[Pkg-chromium-commit] [pkg-chromium] 03/03: release 64.0.3282.119-1~deb9u1

Michael Gilbert mgilbert at moszumanska.debian.org
Thu Feb 1 03:05:50 UTC 2018


This is an automated email from the git hooks/post-receive script.

mgilbert pushed a commit to branch stretch
in repository pkg-chromium.

commit c15d56a4cdab44701e14584932c9705cf83e576a
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Thu Feb 1 03:07:49 2018 +0000

    release 64.0.3282.119-1~deb9u1
---
 debian/changelog | 42 ++++++++++++++++++++++++++++++++++++++++++
 debian/rules     |  2 +-
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 93d992e..20d01ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,45 @@
+chromium-browser (64.0.3282.119-1~deb9u1) stretch-security; urgency=medium
+
+  * New upstream stable release.
+    - CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall
+    - CVE-2017-15429: UXSS in V8. Reported by Anonymous
+    - CVE-2018-6031: Use after free in PDFium. Reported by Anonymous
+    - CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun
+      Kokatsu
+    - CVE-2018-6033: Race when opening downloaded files. Reported by Juho
+      Nurminen
+    - CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein
+    - CVE-2018-6035: Insufficient isolation of devtools from extensions.
+      Reported by Rob Wu
+    - CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's
+      National Cyber Security Centre
+    - CVE-2018-6037: Insufficient user gesture requirements in autofill.
+      Reported by Paul Stone
+    - CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer
+    - CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen
+    - CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu
+    - CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera
+    - CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani
+    - CVE-2018-6043: Insufficient escaping with external URL handlers. Reported
+      by 0x09AL
+    - CVE-2018-6045: Insufficient isolation of devtools from extensions.
+      Reported by Rob Wu
+    - CVE-2018-6046: Insufficient isolation of devtools from extensions.
+      Reported by Rob Wu
+    - CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato
+      Kinugawa
+    - CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu
+    - CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu
+    - CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew
+    - CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso
+    - CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by
+      Tanner Emek
+    - CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset
+      Kabdenov
+    - CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu
+
+ -- Michael Gilbert <mgilbert at debian.org>  Wed, 31 Jan 2018 02:27:51 +0000
+
 chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium
 
   * New upstream stable release.
diff --git a/debian/rules b/debian/rules
index 44226bb..4688624 100755
--- a/debian/rules
+++ b/debian/rules
@@ -39,6 +39,7 @@ defines+=is_debug=false \
          use_gconf=false \
          use_sysroot=false \
          use_openh264=false \
+         use_jumbo_build=false \
          use_custom_libcxx=false \
          use_gnome_keyring=false \
          rtc_libvpx_build_vp9=false \
@@ -59,7 +60,6 @@ defines+=use_gio=true \
          use_pulseaudio=true \
          link_pulseaudio=true \
          enable_widevine=true \
-         use_jumbo_build=true \
          use_system_freetype=true \
          proprietary_codecs=true \
          ffmpeg_branding=\"Chrome\" \

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git



More information about the Pkg-chromium-commit mailing list