[Pkg-chromium-commit] [pkg-chromium] 01/03: add CVE information to the changelog

Michael Gilbert mgilbert at moszumanska.debian.org
Wed Jan 31 02:15:42 UTC 2018 

This is an automated email from the git hooks/post-receive script.

mgilbert pushed a commit to branch master
in repository pkg-chromium.

commit b11c06e47934f25c518d44c662c19a665c628d03
Author: Michael Gilbert <mgilbert at debian.org>
Date:   Sun Dec 10 14:41:51 2017 +0000

    add CVE information to the changelog
---
 debian/changelog | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 75c4ac0..0c08b61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,29 @@
 chromium-browser (63.0.3239.84-1) unstable; urgency=medium
 
   * New upstream stable release.
+    - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
+    - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
+    - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
+    - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
+    - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
+    - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
+    - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
+      Viktor Brange
+    - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
+    - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
+      Max May
+    - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
+      Arvind Shah
+    - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
+      Jun Kokatsu
+    - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
+    - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
+      Greg Hudson
+    - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
+    - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
+    - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
+    - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
+      by Junaid Farhan
   * Update standards version to 4.1.2.
   * Stricter default master preferences.
   * Avoid showing the welcome page (closes: #857767).

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git

More information about the Pkg-chromium-commit mailing list