[ubuntu/xenial-security] chromium-browser 76.0.3809.87-0ubuntu0.16.04.1 (Accepted)

Chris Coulson chris.coulson at canonical.com
Mon Aug 5 10:27:23 UTC 2019 

chromium-browser (76.0.3809.87-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 76.0.3809.87
    - CVE-2019-5850: Use-after-free in offline page fetcher.
    - CVE-2019-5860: Use-after-free in PDFium.
    - CVE-2019-5853: Memory corruption in regexp length check.
    - CVE-2019-5851: Use-after-poison in offline audio context.
    - CVE-2019-5859: res: URIs can load alternative browsers.
    - CVE-2019-5856: Insufficient checks on filesystem: URI permissions.
    - CVE-2019-5863: Use-after-free in WebUSB on Windows.
    - CVE-2019-5855: Integer overflow in PDFium.
    - CVE-2019-5865: Site isolation bypass from compromised renderer.
    - CVE-2019-5858: Insufficient filtering of Open URL service parameters.
    - CVE-2019-5864: Insufficient port filtering in CORS for extensions.
    - CVE-2019-5862: AppCache not robust to compromised renderers.
    - CVE-2019-5861: Click location incorrectly checked.
    - CVE-2019-5857: Comparison of -0 and null yields crash.
    - CVE-2019-5854: Integer overflow in PDFium text rendering.
    - CVE-2019-5852: Object leak of utility functions.
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/closure-compiler-java-no-client-vm.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ffmpeg-ia32-build.patch: removed, no longer needed
  * debian/patches/pffft-no-neon.patch: removed, no longer needed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/upstream-fix-blink-build-iterators.patch: added

chromium-browser (75.0.3770.142-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 75.0.3770.142

chromium-browser (75.0.3770.100-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 75.0.3770.100

chromium-browser (75.0.3770.90-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 75.0.3770.90

chromium-browser (75.0.3770.80-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 75.0.3770.80
    - CVE-2019-5828: Use after free in ServiceWorker.
    - CVE-2019-5829: Use after free in Download Manager.
    - CVE-2019-5830: Incorrectly credentialed requests in CORS.
    - CVE-2019-5831: Incorrect map processing in V8.
    - CVE-2019-5832: Incorrect CORS handling in XHR.
    - CVE-2019-5833: Inconsistent security UI placement.
    - CVE-2019-5834: URL spoof in Omnibox on iOS.
    - CVE-2019-5835: Out of bounds read in Swiftshader.
    - CVE-2019-5836: Heap buffer overflow in Angle.
    - CVE-2019-5837: Cross-origin resources size disclosure in Appcache.
    - CVE-2019-5838: Overly permissive tab access in Extensions.
    - CVE-2019-5839: Incorrect handling of certain code points in Blink.
    - CVE-2019-5840: Popup blocker bypass.
  * debian/rules: replace deprecated remove_webcore_debug_symbols build flag
    by blink_symbol_level
  * debian/patches/arm-neon.patch: removed, no longer needed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/fix-ptrace-header-include.patch: refreshed
  * debian/patches/pffft-no-neon.patch: added
  * debian/patches/revert-gn-4960.patch: removed, no longer needed
  * debian/patches/revert-gn-4980.patch: removed, no longer needed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: removed,
    no longer needed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/widevine-enable-version-string.patch: refreshed
  * debian/known_gn_gen_args-*: remove remove_webcore_debug_symbols build flag
  * debian/tests/chromium-version: update test to account for an undocumented
    chromedriver API change
  * debian/tests/html5test: update test expectations

Date: 2019-07-30 19:31:15.162190+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/76.0.3809.87-0ubuntu0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list