[ubuntu/trusty-security] chromium-browser 61.0.3163.79-0ubuntu0.14.04.1196 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Thu Sep 21 15:44:55 UTC 2017 

chromium-browser (61.0.3163.79-0ubuntu0.14.04.1196) trusty; urgency=medium

  * Upstream release: 61.0.3163.79
    - CVE-2017-5111: Use after free in PDFium.
    - CVE-2017-5112: Heap buffer overflow in WebGL.
    - CVE-2017-5113: Heap buffer overflow in Skia.
    - CVE-2017-5114: Memory lifecycle issue in PDFium.
    - CVE-2017-5115: Type confusion in V8.
    - CVE-2017-5116: Type confusion in V8.
    - CVE-2017-5117: Use of uninitialized value in Skia.
    - CVE-2017-5118: Bypass of Content Security Policy in Blink.
    - CVE-2017-5119: Use of uninitialized value in Skia.
    - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
  * debian/control: bump Standards-Version to 4.0.0
  * debian/rules:
    - build with use_custom_libcxx=false to force the use of the system
      libstdc++
    - build with is_component_build=false, is_official_build=true,
      allow_posix_link_time_opt=false and fatal_linker_warnings=false
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/define__libc_malloc.patch: added
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-compilation-for-atk.patch: added
  * debian/patches/fix-compilation-for-atk-version-check.patch: added
  * debian/patches/fix-gn-bootstrap.patch: updated
  * debian/patches/fix-webkit-layout-build-with-g++.patch: removed,
    no longer needed
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/gcc-compilation-fixes.patch: added
  * debian/patches/make-base-numerics-build-with-gcc.patch: added
  * debian/patches/really-disable-swiftshader-on-x86.patch: updated
  * debian/patches/reduce-ld-memory-usage.patch: added
  * debian/patches/relax-ninja-version-requirement.patch: added
  * debian/patches/revert-llvm-ar.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-gcc-versioned: refreshed

Date: 2017-09-11 21:22:12.964365+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/61.0.3163.79-0ubuntu0.14.04.1196
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list