[ubuntu/yakkety-security] chromium-browser 58.0.3029.81-0ubuntu0.16.10.1345 (Accepted)

Chris Coulson chrisccoulson at ubuntu.com
Wed Apr 26 11:46:27 UTC 2017


chromium-browser (58.0.3029.81-0ubuntu0.16.10.1345) yakkety; urgency=medium

  * Upstream release: 58.0.3029.81
    - CVE-2017-5057: Type confusion in PDFium.
    - CVE-2017-5058: Heap use after free in Print Preview.
    - CVE-2017-5059: Type confusion in Blink.
    - CVE-2017-5060: URL spoofing in Omnibox.
    - CVE-2017-5061: URL spoofing in Omnibox.
    - CVE-2017-5062: Use after free in Chrome Apps.
    - CVE-2017-5063: Heap overflow in Skia.
    - CVE-2017-5064: Use after free in Blink.
    - CVE-2017-5065: Incorrect UI in Blink.
    - CVE-2017-5066: Incorrect signature handing in Networking.
    - CVE-2017-5067: URL spoofing in Omnibox.
    - CVE-2017-5069: Cross-origin bypass in Blink.
  * debian/patches/arm.patch: removed, no longer needed
  * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
  * debian/patches/screen_capturer: removed, no longer needed (upstreamed)
  * debian/patches/default-allocator: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default: refreshed
  * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/snapshot-library-link: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/fix-gn-bootstrap.patch: added
  * debian/rules: disable the use of Vulcanize, the required node.js modules
    are not readily available

chromium-browser (57.0.2987.98-0ubuntu1) UNRELEASED; urgency=medium

  * Upstream release: 57.0.2987.98.
    - CVE-2017-5030: Memory corruption in V8.
    - CVE-2017-5031: Use after free in ANGLE.
    - CVE-2017-5032: Out of bounds write in PDFium.
    - CVE-2017-5029: Integer overflow in libxslt.
    - CVE-2017-5034: Use after free in PDFium.
    - CVE-2017-5035: Incorrect security UI in Omnibox.
    - CVE-2017-5036: Use after free in PDFium.
    - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
    - CVE-2017-5039: Use after free in PDFium.
    - CVE-2017-5040: Information disclosure in V8.
    - CVE-2017-5041: Address spoofing in Omnibox.
    - CVE-2017-5033: Bypass of Content Security Policy in Blink.
    - CVE-2017-5042: Incorrect handling of cookies in Cast.
    - CVE-2017-5038: Use after free in GuestView.
    - CVE-2017-5043: Use after free in GuestView.
    - CVE-2017-5044: Heap overflow in Skia.
    - CVE-2017-5045: Information disclosure in XSS Auditor.
    - CVE-2017-5046: Information disclosure in Blink.
  * debian/patches/arm64-support no longer needed
  * debian/patches/stdatomic: Support gcc48.
  * debian/patches/snapshot-library-link: Add missing libsnapshot link
  * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
  * debian/control: Drop binary arch "any" and explicitly list four.
  * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
    compilers.
  * debian/rules: Fix armhf float ABI and remove unnecessary envvars.
    (LP: #1673276)

Date: 2017-04-24 09:40:15.564527+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/58.0.3029.81-0ubuntu0.16.10.1345
-------------- next part --------------
Sorry, changesfile not available.


More information about the Yakkety-changes mailing list