[ubuntu/xenial-security] chromium-browser 60.0.3112.78-0ubuntu0.16.04.1293 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Wed Aug 9 17:44:32 UTC 2017

chromium-browser (60.0.3112.78-0ubuntu0.16.04.1293) xenial; urgency=medium

  * Upstream release: 60.0.3112.78
    - CVE-2017-5091: Use after free in IndexedDB.
    - CVE-2017-5092: Use after free in PPAPI.
    - CVE-2017-5093: UI spoofing in Blink.
    - CVE-2017-5094: Type confusion in extensions.
    - CVE-2017-5095: Out-of-bounds write in PDFium.
    - CVE-2017-5096: User information leak via Android intents.
    - CVE-2017-5097: Out-of-bounds read in Skia.
    - CVE-2017-5098: Use after free in V8.
    - CVE-2017-5099: Out-of-bounds write in PPAPI.
    - CVE-2017-5100: Use after free in Chrome Apps.
    - CVE-2017-5101: URL spoofing in OmniBox.
    - CVE-2017-5102: Uninitialized use in Skia.
    - CVE-2017-5103: Uninitialized use in Skia.
    - CVE-2017-5104: UI spoofing in browser.
    - CVE-2017-5105: URL spoofing in OmniBox.
    - CVE-2017-5106: URL spoofing in OmniBox.
    - CVE-2017-5107: User information leak via SVG.
    - CVE-2017-5108: Type confusion in PDFium.
    - CVE-2017-5109: UI spoofing in browser.
    - CVE-2017-5110: UI spoofing in payments dialog.
    - CVE-2017-7000: Pointer disclosure in SQLite.
  * debian/control, debian/rules: build with clang 4.0
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/allow-component-build: removed, unused
  * debian/patches/arm64-vpx-alignment: removed, no longer needed
  * debian/patches/defang-ct-timebomb: removed, unused
  * debian/patches/default-allocator: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/fix-gn-bootstrap.patch: added
  * debian/patches/last-commit-position: refreshed
  * debian/patches/linux-dma-buf.patch: removed, no longer needed
  * debian/patches/memory-free-assertion-failure: removed, no longer needed
  * debian/patches/no-fPIC.patch: removed, no longer needed
  * debian/patches/protobuf-fullness: removed, unused
  * debian/patches/revert-llvm-ar.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/snapshot-library-link: removed, no longer needed
  * debian/patches/stdatomic: removed, no longer needed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: added
  * debian/patches/use-gcc-versioned: removed, no longer needed
  * debian/known_gyp_flags: removed, unused
  * debian/known_gn_gen_args-[i386,amd64,armhf]: added

Date: 2017-07-31 15:42:14.169322+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list