News for package chromium-browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: chromium-browser
Binary: chromium, chromium-l10n, chromium-shell, chromium-widevine, chromium-driver, chromedriver
Architecture: i386 amd64 arm64 armhf all
Version: 68.0.3440.75-1~deb9u1
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Uploaders:  Michael Gilbert <mgilbert@debian.org>, Riku Voipio <riku.voipio@linaro.org>
Homepage: http://www.chromium.org/Home
Standards-Version: 3.9.8
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git
Vcs-Git: git://anonscm.debian.org/pkg-chromium/pkg-chromium.git
Build-Depends: debhelper (>= 9), python3, pkg-config, ninja-build, python-jinja2, ca-certificates, wget, flex, yasm, xvfb, wdiff, gperf, bison, valgrind, xz-utils, x11-apps, xfonts-base, libglewmx-dev, libgl1-mesa-dev, libglu1-mesa-dev, libegl1-mesa-dev, libgles2-mesa-dev, mesa-common-dev, libxt-dev, libre2-dev, libgbm-dev, libpng-dev, libxss-dev, libelf-dev, libvpx-dev, libpci-dev, libcap-dev, libdrm-dev, libicu-dev, libffi-dev, libkrb5-dev, libexif-dev, libflac-dev, libudev-dev, libopus-dev, libwebp-dev, libxtst-dev, libsrtp-dev, libjpeg-dev, libxml2-dev, libgtk-3-dev, libgtk2.0-dev, libxslt1-dev, libpulse-dev, libpam0g-dev, libsnappy-dev, libgconf2-dev, libavutil-dev, libavcodec-dev (>= 7:3.0), libavformat-dev, libglib2.0-dev, libasound2-dev, libsqlite3-dev, libjsoncpp-dev, libspeechd-dev (>= 0.8.4), libminizip-dev, libhunspell-dev, libharfbuzz-dev (>= 1.2.7), libusb-1.0-0-dev, libopenjp2-7-dev, libmodpbase64-dev, libgnome-keyring-dev, libnss3-dev (>= 3.12.3), libnspr4-dev (>= 2:4.9), libcups2-dev (>= 1.5.0), libevent-dev (>= 1.4.13), libjs-jquery, libjs-excanvas, libjs-jquery-flot, libgcrypt20-dev, fonts-ipafont-gothic, fonts-ipafont-mincho
Package-List:
 chromedriver deb web optional arch=i386,amd64,arm64,armhf
 chromium deb web optional arch=i386,amd64,arm64,armhf
 chromium-driver deb web optional arch=i386,amd64,arm64,armhf
 chromium-l10n deb localization optional arch=all
 chromium-shell deb web optional arch=i386,amd64,arm64,armhf
 chromium-widevine deb contrib/web optional arch=i386,amd64,arm64,armhf
Checksums-Sha1:
 72e6cf3875b0b03df551cb94ba5df20f2d7ea8e2 209142896 chromium-browser_68.0.3440.75.orig.tar.xz
 c8c833da09f114dbb26969bbc66fee96354f08be 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz
Checksums-Sha256:
 d5b196eab81459271f4ae98bcb96c6ce032f8c3bce53a111d6c47d99a3c09575 209142896 chromium-browser_68.0.3440.75.orig.tar.xz
 08be23658a0fb27dcd36957b04896d98d7c38b3f8f73dc85a167c4f6befd73aa 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz
Files:
 7d48d695075a2c034bb58d830ed21ac7 209142896 chromium-browser_68.0.3440.75.orig.tar.xz
 2ee75338a5fdb36a7cc12720e3a4a0dd 144580 chromium-browser_68.0.3440.75-1~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaWEYACgkQuNayzQLW
9HN35B/9EYnb124QvzMTRRixw31qcZzvRbKN6gyRVON4uW0Ca92rB6/b+wGlP7+U
Ok8mPfnDnfqGHTEwmfXTp6K/KcXUcFvFtvKKZFvjNaeCMMs1o5Ztdt7kv9ZZ33pv
aQ07Uc9qd2EuIPHnGq+y5LBlpC7OURmhORyPx+7gJCBmZKFPA4U5lEhzAIWFEsk4
4XhaYKj51vPHz31s2+KYG3NiyWu0aQyV0q/v7/NuaU3enCjI9UI+FPbz+gmx789h
FZWvH377wGYKm5lplqIsW85IqK1crDH8ywx2CsA0BA0f/aWq/BYAJqU+67qrpmIw
9aL70Oy/O9xxOWAy63VE82MUHFZoMWzeNO67bTbhHNzNXSXz9OcT1cuCtV9Wd+MK
tmH7kFgxzjA9iqUbmA9z2Q1TgnLfAZhgE22NDJlFR1wQq5dImx0M4kCVhnpK7Tic
iRuNT6+/G6yFig5r/CQZkXNvmT+2eVd5qAo41/gs1TMmaJ32zz8fYxxOKbBnr1lC
Ro5BS1O83yrk4g//i1hbxpfsVLmTU7ERZ6SRG8gqZ9HEZnJW1dViJ63MkdRfARLN
hXMRZZDTlxDRO8O32JRHI9H1ZHpeKxi/82U4AMerhgReQXTlWPxxliIld6N/wmiY
HKBYXK0MtgyHeC3TLGJeDlFl8IOrTpSM7oTMm0aKkMM8qYWn5VCW5bcH41lyipOK
c91Cn+IrEfuKp9afBfi3pPLhXkT1c2FKhVGMIMpJt69/Ov91qczYX9uiR6YnbLWd
zTxiW476p1OoKOJoAVRJvevbjEh1NSOTLMO+VLs2Mj6496eCqUf4xfnov9xZIKeK
euqRTK9DOyRuVJH1AGrPKaD8NVUcbIptbjT1IZ3R1L2eo+CHCvKNUPoFf5u6j+33
DYgmOCBSXYyQlIW0p1v/LMssWGvY/6n450tId7/WSH7ht2RpmPIKtWclFf3QEs7a
LcqtfBslAp7seKZyv6xnnlAE5XpPgmAMmGlW96vQVxzR8XQMa/tDTRVK38gheB27
TiDcSL17H1Cd31UXjRHDj3Bighirkl+FPpZexEXpmrdK5+h8R4SrfAXwpHW4jsI7
ClMB3TmRX3IZ/wiCXvdLPUAVUmhYhTkH5t66kOdS+qBCohB4AijwUrKe0pVVzaDE
vpnkvmVetPYkGGtXpghBLJRxOceMlPeLlcXMab8oMYItrwLQxxTvUAqcvTw23Jnb
scCasfS+vXbZoXryad3r38MWkDI6nRoxaGRGQQdfgIhvtX+N8V0KM+RnhxbU/STS
egxYNd2LOWsvynZE4GHWOYYZlaBO06qdTB54mR7CtK88KtL1o0jYKmTwkfUI7a4o
2hrV61zj0eFfGvEiy9mILlVjulGzMw==
=RTzB
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
chromium-browser (68.0.3440.75-1~deb9u1) stretch-security; urgency=medium

  * New upstream stable release.
    - CVE-2018-4117: Cross origin information leak in Blink. Reported by
      AhsanEjaz
    - CVE-2018-6044: Request privilege escalation in Extensions . Reported by
      Rob Wu
    - CVE-2018-6150: Cross origin information disclosure in Service Workers.
      Reported by Rob Wu
    - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu
    - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu
    - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou
    - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair
    - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich
    - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie
      Silvanovich
    - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich
    - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by
      Jun Kokatsu
    - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun
      Kokatsu
    - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair
    - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by
      Jun Kokatsu
    - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0
    - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang
    - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang
    - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y.
      Huang
    - CVE-2018-6169: Permissions bypass in extension installation . Reported by
      Sam P
    - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand
    - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by
      Jann Horn
    - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron
      Masas
    - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani
    - CVE-2018-6179: Local file information leak in Extensions.
  * Correct a regression in audio/video file handling caused by the ffmpeg 3.4
    support patch introduced in the previous security upload (closes: #902909).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 15 Jul 2018 20:09:38 +0000