[ubuntu/trusty-security] chromium-browser 62.0.3202.62-0ubuntu0.14.04.1204 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Tue Oct 24 20:08:11 UTC 2017

chromium-browser (62.0.3202.62-0ubuntu0.14.04.1204) trusty; urgency=medium

  * Upstream release: 62.0.3202.62
    - CVE-2017-5124: UXSS with MHTML.
    - CVE-2017-5125: Heap overflow in Skia.
    - CVE-2017-5126: Use after free in PDFium.
    - CVE-2017-5127: Use after free in PDFium.
    - CVE-2017-5128: Heap overflow in WebGL.
    - CVE-2017-5129: Use after free in WebAudio.
    - CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
    - CVE-2017-5130: Heap overflow in libxml2.
    - CVE-2017-5131: Out of bounds write in Skia.
    - CVE-2017-5133: Out of bounds write in Skia.
    - CVE-2017-15386: UI spoofing in Blink.
    - CVE-2017-15387: Content security bypass.
    - CVE-2017-15388: Out of bounds read in Skia.
    - CVE-2017-15389: URL spoofing in OmniBox.
    - CVE-2017-15390: URL spoofing in OmniBox.
    - CVE-2017-15391: Extension limitation bypass in Extensions.
    - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
    - CVE-2017-15393: Referrer leak in Devtools.
    - CVE-2017-15394: URL spoofing in extensions UI.
    - CVE-2017-15395: Null pointer dereference in ImageCapture.
  * debian/control:
    - build with clang 4.0
    - bump Standards-Version to 4.1.0
  * debian/rules:
    - build with clang 4.0
    - also build gn with clang 4.0
    - do not disable swiftshader on i386 (LP: #1697496)
    - when building on armhf, pass symbol_level=0 to gn in the hope that
      Launchpad builders won't run out of memory when linking
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/allow-component-build: removed, unused
  * debian/patches/arm64-vpx-alignment: removed, no longer needed
  * debian/patches/c++-compatibility.patch: added
  * debian/patches/defang-ct-timebomb: removed, unused
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-argument-evaluation-order.patch: removed, no longer
  * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
  * debian/patches/fix-compilation-for-atk-version-check.patch: removed, no
    longer needed
  * debian/patches/fix-gn-bootstrap.patch: updated
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/gcc-compilation-fixes.patch: removed, no longer needed
  * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
  * debian/patches/no-new-ninja-flag.patch: added
  * debian/patches/protobuf-fullness: removed, unused
  * debian/patches/really-disable-swiftshader-on-x86.patch: removed, no longer
  * debian/patches/reduce-ld-memory-usage.patch: removed, no longer needed
  * debian/patches/revert-clang-nostdlib++.patch: added
  * debian/patches/revert-llvm-ar.patch: removed, no longer needed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: added
  * debian/patches/use-gcc-versioned: removed, no longer needed
  * debian/patches/vulkan-c99.patch: removed, no longer needed
  * debian/patches/widevine-other-locations: refreshed
  * debian/known_gyp_flags: removed, unused
  * debian/known_gn_gen_args-[i386,amd64,armhf]: added

Date: 2017-10-19 09:15:15.694092+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list