Your message dated Wed, 14 Dec 2016 21:02:17 +0000
with message-id <[email protected]>
and subject line Bug#844631: fixed in chromium-browser 55.0.2883.75-1~deb8u1
has caused the Debian Bug report #844631,
regarding chromium: certificate transparency error on i386
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
844631: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844631
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 53.0.2785.143-1~deb8u1
Severity: important
Tags: upstream
Dear Maintainer,
When requesting some https resources a security error is displayed in
the browser:
NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
An example url:
https://images-na.ssl-images-amazon.com/images/G/01/advantage/vendor-central
/site-logo._V383469221_.jpg
This mostly seems to effect CDN resources and so sites do not load
resources correctly.
This only happens on the i386 build of chromium, and not on amd64.
The bug is described in more detail here:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380
And looks to have been fixed in ubuntu:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380/comments/44
And more upstream information on this bug from chromium.org:
https://bugs.chromium.org/p/chromium/issues/detail?id=664177
--- End Message ---
--- Begin Message ---
Source: chromium-browser
Source-Version: 55.0.2883.75-1~deb8u1
We believe that the bug you reported is fixed in the latest version of
chromium-browser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated chromium-browser
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 Dec 2016 04:48:45 +0000
Source: chromium-browser
Binary: chromium chromium-dbg chromium-l10n chromium-inspector chromedriver
Architecture: source i386 all
Version: 55.0.2883.75-1~deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Chromium Maintainers
<[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
chromedriver - web browser - WebDriver support
chromium - web browser
chromium-dbg - web browser - debugging symbols
chromium-inspector - web browser - page inspection support
chromium-l10n - web browser - language packs
Closes: 844631
Changes:
chromium-browser (55.0.2883.75-1~deb8u1) jessie-security; urgency=medium
.
* New upstream stable release:
- CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go
- CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
- CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman
- CVE-2016-5187: URL spoofing. Credit to Luan Herrera
- CVE-2016-5188: UI spoofing. Credit to Luan Herrera
[email protected]
- CVE-2016-5189: URL spoofing. Credit to xisigr
Alqabandi
- CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen
- CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
- CVE-2016-5192: Cross-origin bypass in Blink. Credit to
- CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen
Security Lab
- CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
- CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu
- CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go
- CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu
- CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
- CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
- CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch
and MSVR
- CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
- CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
- CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman
Alqabandi
- CVE-2016-5219: Use after free in V8. Credit to Rob Wu
- CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu
- CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker
- CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr
- CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
- CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
- CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme
- CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu
- CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
- CVE-2016-9651: Private property access in V8. Credit to Guang Gong
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
- Certificate validity is now independent of the browser build date
(closes: #844631).
- No longer supports gyp build system, so update to use gn instead.
Checksums-Sha1:
c708b399bf09b950a2543fbc7efe64e58552a685 4087
chromium-browser_55.0.2883.75-1~deb8u1.dsc
7e19210a25ae94e17b0fd93625642d1d59697dc8 472986664
chromium-browser_55.0.2883.75.orig.tar.xz
22043abb4ee3fe9f3a9566482e0a08a3625ea1f0 183480
chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz
1c7eaf51d1d5f7da58e6216c86cac5e1d9072d6e 42461718
chromium_55.0.2883.75-1~deb8u1_i386.deb
1ae8009a9095a527790365f7f4697a748e2d2432 6933910
chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb
b4231eed97d384edb380b8660adb4aa95cf23a98 3339348
chromium-l10n_55.0.2883.75-1~deb8u1_all.deb
fb8186b902598cfcdf1fd2e576441892d4872461 1404218
chromium-inspector_55.0.2883.75-1~deb8u1_all.deb
052dcc08525b2ad6ec3907e97bcdebc6cbb2acd4 2624408
chromedriver_55.0.2883.75-1~deb8u1_i386.deb
Checksums-Sha256:
fda2905fabd8557dd8e0d85e8fdbee46acda16e7a62f5792306e0457b9846d18 4087
chromium-browser_55.0.2883.75-1~deb8u1.dsc
8b4a7109aeb40f1804d584151649a6b2ca70d0da459fe86daeaa0f5f3c6ea358 472986664
chromium-browser_55.0.2883.75.orig.tar.xz
055a9f090d001a6c7b619c291796b17611c8d935e617da1f06501ce1d2238ff7 183480
chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz
d2b25c5f689f5dc45467a355b93f310d49602b54ba3116993750a9400e4222be 42461718
chromium_55.0.2883.75-1~deb8u1_i386.deb
b1d1d6ec538fc76f9d83a4d99da102b0c42ebd87fd91403bb065b2888871fd8a 6933910
chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb
a5120d3ba01a5cb4966ce540318a0b6904d95125515cea9356372da7077e8ea6 3339348
chromium-l10n_55.0.2883.75-1~deb8u1_all.deb
f623318dabe60bda281db285d26a1a14ccb3302cffdcdb52166bd759dedc27ce 1404218
chromium-inspector_55.0.2883.75-1~deb8u1_all.deb
b3e537c0bf35ea168ecd3d3935d220def7c49c06771a4f020df7675c87445662 2624408
chromedriver_55.0.2883.75-1~deb8u1_i386.deb
Files:
4a5091cc667678b97a0d71d7cf9efd83 4087 web optional
chromium-browser_55.0.2883.75-1~deb8u1.dsc
6ea097ad1d73444f40359f54ad9bf396 472986664 web optional
chromium-browser_55.0.2883.75.orig.tar.xz
a2fbf7b8e7b607a89dd96d11645f4c6d 183480 web optional
chromium-browser_55.0.2883.75-1~deb8u1.debian.tar.xz
615f1cc64b6b8b2c4ac670a91470c1d1 42461718 web optional
chromium_55.0.2883.75-1~deb8u1_i386.deb
75d710eb62663e3d63c3c84a8e7db9a4 6933910 debug extra
chromium-dbg_55.0.2883.75-1~deb8u1_i386.deb
327a01b2d004d15c0f5a76fdf745ea5f 3339348 localization optional
chromium-l10n_55.0.2883.75-1~deb8u1_all.deb
493f5fffc7c88d53e20e3e0242399a35 1404218 web optional
chromium-inspector_55.0.2883.75-1~deb8u1_all.deb
baab5cb8f34c2b7d8bf63e0a6f583b34 2624408 web optional
chromedriver_55.0.2883.75-1~deb8u1_i386.deb
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlhNYboACgkQuNayzQLW
9HN/3B//azWVQoO6a+Txr9FEvvbRfpKpT3U+R3AKv6a2QBJJQ/tUYyBs+2SKb5Yb
YXmYNn9p3wKvU2taZTyO6pBgD4/DeAjVAvNssCsrRbB7azB/BfLjZhBrr5vC5+cj
LGZz0GTqOSIHjEg0aGMeZX2qReZN2X+keM6Sf2oAmmSPgsl1hdpR2NsrDgi+x/ZX
itOyDkE4KUdKkxbAuZnxrofWsaHPARPHf9jYnH2RKudHzbwx1kDFQprr/F/7UxpD
vIWpG67eoiol+S+DE4OVTJ2pb8Jm8EJsGJk+JBXaXmWX6r4PRFHYTcPoQKxfe5QW
O5ijXwB4ISwetJw6dhqgSZu2Kc9IFLNp1hghO72+ZVdcKXxditiziRL3PnLo/+dZ
wlA+ADEen96OlTvSRCqjWJhYtU6WK4zQrvEyBGr+q0KMCf8c2pd67qfdel/hbTUx
d92om6zm21Txy/SaeTuwY4RydGmtdRSS3OMyFpgcaHqmxz/PtXkgS6oAJ4vnipdQ
eVhZW6Uv30rZmMeGHjRHiYG1K6h6wjLcdcl/7STWF2psWPGFkxH6iQsKpfOw4/Qq
C42seyk/bM2bpDscV9Jn8tcxK060+b+eUcFiUPVaGGYa9nqsybfHo2vo/oMhWLzB
lli6Yj7psaV+hyMi9o41fVEc1WwfV+fJAcDTfol4cIt0jeBWZUnGqJeHA81v86xX
jrIPzacNfWWSfu/RSMkSz90H9Ruc6F4IFHwa4sK8xiMvyl03ukNR8dLXb4Y3DZCC
uQ3pECw1k88OWRQc6iuCN1Igwiav/jUWqRmM21SVSRx1BPaHpAVeGk/O/3BJYcJX
3hpNAVh9XhoA+6viF+qVkJ4nW3hVdZqNWQ8okw1Dq0hC/z6MfkQ+iuWyrJNhe3ZS
zlxThr6CyUOQPW1cbt4muHmZV4rsburEjP443em/9XTkeB0hyN+7pUf7mbQ8rq5h
pSviLTjz+5pa38QdNVikOAF5eS65BXmQL+boGiWyrBOVxjBePDfGMXP9oZhkjz/5
e6o2Sr3Hy+SXbjLgbi3uRj4LuS1fHlVkIbuLKdZOGTd6vivBWi8uq1xyD3+wqyDl
lI9NmfvD3d6PvHIj4RmB6AsfkaADveKQ5avBBNxumD4xGliPYYdALhmG7mRDsE6z
wKbZbGxM7BmhpK44gRkHLyr8U8URbnz4N3siTZGKXHrPGAKCTpU5fvPLGGBW7dqN
iYCuepafY9ZcFuBarWGgZo58bfzyNQUbaKNSyyVnb23z+ZrHGAgHuanZ4wrWd8gN
idAm9QWAAkZK8T7HdTCYWlCMWaVcgxn7rIiQf44hkpqiUfOTrpOcpRI2igm/gkKi
TBdQ1SNl4HHKV89/0YVL2K62QPmuBg==
=OJL5
-----END PGP SIGNATURE-----
--- End Message ---
