[Pkg-chromium-maint] chromium-browser_62.0.3202.75-1~deb9u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Sun Nov 12 15:32:13 UTC 2017

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Nov 2017 03:09:35 +0000
Source: chromium-browser
Binary: chromium chromium-l10n chromium-shell chromium-widevine chromium-driver chromedriver
Architecture: source
Version: 62.0.3202.75-1~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint at lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert at debian.org>
Description:
 chromedriver - web browser - WebDriver support transitional package
 chromium   - web browser
 chromium-driver - web browser - WebDriver support
 chromium-l10n - web browser - language packs
 chromium-shell - web browser - minimal shell
 chromium-widevine - web browser - widevine content decryption support
Changes:
 chromium-browser (62.0.3202.75-1~deb9u1) stretch-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous
     - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous
     - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen
     - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen
     - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair
     - CVE-2017-5129: Use after free in WebAudio. Reported by Omair
     - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous
     - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by
       Gaurav Dewan
     - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar
       Nikolic
     - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu
     - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu
     - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind
       Shah
     - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr
     - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang
     - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by
       João Lucas Melo Brasio
     - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
       Reported by Xiaoyin Liu
     - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin
     - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam
     - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by
       Johannes Bergman
     - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng
Checksums-Sha1:
 c49e9bb1bfcce1e6bc027f5f2cae17ac1d008917 4352 chromium-browser_62.0.3202.75-1~deb9u1.dsc
 d74022d1e7d811dbb066dd1a9661e36f019df094 466908680 chromium-browser_62.0.3202.75.orig.tar.xz
 4e78cce275c0c2ad6b6ed4f5d8f1c934c9ddd4d6 133584 chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz
 51b5f5754d947798bbfdc3810b6604c0e2575864 19560 chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo
Checksums-Sha256:
 41e70ae457f96f08d39fe8da982f15a89bdb751cbfd4a8b88d0ec1ce755b888b 4352 chromium-browser_62.0.3202.75-1~deb9u1.dsc
 b45f623b78603574d6f8b2e06c6c9a8c648c2144d96d66d3fd86af0763e45045 466908680 chromium-browser_62.0.3202.75.orig.tar.xz
 5d9a759fe10b30a6a303cae49cdebfcb1edd4d0063f9defe27d1b30a8677b507 133584 chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz
 be06bb85d5478c374a93475c2d6b31999ccfa6803225d6addb3072b5f430cf8c 19560 chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo
Files:
 6870826dd2cdf292f0b23329a35d33e6 4352 web optional chromium-browser_62.0.3202.75-1~deb9u1.dsc
 0fa998f5567cea973263988bbf0e950c 466908680 web optional chromium-browser_62.0.3202.75.orig.tar.xz
 6bf476adc04b30d2df1e06b30cee89ff 133584 web optional chromium-browser_62.0.3202.75-1~deb9u1.debian.tar.xz
 18f384fb9810e49c4dff903357506a9b 19560 web optional chromium-browser_62.0.3202.75-1~deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAln+97kACgkQuNayzQLW
9HPONx/+P+cF/vEFhwkDSGq+NRXJafL+U1gGoPg0fcGg/trNm+3YYKlZxuqzaiJB
AFHyF7e2273b62WkYjeFjjqbLIYIGEWMAamlCJbhRnFsTo//HgqBaRau2oApA60p
rXVW2AN65PJZ+MVlJkYHJtXVAOISzNv0Rjd+V2iyk+QZJO0iMlCZchO0tPSTzjA7
2krMzkNblyComzBiLT8ln84qtszLx91BQSuYHg+vlvSab+EkWEBgX33XkfqLSX1I
Qk/gqcsUn9+PeaCoNYZJ0kTNMq7th21xHpW+nVGwP+v+qbyE7lPCSVKb+UzuZ3A2
sNVutNL4Js6IGaYeEZXypX24Y0kGmXxGJr7j3D/047MzjuF0IxZWrsHdxgXPFz1b
9DEFhp1w3Asogg9GK4IzH73ltwYp6+FeBraUlTHO4zr1szCD7z+2G4eknNkfsuSn
lvZDpYYrbGd5CdrcvkSGlNvh4h6MYF8SAl7OpMf7rmsPK3qwxZshXIeCWVXkf7Dk
GkIdOQ3k3AOulEKBoyH54u+EGK2UR7I18nuXjfPdCKiyl2DBlViyCalBGFsYeIBm
GKN2mTITbb+JdBRN1Gt3xU8ASMrvvZwzKi5HBAvoWnZzVkFXtqR8sphVFaXvAOo5
Ox8fGGiA3jUvgXCznXrNptPjibZC6LCqCmeDoXnawqE60jYCHaWioLg6q363+qpL
kxQucnHNj0lY3u9gwsxLTcyxTCjtEB04inBl94o3eRi9bkep2jl7P7GZpkIB25Hs
big/ynRoBBlZHIILWWHPydAnvfV5PDBiIFsq+xZfSFoObQRdau6exbfO+pMCCwcw
anBs/eFLS1F3+I9Y4+HeQm2arh/dq9+eUKy8fZm9wzMYKUncF4n51PWraZwc26Jv
5Je0v8DHUaKH6mvPjxH7E3VGv8XxZm9UvZTSj75HCkZV+q+yR6B94P5dQ+FJNAaa
nb3NynHwN4MAloyi01Yf7CS/aisUGGRlDmH2e1TeqXjsQQmn4Tp3+EGVJQ0EAQXY
dV2o4HN6ff3WmeVjc9tUGl3I8ae+BNkhu2/zvKeYi6qc3gn7GfXSxcHLrS3PGoRg
Rfjp5mzuoP7LXPZsCkehvQ206Yv0pXt0FqUuD/7vfQRzuwqyBHiFvdFd4RpsW/0p
NHCKCyKA9QsfmoqtafwoOx7Nt5WkV7ZYsEM344OeWWn8L/2QGnIwek54n524P3oP
gvNvQqUvuQ40meR/fn+/v+MvPYQUISfKJKM3HQVEiaAL9/6/W37M44THyJKp4fn2
5zdP/pLlTaXZKzAaPsJ9E1Qn0j0qTMSyq0dgJbkvFKThvUxT2POHgwn7fRo/cXmj
j4a3LYiyySgaMz3uPHmfRSOKlTtt8w==
=nP55
-----END PGP SIGNATURE-----

Thank you for your contribution to Debian.