[Pkg-chromium-commit] [pkg-chromium] 01/03: add CVE information to the changelog
Michael Gilbert
mgilbert at moszumanska.debian.org
Wed Jan 31 02:15:42 UTC 2018
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch master
in repository pkg-chromium.
commit b11c06e47934f25c518d44c662c19a665c628d03
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sun Dec 10 14:41:51 2017 +0000
add CVE information to the changelog
---
debian/changelog | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 75c4ac0..0c08b61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,29 @@
chromium-browser (63.0.3239.84-1) unstable; urgency=medium
* New upstream stable release.
+ - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
+ - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
+ - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
+ - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
+ - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
+ - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
+ - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
+ Viktor Brange
+ - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
+ - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
+ Max May
+ - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
+ Arvind Shah
+ - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
+ Jun Kokatsu
+ - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
+ - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
+ Greg Hudson
+ - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
+ - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
+ - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
+ - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
+ by Junaid Farhan
* Update standards version to 4.1.2.
* Stricter default master preferences.
* Avoid showing the welcome page (closes: #857767).
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list