News for package chromium-browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: chromium-browser
Binary: chromium, chromium-l10n, chromium-shell, chromium-widevine, chromium-driver, chromedriver
Architecture: i386 amd64 arm64 armhf all
Version: 71.0.3578.80-1~deb9u1
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Uploaders:  Michael Gilbert <mgilbert@debian.org>, Riku Voipio <riku.voipio@linaro.org>
Homepage: http://www.chromium.org/Home
Standards-Version: 3.9.8
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git
Vcs-Git: git://anonscm.debian.org/pkg-chromium/pkg-chromium.git
Build-Depends: debhelper (>= 9), python3, pkg-config, ninja-build, python-jinja2, ca-certificates, wget, flex, yasm, xvfb, wdiff, gperf, bison, valgrind, xz-utils, x11-apps, xfonts-base, libglewmx-dev, libgl1-mesa-dev, libglu1-mesa-dev, libegl1-mesa-dev, libgles2-mesa-dev, mesa-common-dev, libxt-dev, libre2-dev, libgbm-dev, libpng-dev, libxss-dev, libelf-dev, libvpx-dev, libpci-dev, libcap-dev, libdrm-dev, libicu-dev, libffi-dev, libkrb5-dev, libexif-dev, libflac-dev, libudev-dev, libopus-dev, libwebp-dev, libxtst-dev, libsrtp-dev, libjpeg-dev, libxml2-dev, libgtk-3-dev, libgtk2.0-dev, libxslt1-dev, libpulse-dev, libpam0g-dev, libsnappy-dev, libavutil-dev, libavcodec-dev (>= 7:3.0), libavformat-dev, libglib2.0-dev, libasound2-dev, libsqlite3-dev, libjsoncpp-dev, libspeechd-dev (>= 0.8.4), libminizip-dev, libhunspell-dev, libharfbuzz-dev (>= 1.2.7), libusb-1.0-0-dev, libopenjp2-7-dev, libmodpbase64-dev, libgnome-keyring-dev, libnss3-dev (>= 3.12.3), libnspr4-dev (>= 2:4.9), libcups2-dev (>= 1.5.0), libevent-dev (>= 1.4.13), libjs-jquery, libjs-excanvas, libjs-jquery-flot, libgcrypt20-dev, fonts-ipafont-gothic, fonts-ipafont-mincho
Package-List:
 chromedriver deb web optional arch=i386,amd64,arm64,armhf
 chromium deb web optional arch=i386,amd64,arm64,armhf
 chromium-driver deb web optional arch=i386,amd64,arm64,armhf
 chromium-l10n deb localization optional arch=all
 chromium-shell deb web optional arch=i386,amd64,arm64,armhf
 chromium-widevine deb contrib/web optional arch=i386,amd64,arm64,armhf
Checksums-Sha1:
 f1a813d96fc272943a82a78adcaf214adb8aeecb 197203632 chromium-browser_71.0.3578.80.orig.tar.xz
 0db13d6ab8a1bdab77d50cfc49d01f8554639297 160064 chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz
Checksums-Sha256:
 d065973886eb8fa622102c5254b480fc5c9c8e042674139efb75bd4235a9676f 197203632 chromium-browser_71.0.3578.80.orig.tar.xz
 9247b74662d3f0d26fb2fdab56480637a27f25c6d080ce3266421b90c6f42fa1 160064 chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz
Files:
 b1cdde04ca22df99df7cf49e6453c750 197203632 chromium-browser_71.0.3578.80.orig.tar.xz
 11152245678c5a3fd2f6880d998a39dd 160064 chromium-browser_71.0.3578.80-1~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlwJ9iEACgkQuNayzQLW
9HPxTh//TRiKk6JwgNyx+5mAbuPm02QWt0GXmNDCUAReo4PcwoFREeCp2UJfd3UG
aJ23EwdI/P0OMiFdcUUn8vWOQqzoDTjy2xk3fscvgYkxmLczKsqOg7goCqIVofZP
xoQPvfl3dChv5/bLPcyhnmVazVL3lTuDRGjqpF0h6cj4Fv26XnhUdEDD4hJhbnvT
2QO26LqzksGm2xeQCrOgkKjKxxHDulixG7Jar36WxTN+b9T0uDveZz015V6/502r
S5Vf/W5v50X9z2KAR6kmPVNvuaGRph6mgkRZW/Ac+EzktrA2WwSSo13eJwAiUODk
lH87w49bvIvmAbT+g7M0awP4XIYBL5KSaAEm7ITlU88wZgCPg2jxlMerUbKZ8G4/
EDkpRC/mPFGOL5620vZrEuIodbkzQujP6RCkbdZKJ/79ko+JFILaQBZpIREK8zN1
wMw1jrade6tawXzORvr6cIWLWuYNg1li31vH4s/iaMebfXLQ/WqGY+cd8GmBlCx/
rKe7d6FrjvKe4Dm3m+XuESpC//C08mWT58mX7lewIsM3nGRwc3vbGuhoHoyaJMHr
y/ViN/0FuZq2WrFHhUx5kEI+I46XXz25aQOipMj8ZEvO4m+hP8Xouy6FTWgq8u/J
tBLH8vdpDvQU8WrXF8rwQCNPLpdU3az6Zt58YIUT7kSsLLfStVKJpZUmR1cxg7U/
VRf4hTRWw0fXm/klsv1A5tFnD1EGFD5eS55mUAuPga36Z/KuPbWQiUukonndqHu3
EYdbqJAtlSQ+4U0UB7pMisEm+TlDAnrfgZVCTVTYNvy2Y2NtX87tXn7ey+nmsfjo
2pAJSJhpQMzCUFFHfjhpiVNZU9hadwvnGndehGhePTrDXorPODyD0PjMgUXVF7Ka
kkjziNBFG2HdLdRguQLUy8XfgQwW7KnYpJnQjFRMPGTiK9wkyIBI/hac4ckwma1d
Y79buGLCD2UYfCcAcfwZeb5VDKFdb0G2w47ehDW6sz1PAhUURs2+sSq5gP+9axgx
I3Oafdn9DtUIz/JSErD6QPsULex/V/UmlLFOmdlkQQRJ2/47RjoGeE8A2s2o3nnU
YBRZcql8O/iUbl8x4W/JIKgEXFxEW5iZ8BskaVxpgWjitC6lewbLyOFOp7jcevNm
GaeASRlWmhNY8tayh67oec/l3zFBRf30MDT5ockXEZyuQbXnNcFu+97wOnyLgc/a
NbHwRLb44EkMDpOqtNFYb2zaU41B5Ln7BXdU7w16LcrlX1yYsqchnW1Ig7AfKMq7
zB3yodbh5/s9R1rEu3x2Ks7SYMQ+b0pxhIVFrpSw69EAY1KaiaNTqgGS3HAmcJDm
pJ1n1gEE6fMg+yw7HC0fT3jR71LG8w==
=J+26
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
chromium-browser (71.0.3578.80-1~deb9u1) stretch-security; urgency=medium

  * New upstream stable release.
    - CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong
    - CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous
    - CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous
    - CVE-2018-18336: Use after free in PDFium. Reported by Huyna
    - CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer
    - CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin
    - CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer
    - CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous
    - CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer
    - CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong
    - CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung
    - CVE-2018-18344: Inappropriate implementation in Extensions. Reported by
      Jann Horn
    - CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported
      by Masato Kinugawa and Jun Kokatsu
    - CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera
    - CVE-2018-18347: Inappropriate implementation in Navigation. Reported by
      Luan Herrera
    - CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by
      Ahmed Elsobky
    - CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by
      David Erceg
    - CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by
      Jun Kokatsu
    - CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported
      by Jun Kokatsu
    - CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun
      Kokatsu
    - CVE-2018-18353: Inappropriate implementation in Network Authentication.
      Reported by Wenxu Wu
    - CVE-2018-18354: Insufficient data validation in Shell Integration.
      Reported by Wenxu Wu
    - CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
      Reported by evi1m0
    - CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung
    - CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
      Reported by evi1m0
    - CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by
      Jann Horn
    - CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu
    - Inappropriate implementation in PDFium. Reported by Salem Faisal
      Elmrayed
    - Use after free in Extensions. Reported by Zhe Jin
    - Inappropriate implementation in Navigation. Reported by Luan Herrera
    - Inappropriate implementation in Navigation. Reported by Jesper van den
      Ende
    - Insufficient policy enforcement in Navigation. Reported by Ryan Pickren
    - Insufficient policy enforcement in URL Formatter. Reported by evi1m0

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 07 Dec 2018 01:16:43 +0000