[ubuntu/disco-security] chromium-browser 78.0.3904.70-0ubuntu0.19.04.4 (Accepted)

Chris Coulson chris.coulson at canonical.com
Wed Nov 6 00:39:13 UTC 2019


chromium-browser (78.0.3904.70-0ubuntu0.19.04.4) disco; urgency=medium

  * debian/patches/widevine-other-locations: updated

chromium-browser (78.0.3904.70-0ubuntu0.19.04.3) disco; urgency=medium

  * debian/patches/add-missing-memory-include.patch: added

chromium-browser (78.0.3904.70-0ubuntu0.19.04.2) disco; urgency=medium

  * debian/patches/make-DohUpgradeEntry-non-const.patch: added

chromium-browser (78.0.3904.70-0ubuntu0.19.04.1) disco; urgency=medium

  * Upstream release: 78.0.3904.70
    - CVE-2019-13699: Use-after-free in media.
    - CVE-2019-13700: Buffer overrun in Blink.
    - CVE-2019-13701: URL spoof in navigation.
    - CVE-2019-13702: Privilege elevation in Installer.
    - CVE-2019-13703: URL bar spoofing.
    - CVE-2019-13704: CSP bypass.
    - CVE-2019-13705: Extension permission bypass.
    - CVE-2019-13706: Out-of-bounds read in PDFium.
    - CVE-2019-13707: File storage disclosure.
    - CVE-2019-13708: HTTP authentication spoof.
    - CVE-2019-13709: File download protection bypass.
    - CVE-2019-13710: File download protection bypass.
    - CVE-2019-13711: Cross-context information leak.
    - CVE-2019-15903: Buffer overflow in expat.
    - CVE-2019-13713: Cross-origin data leak.
    - CVE-2019-13714: CSS injection.
    - CVE-2019-13715: Address bar spoofing.
    - CVE-2019-13716: Service worker state error.
    - CVE-2019-13717: Notification obscured.
    - CVE-2019-13718: IDN spoof.
    - CVE-2019-13719: Notification obscured.
  * debian/patches/add-missing-limits-include.patch: removed, no longer needed
  * debian/patches/add-missing-memory-include.patch: removed, no longer needed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/default-allocator: refreshed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (77.0.3865.120-0ubuntu0.19.04.1) disco; urgency=medium

  * Upstream release: 77.0.3865.120
    - CVE-2019-13693: Use-after-free in IndexedDB.
    - CVE-2019-13694: Use-after-free in WebRTC.
    - CVE-2019-13695: Use-after-free in audio.
    - CVE-2019-13696: Use-after-free in V8.
    - CVE-2019-13697: Cross-origin size leak.

chromium-browser (77.0.3865.90-0ubuntu0.19.04.1) disco; urgency=medium

  * Upstream release: 77.0.3865.90
    - CVE-2019-13685: Use-after-free in UI.
    - CVE-2019-13688: Use-after-free in media.
    - CVE-2019-13687: Use-after-free in media.
    - CVE-2019-13686: Use-after-free in offline pages.

chromium-browser (77.0.3865.75-0ubuntu0.19.04.3) disco; urgency=medium

  * debian/patches/add-missing-limits-include.patch: added

chromium-browser (77.0.3865.75-0ubuntu0.19.04.2) disco; urgency=medium

  * debian/patches/add-missing-memory-include.patch: added

chromium-browser (77.0.3865.75-0ubuntu0.19.04.1) disco; urgency=medium

  * Upstream release: 77.0.3865.75
    - CVE-2019-5870: Use-after-free in media.
    - CVE-2019-5871: Heap overflow in Skia.
    - CVE-2019-5872: Use-after-free in Mojo.
    - CVE-2019-5873: URL bar spoofing on iOS.
    - CVE-2019-5874: External URIs may trigger other browsers.
    - CVE-2019-5875: URL bar spoof via download redirect.
    - CVE-2019-5876: Use-after-free in media.
    - CVE-2019-5877: Out-of-bounds access in V8.
    - CVE-2019-5878: Use-after-free in V8.
    - CVE-2019-5879: Extension can bypass same origin policy.
    - CVE-2019-5880: SameSite cookie bypass.
    - CVE-2019-5881: Arbitrary read in SwiftShader.
    - CVE-2019-13659: URL spoof.
    - CVE-2019-13660: Full screen notification overlap.
    - CVE-2019-13661: Full screen notification spoof.
    - CVE-2019-13662: CSP bypass.
    - CVE-2019-13663: IDN spoof.
    - CVE-2019-13664: CSRF bypass.
    - CVE-2019-13665: Multiple file download protection bypass.
    - CVE-2019-13666: Side channel using storage size estimate.
    - CVE-2019-13667: URI bar spoof when using external app URIs.
    - CVE-2019-13668: Global window leak via console.
    - CVE-2019-13669: HTTP authentication spoof.
    - CVE-2019-13670: V8 memory corruption in regex.
    - CVE-2019-13671: Dialog box fails to show origin.
    - CVE-2019-13673: Cross-origin information leak using devtools.
    - CVE-2019-13674: IDN spoofing.
    - CVE-2019-13675: Extensions can be disabled by trailing slash.
    - CVE-2019-13676: Google URI shown for certificate warning.
    - CVE-2019-13677: Chrome web store origin needs to be isolated.
    - CVE-2019-13678: Download dialog spoofing.
    - CVE-2019-13679: User gesture needed for printing.
    - CVE-2019-13680: IP address spoofing to servers.
    - CVE-2019-13681: Bypass on download restrictions.
    - CVE-2019-13682: Site isolation bypass.
    - CVE-2019-13683: Exceptions leaked by devtools.
  * debian/patches/add-missing-cstddef-include.patch: refreshed
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/upstream-fix-blink-build-iterators.patch: removed, no longer
    needed
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (76.0.3809.132-0ubuntu0.19.04.1) disco; urgency=medium

  * Upstream release: 76.0.3809.132
    - CVE-2019-5869: Use-after-free in Blink.

Date: 2019-11-01 09:34:14.045035+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/78.0.3904.70-0ubuntu0.19.04.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Disco-changes mailing list