6a3d4f7ca7927c56238b766b9ba6dc4135f47ea4283beea70d46a494a7f0cf 2593 chromium-browser_73.0.3683.75-0ubuntu1.dsc
8304810626c69c296b3262844e20052e7476280b634c525a711a7f6c0e3dd57c 710439908 chromium-browser_73.0.3683.75.orig.tar.xz
68081d620eb2203871c0df8de08a97dbe772962672d3ee5fa22813536caf32cf 2360772 chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
5901985b488ecc792fd45368c78d43a509b78142f2263ae364e2b2f76149ced8 19572 chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo
Files:
a90ff2dfb35f63ed70ce89d933a76735 2593 web optional chromium-browser_73.0.3683.75-0ubuntu1.dsc
5acadb18a18526beaa8f49982be57c5d 710439908 web optional chromium-browser_73.0.3683.75.orig.tar.xz
9473581e5b0fdad47443665f443b70da 2360772 web optional chromium-browser_73.0.3683.75-0ubuntu1.debian.tar.xz
39320e14f48936c52633955c72f94c7c 19572 web optional chromium-browser_73.0.3683.75-0ubuntu1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAlyIG2gACgkQ0yjXIxis
5sf1JQf/Sy6P4z62qpKUR1+SngOvvUMF20A9xJhIAuYIkMXHpjnp+gsluhF0XfuF
yILX4JkZsCWenNV8aWrBJgFysVOHbFWFMzPBWKJTkhc2tF9nk/KPVqlsE0ItF7mx
JVO6K8gi20msxw14FC98yKL/dHCjca9vLTHz+pNk4qTiwemd/VCaKinXntvtXle4
GcWBL1KfQ9jx+U+ZxVC2+eacvKx0X4mw/zaFU58kyllD4WJecIdL802L93reEadd
RxHRpJB1Q9zJJ3fYuP5wZ2fRG7nsCojbXPjql3lMuliV/LlPmbGcJ0xmNjeQTb9h
dVj1wQkQI5lsHJeRXvsiBUnVc4qaiQ==
=jb03
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list