[ubuntu/xenial-security] chromium-browser 57.0.2987.98-0ubuntu0.16.04.1276 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Wed Apr 5 18:48:31 UTC 2017

chromium-browser (57.0.2987.98-0ubuntu0.16.04.1276) xenial-security; urgency=medium

  * Upstream release: 57.0.2987.98.
    - CVE-2017-5030: Memory corruption in V8.
    - CVE-2017-5031: Use after free in ANGLE.
    - CVE-2017-5032: Out of bounds write in PDFium.
    - CVE-2017-5029: Integer overflow in libxslt.
    - CVE-2017-5034: Use after free in PDFium.
    - CVE-2017-5035: Incorrect security UI in Omnibox.
    - CVE-2017-5036: Use after free in PDFium.
    - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
    - CVE-2017-5039: Use after free in PDFium.
    - CVE-2017-5040: Information disclosure in V8.
    - CVE-2017-5041: Address spoofing in Omnibox.
    - CVE-2017-5033: Bypass of Content Security Policy in Blink.
    - CVE-2017-5042: Incorrect handling of cookies in Cast.
    - CVE-2017-5038: Use after free in GuestView.
    - CVE-2017-5043: Use after free in GuestView.
    - CVE-2017-5044: Heap overflow in Skia.
    - CVE-2017-5045: Information disclosure in XSS Auditor.
    - CVE-2017-5046: Information disclosure in Blink.
  * debian/patches/arm64-support no longer needed
  * debian/patches/stdatomic: Support gcc48.
  * debian/patches/snapshot-library-link: Add missing libsnapshot link
  * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
  * debian/control: Drop binary arch "any" and explicitly list four.
  * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
  * debian/rules: Fix armhf float ABI and remove unnecessary envvars.
    (LP: #1673276)

Date: 2017-03-17 17:34:13.902083+00:00
Changed-By: Chad Miller <chad.miller at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list