[ubuntu/xenial-security] chromium-browser 81.0.4044.122-0ubuntu0.16.04.1 (Accepted)

Thu Apr 30 23:31:13 UTC 2020

chromium-browser (81.0.4044.122-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 81.0.4044.122
    - CVE-2020-6459: Use after free in payments.
    - CVE-2020-6460: Insufficient data validation in URL formatting.
    - CVE-2020-6458: Out of bounds read and write in PDFium.

chromium-browser (81.0.4044.113-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 81.0.4044.113
    - CVE-2020-6457: Use after free in speech recognizer.

chromium-browser (81.0.4044.92-0ubuntu0.16.04.6) xenial; urgency=medium

  * debian/patches/use-old-mesa.patch: added

chromium-browser (81.0.4044.92-0ubuntu0.16.04.5) xenial; urgency=medium

  * debian/patches/define-libdrm-missing-identifier.patch: renamed to
    debian/patches/define-libdrm-missing-identifiers.patch and updated

chromium-browser (81.0.4044.92-0ubuntu0.16.04.4) xenial; urgency=medium

  * debian/patches/define-libdrm-missing-identifier.patch: updated

chromium-browser (81.0.4044.92-0ubuntu0.16.04.3) xenial; urgency=medium

  * debian/patches/define-libdrm-missing-identifier.patch: updated

chromium-browser (81.0.4044.92-0ubuntu0.16.04.2) xenial; urgency=medium

  * debian/patches/define-libdrm-missing-identifier.patch: added

chromium-browser (81.0.4044.92-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 81.0.4044.92
    - CVE-2020-6454: Use after free in extensions.
    - CVE-2020-6423: Use after free in audio.
    - CVE-2020-6455: Out of bounds read in WebSQL.
    - CVE-2020-6430: Type Confusion in V8.
    - CVE-2020-6456: Insufficient validation of untrusted input in clipboard.
    - CVE-2020-6431: Insufficient policy enforcement in full screen.
    - CVE-2020-6432: Insufficient policy enforcement in navigations.
    - CVE-2020-6433: Insufficient policy enforcement in extensions.
    - CVE-2020-6434: Use after free in devtools.
    - CVE-2020-6435: Insufficient policy enforcement in extensions.
    - CVE-2020-6436: Use after free in window management.
    - CVE-2020-6437: Inappropriate implementation in WebView.
    - CVE-2020-6438: Insufficient policy enforcement in extensions.
    - CVE-2020-6439: Insufficient policy enforcement in navigations.
    - CVE-2020-6440: Inappropriate implementation in extensions.
    - CVE-2020-6441: Insufficient policy enforcement in omnibox.
    - CVE-2020-6442: Inappropriate implementation in cache.
    - CVE-2020-6443: Insufficient data validation in developer tools.
    - CVE-2020-6444: Uninitialized Use in WebRTC.
    - CVE-2020-6445: Insufficient policy enforcement in trusted types.
    - CVE-2020-6446: Insufficient policy enforcement in trusted types.
    - CVE-2020-6447: Inappropriate implementation in developer tools.
    - CVE-2020-6448: Use after free in V8.
  * debian/control:
    - add libgbm-dev as a build dependency, required since
      https://chromium.googlesource.com/chromium/src/+/ff8d22e
    - build-depend on clang-8 and llvm-8, which are now in xenial-updates
    - build-depend on gcc-mozilla 7, to build gn with C++ 17 support
  * debian/rules: build gn with clang 8, and statically link against
    gcc-mozilla's libstdc++
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/closure-compiler-java-no-client-vm.patch: refreshed
  * debian/patches/constexpr-errors-with-old-clang.patch: removed, no longer
    needed
  * debian/patches/define__libc_malloc.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: removed, no longer needed
  * debian/patches/gn-experimental-string_view.patch: removed, no longer needed
  * debian/patches/gn-no-last-commit-position.patch: refreshed
  * debian/patches/no-new-ninja-flag.patch: refreshed
  * debian/patches/relax-ninja-version-requirement.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/upstream-fix-build-atk-226.patch: added
  * debian/patches/use-clang-versioned.patch: updated

Date: 2020-04-22 17:40:15.801366+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chris.coulson at canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/81.0.4044.122-0ubuntu0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.