News for package chromium-browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: chromium-browser
Binary: chromium, chromium-l10n, chromium-shell, chromium-widevine, chromium-driver, chromedriver
Architecture: i386 amd64 arm64 armhf all
Version: 63.0.3239.84-1~deb9u1
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Uploaders:  Michael Gilbert <mgilbert@debian.org>, Riku Voipio <riku.voipio@linaro.org>
Homepage: http://www.chromium.org/Home
Standards-Version: 3.9.8
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git
Vcs-Git: git://anonscm.debian.org/pkg-chromium/pkg-chromium.git
Build-Depends: debhelper (>= 9), python3, pkg-config, ninja-build, python-jinja2, ca-certificates, wget, flex, yasm, xvfb, wdiff, gperf, bison, valgrind, xz-utils, x11-apps, xfonts-base, libglewmx-dev, libgl1-mesa-dev, libglu1-mesa-dev, libegl1-mesa-dev, libgles2-mesa-dev, mesa-common-dev, libxt-dev, libre2-dev, libgbm-dev, libpng-dev, libxss-dev, libelf-dev, libvpx-dev, libpci-dev, libcap-dev, libdrm-dev, libicu-dev, libffi-dev, libkrb5-dev, libexif-dev, libflac-dev, libudev-dev, libopus-dev, libwebp-dev, libxtst-dev, libsrtp-dev, libjpeg-dev, libxml2-dev, libgtk-3-dev, libgtk2.0-dev, libxslt1-dev, libpulse-dev, libpam0g-dev, libsnappy-dev, libgconf2-dev, libavutil-dev, libavcodec-dev (>= 7:3.0), libavformat-dev, libglib2.0-dev, libasound2-dev, libsqlite3-dev, libjsoncpp-dev, libspeechd-dev (>= 0.8.4), libminizip-dev, libhunspell-dev, libharfbuzz-dev (>= 1.2.7), libusb-1.0-0-dev, libmodpbase64-dev, libgnome-keyring-dev, libnss3-dev (>= 3.12.3), libnspr4-dev (>= 2:4.9), libcups2-dev (>= 1.5.0), libevent-dev (>= 1.4.13), libjs-jquery, libjs-excanvas, libjs-jquery-flot, libgcrypt20-dev, fonts-ipafont-gothic, fonts-ipafont-mincho
Package-List:
 chromedriver deb web optional arch=i386,amd64,arm64,armhf
 chromium deb web optional arch=i386,amd64,arm64,armhf
 chromium-driver deb web optional arch=i386,amd64,arm64,armhf
 chromium-l10n deb localization optional arch=all
 chromium-shell deb web optional arch=i386,amd64,arm64,armhf
 chromium-widevine deb contrib/web optional arch=i386,amd64,arm64,armhf
Checksums-Sha1:
 f5e73f37f5d629eba5f56a2ce2bf1cfe469100a6 453410544 chromium-browser_63.0.3239.84.orig.tar.xz
 5083088abd66483b2d2221bcc48551b09116c1d6 134112 chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz
Checksums-Sha256:
 70ba5f11dcf433c35ff964ca65f138e9faaf5f2c7c1980c8a4a1f79ca9c176a4 453410544 chromium-browser_63.0.3239.84.orig.tar.xz
 91e9f1b2edebd2e220058af8b8088d9924d421b75f5dd73b86ea9e39dbd55caa 134112 chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz
Files:
 be13fd185f0de5835f2fddb8041ff9ad 453410544 chromium-browser_63.0.3239.84.orig.tar.xz
 2dd75865e8753ab96e0f2a1b1fbc3ec2 134112 chromium-browser_63.0.3239.84-1~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlotrb4ACgkQuNayzQLW
9HOQHB//SYuXBzQAQ6UUUSVPZdPI5VxsBjN9bnCdU1SIViuAKBlkV43n/pmB6L3c
PxG+H/TnVoGJ5N2ad4mW4rfFuLN5lnIbdRXK1qlIcnovct2ziEYTr2/gTzvLXdjw
k/A1ZSOQzku8jVQ3ipb3j78dJaTKKqh2nJLB0wUkfom2TEkXyslopiHc1Z10rkDn
DPcyG5kQvyux7IDJmf3+S5DkomTvwc49qU4IPiXyBe+4YblXYy9DpT08EJd4BByY
aYtFYC9Vvz4wFjwBeyoAKdUuBbBg2dZGl+tbvenH6Exa9gvkkX2YKikviMg78r87
X9DNZXrhwh1JqhzL64S3eKlEFC5nPYTAImvLJwTZtizlLCL6CTMxJLqqsTuSjXOd
9lHs1JMAySCaPNt2NvivWLC34z/lI4GenVwR3cei9X642ILJgeZe386tRVZ4nbD5
zUk+fTohF6+9eKO2bqETC8lz0kNxYNbQP+dqMJBRgQOwk+9sVIxkQfTlKpDbWjAs
LGiIi2iZQVNTsJEPq96d1tfXQKsim1z6PIeXRVHIs0J/DyANA8GLjW0FSS9ArIvD
IFhE/fSXJkgmpxfwwofhxVthXbHUKSWSlf8bzISh/Fiml0h0r1G7i4X0RnGapnv0
D/VcTYmBerlBUaFSW8GR/P3PwbV0IwN7gGfqaTlsID9n9PwHQkCmTrmGoYJ79o/5
9QWlheRhrZqnZJYyZHoN7utaQ5TzHgs3zV2DzOVFshNBPszawZz5zlbSsEozE0bR
FtgkJB/pjX+j3u0kZu0waYucYJP8603GlynAfg/Mm7uvvcESnPIaKKZeqxEjoRlE
HidX7mdOAJqSWBN//9EDLG4o5Uy8Q5MYcRhvsFu0Mh8KuVrPn1VJL4e1IZcw4mDr
qbxv7uyBRPmtsAbwB2bA0MZg9iNlpNsYukMQ40iEF2Bg0KFsVV8O2Dui6zhyr2Jd
pUfEYwxZbrQQBtZnyBZByLLjtPl8FVgyYA+4syWf3xN737QFS/6H/zEC+vWU6mVf
JmLfJChGqMYA6X985NP5Q8anR4RwW8hVZX/JUuLwzbRVb8zIVc8O8jic8ufKi9TJ
eifRXQTFQhBjXcOxyk8/F60D7p16Xl3kXsnGqHoywUfhDXJ2pRkFsZfjtmZnrMma
EHD+BUCBBkO7mgqpNl3W/vXy/z2zIrR2Hw2OXg8VmFKVhsO79BC3CEzT6+Dq0jY2
8NYLkzOjJ/67l4idOG02hFNKt0xKyPnf88uEysorFJOCE81/7xk6M7HhSxsJpKAh
aFpYoN9WvjWGh6tXEf7LkSSpjDE4882VQAOs9I6/zew+6vA1g+UdYoVJuWxUSgje
KSWXkLfzGNJ2Bqbf5tt7tHIA6C20Hg==
=DzlC
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium

  * New upstream stable release.
    - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
    - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
    - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
    - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
    - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
    - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
    - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
      Viktor Brange
    - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
    - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
      Max May
    - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
      Arvind Shah
    - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
      Jun Kokatsu
    - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
    - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
      Greg Hudson
    - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
    - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
    - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
      by Junaid Farhan

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 03 Dec 2017 15:26:02 +0000