News for package chromium-browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: chromium-browser
Binary: chromium, chromium-l10n, chromium-shell, chromium-widevine, chromium-driver, chromedriver
Architecture: i386 amd64 arm64 armhf all
Version: 69.0.3497.81-1~deb9u1
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Uploaders:  Michael Gilbert <mgilbert@debian.org>, Riku Voipio <riku.voipio@linaro.org>
Homepage: http://www.chromium.org/Home
Standards-Version: 3.9.8
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git
Vcs-Git: git://anonscm.debian.org/pkg-chromium/pkg-chromium.git
Build-Depends: debhelper (>= 9), python3, pkg-config, ninja-build, python-jinja2, ca-certificates, wget, flex, yasm, xvfb, wdiff, gperf, bison, valgrind, xz-utils, x11-apps, xfonts-base, libglewmx-dev, libgl1-mesa-dev, libglu1-mesa-dev, libegl1-mesa-dev, libgles2-mesa-dev, mesa-common-dev, libxt-dev, libre2-dev, libgbm-dev, libpng-dev, libxss-dev, libelf-dev, libvpx-dev, libpci-dev, libcap-dev, libdrm-dev, libicu-dev, libffi-dev, libkrb5-dev, libexif-dev, libflac-dev, libudev-dev, libopus-dev, libwebp-dev, libxtst-dev, libsrtp-dev, libjpeg-dev, libxml2-dev, libgtk-3-dev, libgtk2.0-dev, libxslt1-dev, libpulse-dev, libpam0g-dev, libsnappy-dev, libgconf2-dev, libavutil-dev, libavcodec-dev (>= 7:3.0), libavformat-dev, libglib2.0-dev, libasound2-dev, libsqlite3-dev, libjsoncpp-dev, libspeechd-dev (>= 0.8.4), libminizip-dev, libhunspell-dev, libharfbuzz-dev (>= 1.2.7), libusb-1.0-0-dev, libopenjp2-7-dev, libmodpbase64-dev, libgnome-keyring-dev, libnss3-dev (>= 3.12.3), libnspr4-dev (>= 2:4.9), libcups2-dev (>= 1.5.0), libevent-dev (>= 1.4.13), libjs-jquery, libjs-excanvas, libjs-jquery-flot, libgcrypt20-dev, fonts-ipafont-gothic, fonts-ipafont-mincho
Package-List:
 chromedriver deb web optional arch=i386,amd64,arm64,armhf
 chromium deb web optional arch=i386,amd64,arm64,armhf
 chromium-driver deb web optional arch=i386,amd64,arm64,armhf
 chromium-l10n deb localization optional arch=all
 chromium-shell deb web optional arch=i386,amd64,arm64,armhf
 chromium-widevine deb contrib/web optional arch=i386,amd64,arm64,armhf
Checksums-Sha1:
 0695bbc23da4160e9ce0e4dc43e1ea71ac4dbf0a 237086156 chromium-browser_69.0.3497.81.orig.tar.xz
 4702c7f7e6b9264f48c993f055a50d37baf7cc96 143180 chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz
Checksums-Sha256:
 4eea1bbf8555ab56c9f93d2bde6541c30ab80d8f2d708ed39c9b0d52667658ee 237086156 chromium-browser_69.0.3497.81.orig.tar.xz
 ff5f450dc00465fbd89bedd5a4997ef5d5d974352a54fc01c7f26d3db86a449e 143180 chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz
Files:
 75670f17fa49b226a78391390ebca1d9 237086156 chromium-browser_69.0.3497.81.orig.tar.xz
 8a3cc52c5be20c61d2add6cf64e4dada 143180 chromium-browser_69.0.3497.81-1~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluSdIYACgkQuNayzQLW
9HO/BB//eJu6mkn85re+6+pKmbW6jFPdkeB4k5iHpPOUos5mpucFD4o/2iAM+u6G
HRhsrj0nUVFC6TUV9au/VP1orV0P9onirgqeel9drQFM6Mj82BOY/DDXaVEbv6Ys
+Dmwxrw7NobcTeoIUtRtI8MU6krk9zMzz9vSjR+qJUzbHcz2mvSza4GCPM6kYY1/
RiD55hCYVzCvNBs+A+MHg3M4aQ0fkFQ23rKM4KTU6fq6iTdyppqbTPJY6/hXTgxR
KW55JaMvLiKbQQjnXVFoFZQY6zh4VRSGSsZSgtiM4ESkoaofXcZ3j7oC3UL4HQIC
posj3+7UKr1BWTFL4Vver5yDf7SW99y47AKKHyUoDC36uWiz86mZcshXX3+Wndcm
F9JHJrk96dJIu0W6j/VuHTFSiWDOuLvWyWafvbXLG4M5W2UP/XAcO5YY3HACuy/0
BGxWUdOudEuXX8Ek6ckpgWYkoahS8Fxe5tYzK2iAhHT4TeJYJO7yNPELWKZvOxEQ
lqy566QBkm+U/y4NS0f0CCbQUYvZhbhwaqikiVSWjC5kmEAqVmvJfK8owvRABm9V
b+nghtp5b1CORYliyI2BGn40eu8JtE5US43rqRBk7xDpskuo40b2ztqbHjnkDaRC
XZ/tKfWGBHuNI9bdsrauPBlLHoI5pavWU+KBFlQ2kBerFIFMFywsGLLo5ruvH+Rb
fl99bneJS305ZoNuuhoevevbq3AQCBQX1jc9AU7R+Caf9gFi8LRu6XDAzK/GdMWN
JSrvSLMCOsPSpMHzh4Uiwea8BXk48jQ8AIJMeRhCsDmm9wArLFt+fjrm4f1aIZTK
e6Y3kSWRtPmNke36jPoWD1kC36K/gxNSHGDNJW3FdIkaEuZ22gZyANN/hDQLWOC1
WZQgtkodDEQul7V/wiW5gpNujRd3aWcfh5l4DO7cvyFZknTcrucC9cgjOhojL0tX
qogdQP12CFy6fHlWthSc1Vsrih+4nP/6E9sd0QYpvwEigO6N+y4xvsmJvn+jL7PA
zl6WVkM2UKdaplxCpOoDsXm7/jvLL4iY+RuE4pSRpyNm/3aeRoljRSLYWi99Qmls
Po8xeoMmwCLkL/sWWJJFSF8cV6VxN7nVnY9uEH5ndBEWde5iPSOmxAZQe/tNg72L
UtME2dfKhMbQTyud3gyIGoW+5K1fM1gP1eS0hqdzTWTjWBkTQSr0S4qKQUBBsjjS
tpcHlPZY2TVGL6CRZftSUB4QIQ30cGvcP3V+85WOBuKTqszlajfl2ZrcBiH2lNj0
9LPV1QNS4876GYu9YPk2zTcidM5nfRJV68HkgDl0RcZE9ThDRfT5TxGEuqjGa+kc
Ycl+hqfvdHYMS8xwDKatfMEQZxeJog==
=Mhgq
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
chromium-browser (69.0.3497.81-1~deb9u1) stretch-security; urgency=medium

  * New upstream stable release.
    - CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka
    - CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer
    - CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin
    - CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand
    - CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand
    - CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric
    - CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich
    - CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun
      Kokatsu
    - CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun
      Kokatsu
    - CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila
    - CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar
      Nikolic
    - CVE-2018-16077: Content security policy bypass in Blink. Reported by
      Manuel Caballero
    - CVE-2018-16078: Credit card information leak in Autofill. Reported by
      Cailan Sacks
    - CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus
      Vervier and Michele Orrù
    - CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani
    - CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn
    - CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair
    - CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie
      Silvanovich
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
      Reported by Jun Kokatsu
    - CVE-2018-16085: Use after free in Memory Instrumentation. Reported by
      Roman Kuksin
  * Replace files from chromium-common on upgrade (closes: #904798).
  * Fix build failure on arm64 caused by binutils in stretch (closes: #904796).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 12 Aug 2018 01:10:32 +0000