[ubuntu/xenial-updates] chromium-browser 84.0.4147.105-0ubuntu0.16.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Aug 4 19:04:01 UTC 2020 

chromium-browser (84.0.4147.105-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 84.0.4147.105
    - CVE-2020-6537: Type Confusion in V8.
    - CVE-2020-6538: Inappropriate implementation in WebView.
    - CVE-2020-6532: Use after free in SCTP.
    - CVE-2020-6539: Use after free in CSS.
    - CVE-2020-6540: Heap buffer overflow in Skia.
    - CVE-2020-6541: Use after free in WebUSB.

chromium-browser (84.0.4147.89-0ubuntu0.16.04.3) xenial; urgency=medium

  * Apply an upstream patch to fix a crash with video playback (LP: #1881751)
    - debian/patches/upstream-fix-crash-in-MediaSerializer-base-Location.patch

chromium-browser (84.0.4147.89-0ubuntu0.16.04.2) xenial; urgency=medium

  * debian/tests/data/chromium-version.html: update test expectations after
    the custom UA string was removed (LP: #1868117)

chromium-browser (84.0.4147.89-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 84.0.4147.89
    - CVE-2020-6510: Heap buffer overflow in background fetch.
    - CVE-2020-6511: Side-channel information leakage in content security policy.
    - CVE-2020-6512: Type Confusion in V8.
    - CVE-2020-6513: Heap buffer overflow in PDFium.
    - CVE-2020-6514: Inappropriate implementation in WebRTC.
    - CVE-2020-6515: Use after free in tab strip.
    - CVE-2020-6516: Policy bypass in CORS.
    - CVE-2020-6517: Heap buffer overflow in history.
    - CVE-2020-6518: Use after free in developer tools.
    - CVE-2020-6519: Policy bypass in CSP.
    - CVE-2020-6520: Heap buffer overflow in Skia.
    - CVE-2020-6521: Side-channel information leakage in autofill.
    - CVE-2020-6522: Inappropriate implementation in external protocol handlers.
    - CVE-2020-6523: Out of bounds write in Skia.
    - CVE-2020-6524: Heap buffer overflow in WebAudio.
    - CVE-2020-6525: Heap buffer overflow in Skia.
    - CVE-2020-6526: Inappropriate implementation in iframe sandbox.
    - CVE-2020-6527: Insufficient policy enforcement in CSP.
    - CVE-2020-6528: Incorrect security UI in basic auth.
    - CVE-2020-6529: Inappropriate implementation in WebRTC.
    - CVE-2020-6530: Out of bounds memory access in developer tools.
    - CVE-2020-6531: Side-channel information leakage in scroll to text.
    - CVE-2020-6533: Type Confusion in V8.
    - CVE-2020-6534: Heap buffer overflow in WebRTC.
    - CVE-2020-6535: Insufficient data validation in WebUI.
    - CVE-2020-6536: Incorrect security UI in PWAs.
  * debian/control: add build dependencies on python-xcbgen and xcb-proto
    (needed since https://chromium.googlesource.com/chromium/src.git/+/e43aa4b)
  * debian/patches/cc-old-clang-compatibility.patch: added
  * debian/patches/chromium_useragent.patch: removed (LP: #1868117)
  * debian/patches/default-allocator: refreshed
  * debian/patches/define-libdrm-missing-identifiers.patch: added
  * debian/patches/fix-build-with-older-xcb-proto.patch: added
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/patches/use-old-mesa.patch: added
  * debian/patches/widevine-enable-version-string.patch: refreshed

chromium-browser (83.0.4103.116-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 83.0.4103.116
    - CVE-2020-6509: Use after free in extensions.

chromium-browser (83.0.4103.106-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 83.0.4103.106
    - CVE-2020-6505: Use after free in speech.
    - CVE-2020-6506: Insufficient policy enforcement in WebView.
    - CVE-2020-6507: Out of bounds write in V8.

chromium-browser (83.0.4103.97-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 83.0.4103.97
    - CVE-2020-6493: Use after free in WebAuthentication.
    - CVE-2020-6494: Incorrect security UI in payments.
    - CVE-2020-6495: Insufficient policy enforcement in developer tools.
    - CVE-2020-6496: Use after free in payments.
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed

chromium-browser (83.0.4103.61-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 83.0.4103.61
    - CVE-2020-6465: Use after free in reader mode.
    - CVE-2020-6466: Use after free in media.
    - CVE-2020-6467: Use after free in WebRTC.
    - CVE-2020-6468: Type Confusion in V8.
    - CVE-2020-6469: Insufficient policy enforcement in developer tools.
    - CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
    - CVE-2020-6471: Insufficient policy enforcement in developer tools.
    - CVE-2020-6472: Insufficient policy enforcement in developer tools.
    - CVE-2020-6473: Insufficient policy enforcement in Blink.
    - CVE-2020-6474: Use after free in Blink.
    - CVE-2020-6475: Incorrect security UI in full screen.
    - CVE-2020-6476: Insufficient policy enforcement in tab strip.
    - CVE-2020-6477: Inappropriate implementation in installer.
    - CVE-2020-6478: Inappropriate implementation in full screen.
    - CVE-2020-6479: Inappropriate implementation in sharing.
    - CVE-2020-6480: Insufficient policy enforcement in enterprise.
    - CVE-2020-6481: Insufficient policy enforcement in URL formatting.
    - CVE-2020-6482: Insufficient policy enforcement in developer tools.
    - CVE-2020-6483: Insufficient policy enforcement in payments.
    - CVE-2020-6484: Insufficient data validation in ChromeDriver.
    - CVE-2020-6485: Insufficient data validation in media router.
    - CVE-2020-6486: Insufficient policy enforcement in navigations.
    - CVE-2020-6487: Insufficient policy enforcement in downloads.
    - CVE-2020-6488: Insufficient policy enforcement in downloads.
    - CVE-2020-6489: Inappropriate implementation in developer tools.
    - CVE-2020-6490: Insufficient data validation in loader.
    - CVE-2020-6491: Incorrect security UI in site information.
  * debian/control: add build dependency on python-pkg-resources (needed for
    jinja2, since https://chromium.googlesource.com/chromium/src/+/312b6bf)
  * debian/rules: copy missing source file for gn build
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/gtk-symbols-conditional.patch: added
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/stl-util-old-clang-compatibility.patch: added
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/upstream-fix-build-atk-226.patch: removed, no longer needed
  * debian/patches/use-clang-versioned.patch: refreshed
  * debian/patches/use-old-mesa.patch: refreshed

Date: 2020-07-29 14:38:24.161811+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/chromium-browser/84.0.4147.105-0ubuntu0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list