[Pkg-chromium-maint] Bug#761090: chromium: New upstream versions available

bs.net bs.net at gmx.de
Wed Sep 10 18:16:43 UTC 2014 

Package: chromium
Version: 35.0.1916.153-1~deb7u1

Following new upstream versions available:

1) 37.0.2062.120; 09/09/2014;  4 security fixes; 
http://googlechromereleases.blogspot.de/2014/09/stable-channel-update_9.html
2) 37.0.2062.094; 08/26/2014; 50 security fixes; 
http://googlechromereleases.blogspot.de/2014/08/stable-channel-update_26.html
3) 36.0.1985.143; 08/12/2014; 12 security fixes; 
http://googlechromereleases.blogspot.de/2014/08/stable-channel-update.html
4) 36.0.1985.125; 07/16/2014; 26 security fixes; 
http://googlechromereleases.blogspot.de/2014/07/stable-channel-update.html

In the four releases are fixes for following CVEs included:
 1) CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian 
Schneider.
 2) CVE-2014-3162: Various fixes from internal audits, fuzzing and other 
initiatives.
 3) CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne.
 4) CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-
Lavaud.
 5) CVE-2014-3167: Various fixes from internal audits, fuzzing and other 
initiatives.
 6) CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.
 7) CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.
 8) CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.
 9) CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.
10) CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey.
11) CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar.
12) CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte 
Kettunen from OUSPG.
13) CVE-2014-3175: Various fixes from internal audits, fuzzing and other 
initiatives (Chrome 37).
14) CVE-2014-3176: A special reward to lokihardt at asrt for a combination of 
bugs in V8, IPC, sync, and extensions that can lead to remote code execution 
outside of the sandbox.
15) CVE-2014-3177: A special reward to lokihardt at asrt for a combination of 
bugs in V8, IPC, sync, and extensions that can lead to remote code execution 
outside of the sandbox.
16) CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
17) CVE-2014-3179: Various fixes from internal audits, fuzzing and other 
initiatives

CVE scale => Critical: 2, High: 7, Medium: 4.

Please update chromium for Wheezy and Jessie asap.
Thank you!

More information about the Pkg-chromium-maint mailing list