[ubuntu/xenial-updates] chromium-browser 87.0.4280.66-0ubuntu0.16.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Dec 2 10:37:10 UTC 2020 

chromium-browser (87.0.4280.66-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 87.0.4280.66
    - CVE-2020-16018: Use after free in payments.
    - CVE-2020-16019: Inappropriate implementation in filesystem.
    - CVE-2020-16020: Inappropriate implementation in cryptohome.
    - CVE-2020-16021: Race in ImageBurner.
    - CVE-2020-16022: Insufficient policy enforcement in networking.
    - CVE-2020-16015: Insufficient data validation in WASM.
    - CVE-2020-16014: Use after free in PPAPI.
    - CVE-2020-16023: Use after free in WebCodecs.
    - CVE-2020-16024: Heap buffer overflow in UI.
    - CVE-2020-16025: Heap buffer overflow in clipboard.
    - CVE-2020-16026: Use after free in WebRTC.
    - CVE-2020-16027: Insufficient policy enforcement in developer tools.
    - CVE-2020-16028: Heap buffer overflow in WebRTC.
    - CVE-2020-16029: Inappropriate implementation in PDFium.
    - CVE-2020-16030: Insufficient data validation in Blink.
    - CVE-2019-8075: Insufficient data validation in Flash.
    - CVE-2020-16031: Incorrect security UI in tab preview.
    - CVE-2020-16032: Incorrect security UI in sharing.
    - CVE-2020-16033: Incorrect security UI in WebUSB.
    - CVE-2020-16034: Inappropriate implementation in WebRTC.
    - CVE-2020-16035: Insufficient data validation in cros-disks.
    - CVE-2020-16012: Side-channel information leakage in graphics.
    - CVE-2020-16036: Inappropriate implementation in cookies.
  * debian/rules: set chrome_pgo_phase build flag to 0 to disable PGO, because
    the upstream profile data is not compatible with the version of clang used
    to build chromium
  * debian/patches/default-allocator: refreshed
  * debian/patches/fix-different-language-linkage-error.patch: removed, no
    longer needed
  * debian/patches/fix-ptrace-header-include.patch: refreshed
  * debian/patches/gtk-symbols-conditional.patch: updated
  * debian/patches/revert-getrandom.patch: added
  * debian/patches/revert-newer-xcb-requirement.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/stl-util-old-clang-compatibility.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed

Date: 2020-11-17 22:25:13.546792+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/chromium-browser/87.0.4280.66-0ubuntu0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list