[SECURITY] [DSA 4606-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4606-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue. CVE-2019-13727 @piochu discovered a policy enforcement error. CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library. CVE-2019-13729 Zhe Jin discovered a use-after-free issue. CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. CVE-2019-13737 Mark Amery discovered a policy enforcement error. CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. CVE-2019-13739 xisigr discovered a user interface error. CVE-2019-13740 Khalil Zhani discovered a user interface error. CVE-2019-13741 Michał Bentkowski discovered that user input could be incompletely validated. CVE-2019-13742 Khalil Zhani discovered a user interface error. CVE-2019-13743 Zhiyang Zeng discovered a user interface error. CVE-2019-13744 Prakash discovered a policy enforcement error. CVE-2019-13745 Luan Herrera discovered a policy enforcement error. CVE-2019-13746 David Erceg discovered a policy enforcement error. CVE-2019-13747 Ivan Popelyshev and André Bonatti discovered an uninitialized value. CVE-2019-13748 David Erceg discovered a policy enforcement error. CVE-2019-13749 Khalil Zhani discovered a user interface error. CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13754 Cody Crews discovered a policy enforcement error. CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. CVE-2019-13756 Khalil Zhani discovered a user interface error. CVE-2019-13757 Khalil Zhani discovered a user interface error. CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. CVE-2019-13759 Wenxu Wu discovered a user interface error. CVE-2019-13761 Khalil Zhani discovered a user interface error. CVE-2019-13762 csanuragjain discovered a policy enforecement error. CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6377 Zhe Jin discovered a use-after-free issue. CVE-2020-6378 Antti Levomäki and Christian Jalio discovered a use-after-free issue. CVE-2020-6379 Guang Gong discovered a use-after-free issue. CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed
[SECURITY] [DSA 4575-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4575-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 24, 2019 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-13723 CVE-2019-13724 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13723 Yuxiang Li discovered a use-after-free issue in the bluetooth service. CVE-2019-13724 Yuxiang Li discovered an out-of-bounds read issue in the bluetooth service. For the oldstable distribution (stretch), security support for the chromium package has been discontinued. For the stable distribution (buster), these problems have been fixed in version 78.0.3904.108-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl3bUaIACgkQmD40ZYkU aygisSAAnDsoK0HlKa1BA2sDO88iT8CeuF89SYfu34RyQxvrDMTkn7lzxTwQZP0J 1Jm/6nECfd/aa6Yahx5eUNNtrPxyareVTONgrlMDCacpAGAGi3R0T0RYWzBo2VcP iklYgQH35UgqcKqR1j1yYXBGOLl0wOLXxRrQN5yh2FnCwjJiPRJPjc2PEr6vGbBQ EfPenqWEMMquPvLhOGZUXuQj7wGYWyz9IJJjngL5NbeMDl1KdejGvzXC+rMj0/bG sRMG0X7Iq4ksbjujHObFZtO++9sfTa/9yGDpKwnRoLd6kOxn6kbTrleu4kHjXCQh 6gE2MFA7rbzfmCzPax/J5A9lvEXZ0INH4qI7DvsNE9WuXFO/tXwIB8rrM1Qf9OTD 09B//sZn6i0UVaMBC2riDdcoycvXgGdpepT1/imjPotSvZy4CVdh63ZLJNDZXYrx uwKIK4eGytrgNIRJLHB7ilP55M6ePEZwM9OSK6LctOkSh56Brvua4YdeNWb+YTZ0 8BjIyNsS3KqaAsy0m1KTdux5azYWI2kcOdaa4Jnorx9N0RSeRMBjS9uwlJyq6bIh xA/wpvwJ0x9pjt0Ln2Lgy4SCML4S/hA4hSqZr5PhhTuXmerua+SFqmMUXYe1vUEe R+6kn/emk2pKraulfnIZa4sq1xJhuJdY1SBwzbrqLnTYf2hHjk99mx4i35k7cBeO dcrqBG4rLXeJ4Ra6hx0QG7QgK08+DWUf2c+bCRUo24vd2HgI+vv9l7JITtgZCfW9 gWMELaOkIXyRtJHvG1EgNKzrpFSESyho3pLHUg7/zGK6TCI9MphJm1nVU6fp8SkI bu5PTH1YeE1GX9ETdvAmGUlljcgVa8eyG880BEqkQnSBFtMsDtjsxVX3zSUjZnoX yxoO4sb+WyWkGOwTE8u6eK/MWYdvYnUzdxMpPZc7C8e69AhL4G+T7bAked0MRXB6 41lq3l7ogjshjUcd52idvEehJYLK+JOFAu/qPiFiFE6dp2dPsRj5YxVLzFeepKKV SMIQxhZAFTOvZEUPLNs1mRycg9cYZG4y2IoZI5Zqi1oZd/0YccZvkGQ/eu33crUw PFSEGdNcA9PSUfYZRKwt2/bfaJ9TebYVZ3FpsUMwneehzNaJ6haCuL4ejSH5LlLW 7uti2eUHwuKdaMWpZ8KfqGV4kxPwyaQhPH6YnfSlnvZRB9uv4i9ezr+fUAg8bZuf BIanHOYIsz6pFF/XijRObBJa1JKOj6LcZVc1rYwJEWKb+S8O/u0agiNVrtlNe5RT lH5lVKDDyOb8Nvpay6Hp/kp3V8j+MrvvaH6x/Ib7st0nAiB6BOLNmQqGlaVkPKxH dfc5+c52cxCNDub3VH9y3lD5Q88t3A== =YrLK -END PGP SIGNATURE-
[SECURITY] [DSA 4421-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4421-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 31, 2019https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5787 Zhe Jin discovered a use-after-free issue. CVE-2019-5788 Mark Brand discovered a use-after-free issue in the in the FileAPI implementation. CVE-2019-5789 Mark Brand discovered a use-after-free issue in the in the WebMIDI implementation. CVE-2019-5790 Dimitri Fourny discovered a buffer overflow issue in the v8 javascript library. CVE-2019-5791 Choongwoo Han discovered a type confusion issue in the v8 javascript library. CVE-2019-5792 pdknsk discovered an integer overflow issue in the pdfium library. CVE-2019-5793 Jun Kokatsu discovered a permissions issue in the Extensions implementation. CVE-2019-5794 Juno Im of Theori discovered a user interface spoofing issue. CVE-2019-5795 pdknsk discovered an integer overflow issue in the pdfium library. CVE-2019-5796 Mark Brand discovered a race condition in the Extensions implementation. CVE-2019-5797 Mark Brand discovered a race condition in the DOMStorage implementation. CVE-2019-5798 Tran Tien Hung disoceved an out-of-bounds read issue in the skia library. CVE-2019-5799 sohalt discovered a way to bypass the Content Security Policy. CVE-2019-5800 Jun Kokatsu discovered a way to bypass the Content Security Policy. CVE-2019-5802 Ronni Skansing discovered a user interface spoofing issue. CVE-2019-5803 Andrew Comminos discovered a way to bypass the Content Security Policy. For the stable distribution (stretch), these problems have been fixed in version 73.0.3683.75-1~deb9u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlyhFtQACgkQuNayzQLW 9HObTx//fcUdPrGy1LSyubHBOocVFnh0BDaljGywbCWCEThuXDoCJM24d41+tscd MH3/Ule85bBm5c7wJiURgWXvNjUUeWvAafnCkXiwGvzpx6/U3DDnp1Af/CTMBT8k 6QTmhuzEqFt5Nf3UCXrfdR8I4ZZiwdE+7znS1P/3IPxjSyT9AOTcbOJzGm94Ig+I t0Lvvcb8dcA0h9ETsvau5lXoLpsLkEzl8rGZlaof1uWZIbyEm+xxC6QcteooTsZd oo30EgYeAlBsndkapzbVhQZD/SgmNvgIspMXrFP6rA5rNuFAJi5W92eApr5EKpLY O5mISCYY5naCUhE/QDWPoaUyFiOV0D5mycIuieYLBFT0LjU41xjSuuh1M3KV49Er fBeENaC1D9pehKQOH5aoa0ug0uzxyjzhOuBFQp/lMsuYlIWzD+HCo7EyPXFK13j+ 2pIoUKqi8/CymSD8qj/LPmcFWKMNuR47CHUb2FVvQeyrAzRKAPJeB616xetYFSEW 23zzLdt09DhGitRhzGpSNj08Ata/uTcHfWgZdYPEeKNituVa0PrFvZ1V3Ki6WeeY ulMoeW/GWTcfhcpauv84BXpy0oPFXCDYxYRgdxBtVtBbc35JZ39aJvmrdOOUIlff mPaadmoe2Jp0GQZY24gmb2AX4y7bRD+gR1jvISsXr0749N+GvRmZBgiP7LfodCp4 chlw4GKtyhE8ZwdihPwt7q/7DNV/vfhiEmysdhkYq6NSicYlVBZ39qjv0e3pBXOm bksuk/yRGvdPxQWdJ2OWuQY9DFxaLJduhNg6JLftMdCYSNtY6J8q/N5qm1oAGEqV Pf3MB72OePHGL6aOyYeOI46q2il881gFp8HDeQYVpVQh14/YFAvXf8l77jb+7701 ZERMSzHkadybixmQW9VK0cEgXV9qrO+VwSQ+wz7c6UClTskPKT/+cVIfr4sfpIBh AQ2u8TAIt2gxFbJv+T8y1gvGQaglR93W+WVYocBnw6MdBV5xdecnrj6KwzeGB7f0 /1T7c1Fv2+xE3OZRiQdXM1CFwh4YtjYsJwB4inYArR8ud9b/RQ2j1AFzX+pqzRjS SIdY/AHcMV1gOvtJ8rUrl2WleIaX+GYblskZLqxx0lwpJ0Q+i9lSeRBD1oeHcHXm cLOrbzKeYeIm7tAWQgV29Rg1Elm4gjQTjFWT49TmZ+FVjTjrupkNsskYfkqe/Xzt geEUj0uAyz3lotRSUL/x5cIsKqAybTREUMjN9NHUuOQTvshUv1ltP92p3QENfhlg OtS+ICE2LzR1DfpgvC40ZbM1Vb+ydy9aOrCG9+O968vBIzHO5J8zgvANnzevy8Ml oVASke41lHKH0wFa2CMi1c/UNAJL0g== =DdTh -END PGP SIGNATURE-
[SECURITY] [DSA 4404-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4404-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 09, 2019https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-5786 Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem. This update also fixes a regression introduced in a previous update. The browser would always crash when launched in remote debugging mode. For the stable distribution (stretch), this problem has been fixed in version 72.0.3626.122-1~deb9u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlyEjvYACgkQuNayzQLW 9HPz2R//TxP9/mMURq2yCcS9lIXFM42c+YdBZSJK+hA5uRH4UKpycqOyJnpSvCqL WfsApfLCKGrMyUmke0ZvV0iIe87WOHU9SpS8Hs6jdRTa2LEhn+2lmU28F3EpqXAB 4yipvbAwpoN8j6Ab+hr8T1qBYZfqhTC8iK4tpe6D7JoT4xBf+471CIXhmmWTbOqt TpFhjOhOiBT0ZUNR7BcePRhTOUiy/0Nu38fvBPbAnbcVR+M+6QfdbWMbBUyLU1bJ 3c3upOLSic/CsuMhH1FXbw8R1Tj+mgNUqO6Sca7EpmuN10Xh8TUft56kClffYl6Q Z7dt+TwyyFvvxR5bR7Q/fIw+oV/YgITtSWC7SokyN7so31Kh9DOnHYRzjY9OmhUx febodihqFMJ91KLSGMt2KtmdDsYlIp/LuKmmcrKhq4a7k9LfYI50hRCR87bh5frg 9ZcO2sdhI3H8Z8ejdbc/IO39aJ/BgG/LxZyx9smQTxK7SO5wt73SN2MtHXlmeqz3 ReSk4oIZd06kHVk0OsKhwO2lennDWxc+g2UOGYz40k2E3mMdDBN9bD5KXSAmnsxW +vOv+tznqLrjgJwCFz+gd14iP65CIQ9qL6zr6yxKFWozSQarZ8qeCbgND0gKBLH3 O2Epo5kMX8zxZEhR2dmiCefmIf76E+90E1XXv+F32X6rJ41S4ibONF4KKufv26NJ ehhPUUFJ03YZdA4cEeL/7T67Bt3dlBY53xhQuVosaMYqwo3Eyv2I6dmUxigjE2wx b6q/kJsbYnPjkZ74Pd12JqSTBkvP3enQ4jAj28gpy0pnAQcjtPrygUDNfYV3S++a 1LaZx78yoJ9w2jse0erB14SChFpbOvmdGZSe0kr7mchYmr+eik22SpFuwIb/f//X 2dbqIKT5OP6QOnT7rsaycIIyIM0D7VhVCRkD4DPx6uimcLTHQjyEJCl1Q0V3Fnif OYcl3mM5HYnR0tRefppaWdfhdLe/lPXGTE+ADeGtMORNMuarT0oYsKi7nevtsk/v SEW40t1Ed65jZz2kyjJzBqLUiPpj0piL8eIcu+/sVOuPmBKVCVm3gjYGtestTyTf 9fWTFc3w2pHFyDDAYDZYyAnweHxzUbOCF2wa8sULpurlLLk53sO39e8YRbJeqeWt 1ajic6+3C6DXzqi/rCBJIBK/vgnqNaEJhB2yR4dj0HZuzd8C5kkElEELnbD8KCkd ElsvOWikocbDoV0qxCm01KXCnQEpVe79PGJeh/Rkrk3tgftyja0wdzY/TAsTVbLc MM/e19sg1o2pvTzydF0YjImhD8pbeSVlzXAtsv3JIf3oxd2yuJP5S+sfyKPPOdS1 mDynXcm1ch/pLwS65mgSt980E07e9g== =sUh4 -END PGP SIGNATURE-
[SECURITY] [DSA 4395-2] chromium regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4395-2 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 26, 2019 https://www.debian.org/security/faq - - Package: chromium Debian Bug : 922794 923298 A regression was introduced in the previous chromium security update. The browser would always crash when launched in headless mode. This update fixes this problem. A file conflict with the buster chromium packages is also fixed. For the stable distribution (stretch), this problem has been fixed in version 72.0.3626.96-1~deb9u2. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlx2mgwACgkQuNayzQLW 9HPXwh//YmX6yHQyi1AFEPLndrHePScrvI2hRS3AgYkh8YvXJPW9t5KrYP/F8E4/ HjHzUDzOgIWmeOfzulaFl8o8c4IOwGzMfuEGrdwRpInSTM6YxR99u/gYAZ8+gijr to4kNRTAk31ArynyGAx5/P1ucYDqK+QkmSNuHnGUJwaGpcFLgK3G2RitpAaid2C+ nfGtM1XwMjMbJD/SLMpdZ/pgWmK/rbM0242RaATXLe/MBbTWWW9HL14A3oYXHjd6 7ZrKhmJQqw62Awc48Dam+kDR+aEpclVMEw3TLHMNxsEQLWhCl4ZUsOu889pHWPi5 Nqnp5Be6VlO0y24ZV/Pas7fKh31JtE0XLQgYXWF1OAeQf2Z8wlHg6GRqBw3NNH5p pRL01zrKANq+zMX5Um4chwZEDq/6ky+BrW+ZA4LuFFqDjX4hmIHecICeg8Dsq1PU mYBXSO6t6GDBmHNsYiWTHTgquAXB2cu3+eY/6mszHikraFPUFYanVnFW8mlQHO9j LySnWw8VtQUy4fL+oOVRXmZYLLMz6q7l9aQ8/gMksYbbk1/eCnKenaLLBR+CKgir lI/uuuUoFQoBMr4ikQmEaG9wPvDlUgp+9Admjj78hU1ZJ+pLiJ8JIW08Yt/aNC6o XumqKlkmCrqziZnYGJg3ycTuzyRCPkRo/Xlyv23+ZdzoGVXOB5MeR/C5j1U3gmMb EXrINMkOm7Poze/ZPpMcpPEde/oScqucohUcaCrfi5OG/1aQslron3i+55vghkCN 9nnRoFP5Yum9PACMa5V0ijtUY8e6enn1dUGZpFY/19aQvtJUZ+geCjO0inJiiau0 NUpTW6K4nABab6t5ZAzOfIS0gq64hba+BnGiniEAKTe6J8O5Eq5DNvVUUlOzm2Og AiWfcXVAyXcl5qVarrjNgafZB3RKu/vRAlNAxug8jWCH4DCFP2TGG5THVwkaNgQp 9PUzECQj7rYqbHgdKmkpZ2Ga8nIqLeyktnGfhz3JM4ZCwgnKG0Wbfpg8yAlEkpqg 1wrNEpDYt4r4lEEEn078wXWXZnzg0/DqL41NdbNwjkcMNx9Mx89ySyrt4QNTFYL4 d2JZO/kKsrhreEvuIGIQ/YSc3Z4eJCz42Kl51M15gXDsAGe0yaNj4tcykusBpkoi 1drte4oanxImailVL83JtLotxZjBxSLBm/z+1VFm+yOCEMB/b452Wv5ZeKY74Snl 5nrwuwpxtq/da1W7YOXa3DKLwRalbsc9qwXHTUbVxf/wZQ9k6lUBC9nNrdmbMys5 ocQLqRrjIZ4Aq0cN6bZnFbUOdC8B2TMEP9HcXPqxsr4p8KPh81+6bBafdKudmhrJ nLC2oJ9BZ6H/UERK+TLpeUgoq5QwEg== =EtLw -END PGP SIGNATURE-
[SECURITY] [DSA 4395-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4395-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. CVE-2019-5755 Jay Bosamiya discovered an implementation error in the v8 javascript library. CVE-2019-5756 A use-after-free issue was discovered in the pdfium library. CVE-2019-5757 Alexandru Pitis discovered a type confusion error in the SVG image format implementation. CVE-2019-5758 Zhe Jin discovered a use-after-free issue in blink/webkit. CVE-2019-5759 Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements. CVE-2019-5760 Zhe Jin discovered a use-after-free issue in the WebRTC implementation. CVE-2019-5762 A use-after-free issue was discovered in the pdfium library. CVE-2019-5763 Guang Gon discovered an input validation error in the v8 javascript library. CVE-2019-5764 Eyal Itkin discovered a use-after-free issue in the WebRTC implementation. CVE-2019-5765 Sergey Toshin discovered a policy enforcement error. CVE-2019-5766 David Erceg discovered a policy enforcement error. CVE-2019-5767 Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface. CVE-2019-5768 Rob Wu discovered a policy enforcement error in the developer tools. CVE-2019-5769 Guy Eshel discovered an input validation error in blink/webkit. CVE-2019-5770 hemidallt discovered a buffer overflow issue in the WebGL implementation. CVE-2019-5772 Zhen Zhou discovered a use-after-free issue in the pdfium library. CVE-2019-5773 Yongke Wong discovered an input validation error in the IndexDB implementation. CVE-2019-5774 Jnghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation. CVE-2019-5775 evil1m0 discovered a policy enforcement error. CVE-2019-5776 Lnyas Zhang discovered a policy enforcement error. CVE-2019-5777 Khalil Zhani discovered a policy enforcement error. CVE-2019-5778 David Erceg discovered a policy enforcement error in the Extensions implementation. CVE-2019-5779 David Erceg discovered a policy enforcement error in the ServiceWorker implementation. CVE-2019-5780 Andreas Hegenberg discovered a policy enforcement error. CVE-2019-5781 evil1m0 discovered a policy enforcement error. CVE-2019-5782 Qixun Zhao discovered an implementation error in the v8 javascript library. CVE-2019-5783 Shintaro Kobori discovered an input validation error in the developer tools. CVE-2019-5784 Lucas Pinheiro discovered an implementation error in the v8 javascript library. For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlxrbrQACgkQuNayzQLW 9HNIgSAAsHumjm9w9vEeKVTHul1sou7vCptw36hqj5ueIxnGRPJNdFEAttzXqbyo 2qaNYcJ1iBt362k12iqECOq8pF9JA61WK26OL+kb6vWohT6X1uyK8aJ5EN8cGElB 8vXzT5ce7uDfNwucQsZIlKuzD/aLDdIwW8cDJlNLEpA4tBpQOWqV22dTVXdcu6sK 9aUTqpOPGaGbAIHZyAAHNbOPIX99Bx51fcVZTZPqoKQrCPYAgXnLPc/TH4vYQ5lg TqBRPxPc3xRie5QzOTT4BlqRFelvUy1+JDwTRkAMZkxnNEEgj438wtuUxSIQM1o2 Q5HnIYg7GCc2xUlrqSMuwBBiWP7LUYO80TIOClBE45XVMMrMJZ6tHxQy+40I4DAM 9q5mIjGZVhnMVd/x8SuPlD6LS/vcH152r6psThlPJ1gqZyoah2gJEBIShKYSVEft mOcUOaZ8UF+xAiJBjGoAueQQHGPN8/pIvwu69BtdqciH3mx1iasKU
[SECURITY] [DSA 4352-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4352-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 07, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was discovered in the skia library. CVE-2018-18336 Huyna discovered a use-after-free issue in the pdfium library. CVE-2018-18337 cloudfuzzer discovered a use-after-free issue in blink/webkit. CVE-2018-18338 Zhe Jin discovered a buffer overflow issue in the canvas renderer. CVE-2018-18339 cloudfuzzer discovered a use-after-free issue in the WebAudio implementation. CVE-2018-18340 A use-after-free issue was discovered in the MediaRecorder implementation. CVE-2018-18341 cloudfuzzer discovered a buffer overflow issue in blink/webkit. CVE-2018-18342 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-18343 Tran Tien Hung discovered a use-after-free issue in the skia library. CVE-2018-18344 Jann Horn discovered an error in the Extensions implementation. CVE-2018-18345 Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation feature. CVE-2018-18346 Luan Herrera discovered an error in the user interface. CVE-2018-18347 Luan Herrera discovered an error in the Navigation implementation. CVE-2018-18348 Ahmed Elsobky discovered an error in the omnibox implementation. CVE-2018-18349 David Erceg discovered a policy enforcement error. CVE-2018-18350 Jun Kokatsu discovered a policy enforcement error. CVE-2018-18351 Jun Kokatsu discovered a policy enforcement error. CVE-2018-18352 Jun Kokatsu discovered an error in Media handling. CVE-2018-18353 Wenxu Wu discovered an error in the network authentication implementation. CVE-2018-18354 Wenxu Wu discovered an error related to integration with GNOME Shell. CVE-2018-18355 evil1m0 discovered a policy enforcement error. CVE-2018-18356 Tran Tien Hung discovered a use-after-free issue in the skia library. CVE-2018-18357 evil1m0 discovered a policy enforcement error. CVE-2018-18358 Jann Horn discovered a policy enforcement error. CVE-2018-18359 cyrilliu discovered an out-of-bounds read issue in the v8 javascript library. Several additional security relevant issues are also fixed in this update that have not yet received CVE identifiers. For the stable distribution (stretch), these problems have been fixed in version 71.0.3578.80-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlwLIaoACgkQuNayzQLW 9HPFMCAAlLLx1FgfN9CHg5auKRnKdIbBDFPdUavLrfUabinBfve7yEcPIrWvdOIi fD3x7kAdDb1KhbDcVLohjkXyKQo5Hjt8x1qeQhGGzu2W4Fnq8ltYwC1FTZTGWmIt chpVd/UpuwM//zd0D8DRf1L7koW5IHtG2bOczKq4zn/1cgxTdhr0Wm329FSmJfG+ I6nQQBX5QlwTEquxKS16wYxk3bt+n1DzL5vUTzuizmbhRYxg2oCIZVhzRsCNjRR2 GzauW6utyo2u5VR2zp5alkWQedZNP8VNTbmExuDfB6vWIkpr44ilbRcK1jxulvfQ MiwVe38uBT52Vapsl39o0O64lnq+01tMwA87fDZVyKRK0wzO422zlBE0M81YRiDd PHwlEB20BbpYPfCWRWkcQq1ZHphWx6ZnP3zmNCn620lqbZCeyNQFKFcCBIC7TvmW lohfcFhpTK86DurO3ZZ7dUjhfre/GCehTvgbpE3MeEUjsqjRAfeeE6mnm6ZIblDq NjdLaj8zKi/xeTMpKjmkfl2OBUeGG0pM0zn3t0IHn2Z47lRQ3nwGzlnVy8woR36Z YX2WUWTN02xLjL1T4lvE64yAeIj2LG2S2UtFsiZD0Z51A+kDUeYOvhP7QOa9ufBk sxj7n6G5hfwAfQS4DsuE39LvSepoG+g2i+7rxNWrsFzIytLDYOIefNSs+5csjPkG 3BrCswQEwu+5pyS+RcANWN52Um28gmDkjR743Yqr1BtyD4nDearLHBdIxmHU7Ywo RcZt1xPIDLgjpwciSCwl+SbStICIb1kZ0KCphJHuB08X
[SECURITY] [DSA 4340-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4340-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 18, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-17478 An out-of-bounds bounds memory access issue was discovered in chromium's v8 javascript library by cloudfuzzer. This update also fixes two problems introduced by the previous security upload. Support for arm64 has been restored and gconf-service is no longer a package dependency. For the stable distribution (stretch), this problem has been fixed in version 70.0.3538.102-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvxFbkACgkQuNayzQLW 9HOVliAAorrsty4NkBthpun/Qv/Oq/1UPYD172/Gl3vTdhikZwgJHbA6ILCniTis CR0uuJ/x3QZS/0FO0ZXNBEhKkEEAtL2RoHTpoSyipQOVKXt/U3eTgSvRakRmqzSB HbnDzsqJUguylMEdk0C4qZTenO/vZUxbRHGu1yZsKc0Y8Fu21T/pOUXwIiM+7RNE qAU+jl5ZLql5Z/rPner1nv8pl56KieVlN+fewPdA3yOi58xcnQTx34SvWrP5J1Bc 2aqde1mJ4/T0LQmmc/ayj9PETakDD6SfJ7lM54T69tUneEhS8U29n/7sIsHt9RSB wPGPZles4IMSN3m6+tAt2kW8AayNvbbL2qJZvGNLXPh41F4dy+FhkXarC0UD/dEw AQ7kqm/UFHiSfVLhP90jD84rrmoxf3D2K6XjQaLprFylB0EoZcwyyUuUZQ1+ibso cA8epGoR3XPXmTSZCNaMXAyIgyDXUuMqOj2vB9I0NDJsSBCKS5RnICpCtY+hGbP8 F72ZUoJNGEIN68nkBIYDYiIG3ZrJ+ATA4HJsiyRa+8nnReRYQVu37shX+/DzC2G9 6Zh6KZzM7Z7LEWS89XH2h/NDKVukejJqpcEX23lL4YaFfoAtbDGo8rmpz6rcMlaO e40Dpy6e8wgCQKwXPNqDZ28nQHiUEDWJ6YxU1nK4ZD/GNn5ZWKmkISDJtc6sNB1U 7vmYrFH03zD0xqET+Ct7LiLehmROEDGE3w4rLn9srkFTyko8NDTvpYt4VCKBsvRL cTnUQuRs3EzgMQFk/F6Wh8KrkA5/Su90sb8i+g9wnCEXJcgSoM8rLcBfMkkK/6B+ gKQpcpdv0mk2k0oSArzpOLWiZRzK8ifcXoObmUi45uKSua6i03j8FWn81AUfn7wV vII+uACHJ2hFPDczwVD0DWErxxVVy2o7MAmg1gdRwSjHQHCwg8/TC+d7POwlLQry QoHCQ0pnhBIYRqyg+FbcyxielqLtQV1NUV7TklPG4W5Gl9Wa3bDgze5udOC8YzCV WEI5xqVNnRIREjv//VwJiO22SkiCkGdEm28VPGCDMrlPx/xK1UEzTL9skTaRaOZs 4kXE8I7snZHoA/K0r3cJMvbjOcgpOTDe9iWPnctpjuYoBHzPi4MyXb2sKLfxP8/K PhCPiGGlmhKE/vvjHIIlkqIRVNO3qBpecnj7n4JCAOIYi4jgamaea1z5a2tGxKUP 22PzIl2jUgl35tP6zVAWfurQUN9raJDgnt3LmFkwEW4vVjyzewR6e0Z6SmS6tb68 JOSp5NeOgii71S0o5U1Mx7AqAwo/V4yicIYSWQTPNyOwIpPb9cz9oIafhCQWzHep nkiN4nQ+9KEmJEY6PPFmcNrrzefOCw== =UwXD -END PGP SIGNATURE-
[SECURITY] [DSA 4330-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4330-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation. CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox. CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 javascript library. CVE-2018-17464 xisigr discovered a URL spoofing issue. CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 javascript library. CVE-2018-17466 Omair discovered a memory corruption issue in the angle library. CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17468 Jams Lee discovered an information disclosure issue. CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library. CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation. CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface. CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17474 Zhe Jin discovered a use-after-free issue. CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue. CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface. CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane. This update also fixes a buffer overflow in the embedded lcms library included with chromium. For the stable distribution (stretch), these problems have been fixed in version 70.0.3538.67-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW 9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBG vEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrSc GcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol 9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMH lerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3 EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT 8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfz pvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwc Nk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z 8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIy JGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHC ar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRj DRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xX yOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim +OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB 2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP /Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW 17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/ 03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+ GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRy UvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdX Ay238uDIBhE1NLHpUSX2D6/cMGFggA== =AINb -END PGP SIGNATURE-
[SECURITY] [DSA 4297-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4297-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert September 19, 2018https://www.debian.org/security/faq - - Package: chromium-browser Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue. For the stable distribution (stretch), this problem has been fixed in version 69.0.3497.92-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluh2gQACgkQuNayzQLW 9HPdHR/7BN5RFf2Z1pB+we2Xaxz3TSzVKT1iSjAM1Hh3npM8Bgiy5um6lzHnddP9 vUYuaO9HXuWgYKoRO2i73RjCisxdf5OsgexFPQAUHFe/ocCGIqxVZpQRHkDhWxdK EUfr331ibgUfDXzOxQSJ6tBfAW66rhixrARR1g/b3eQN4SdOZo0W/VpT7PaG0L3/ Ljpo+ifxQ0Kgh31LeAKuFCnkyfMGOjy7ZWzdTc2OHK0Yqr9gi4/boErercyFrIGb Y4EhVxIVpePxfzUfNuCc21YKcnyeXcD4ocd61OdcrXMTswrCLJ/euvp8w4f85Irg bxdpAeb7KRZn3OnH5nA4jF2zRYjuPkb46+SJieCkfB+JYCF59Krpgyd4JqJ1vEWX bAPcd0RR/6JzLTofEcY+/qkX6sYPoFSctTlexzLLzoFK336rFYRrGk02VM6vtK11 depXtFqt3aGQb+gBv78rkmncRGFLYGYgrUJWuC311uuYFHNPhCR7syKFqtNQOro/ 7v0hr0CcExqVIBSRzHEhr3lYELjUr+xFOYc6Ca8qPK/2yodHClGjPB1l7xD4OtNa TSe0xmQMVqZLLXDpdmkY3jH+3bS8fHcUHc5dDmsCz5R0850HRUAqNp0Qkyb8cyME 4Oy33m0GzgYvG/1rd8KajKJjBRg45vz+68Ax9UIz1DU7q2guCy1tZGnsr4vZZyOR 24NgYUVZj882hjIcQjzQ/KweBdN+pZGv+otdh2dyusyLbFKeptO8UXgEeRigYYP2 J/lgIuC/AvV3vdHqfSV+KmXYRtI9BV3TcPjG6SSUuV6sdtXq1BPfAU6dmemhQqac CtEFsWmtfNjC5SkS6fV1q5cpKQrQFlhdrFlizl4nKqvBMupiG1RODOC7Dbqw8U68 tR1Z8KqfsoNgowREfdiPysQSmCySYMDTXwIKpFpoWRjG+HQ0BNi14167POEygk3z KwIBjq3CeuqnnkXLpkiZiTdkQv883FNFTuz96YXHnMYZ2oxUJOyt1UvDpPUExopA G1U4uAxFnU6mvGj88m83QW9EOLCoTYTBpobJoMO+RAXW8rGR3/oso+bIdsJe/8lJ lBf3AtU8wROielWPjF6WSBQt81iQyS33xy6XnV89RhLIVGg9fJ4etZcVud0tmVgs Nv1AGlhAc9lepQkelNP7b0lweKSpCgqhwp6Pdshp9QnTS86iyL5VSmtW3FjKge90 11C/n5adTSaPSRMqS7x/UQX9hpYhr0i2Pf6lnLqrZObCVs21gqMfxKqY2Q73MWU7 173oMqjH/AOweQ7sm0NyV4fCodXTVeA2pkv++rBplN0ENeClY+RxY+mvP51mfkG/ MqWrr3fyREQljdoBx1PA3UpTdFI7uQ== =oXdP -END PGP SIGNATURE-
[SECURITY] [DSA 4289-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4289-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert September 07, 2018https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. CVE-2018-16067 Zhe Jin discovered an out-of-bounds read issue in the WebAudio implementation. CVE-2018-16068 Mark Brand discovered an out-of-bounds write issue in the Mojo message passing library. CVE-2018-16069 Mark Brand discovered an out-of-bounds read issue in the swiftshader library. CVE-2018-16070 Ivan Fratric discovered an integer overflow issue in the skia library. CVE-2018-16071 Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation. CVE-2018-16073 Jun Kokatsu discovered an error in the Site Isolation feature when restoring browser tabs. CVE-2018-16074 Jun Kokatsu discovered an error in the Site Isolation feature when using a Blob URL. CVE-2018-16075 Pepe Vila discovered an error that could allow remote sites to access local files. CVE-2018-16076 Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium library. CVE-2018-16077 Manuel Caballero discovered a way to bypass the Content Security Policy. CVE-2018-16078 Cailan Sacks discovered that the Autofill feature could leak saved credit card information. CVE-2018-16079 Markus Vervier and Michele Orrù discovered a URL spoofing issue. CVE-2018-16080 Khalil Zhani discovered a URL spoofing issue. CVE-2018-16081 Jann Horn discovered that local files could be accessed in the developer tools. CVE-2018-16082 Omair discovered a buffer overflow issue in the swiftshader library. CVE-2018-16083 Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC implementation. CVE-2018-16084 Jun Kokatsu discovered a way to bypass a user confirmation dialog. CVE-2018-16085 Roman Kuksin discovered a use-after-free issue. For the stable distribution (stretch), these problems have been fixed in version 69.0.3497.81-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluTPsYACgkQuNayzQLW 9HOH9SAAhUYy8owwFEnMz5CUmqFiZTeac4bTtSm7EnDKtlyITWn0+PW054FXzRN4 +rXkjyN086qknXE74J7ByTPsFREXHT/NZPjen+gDVW381H/hl7S6rYgtxtjX8NXf q865bn3mWda7Y2+Z3MHpcWzeJHOtaIvWDvA4FJl+Au+SwaIhn/SdQUGBetgdgDEa tDBgqq3SdIGE75A00ugJiGDYKgBV4gqqOfQAKuXYMSUjDxhhiXLA65MEMTRYHBYx +HXZTjFJCWBCGUS11bYkYVXwaU/sjmUmsaQHyG3LcLCe+a2sA54TZqLVs6nRD335 G5vOwM1g2Gg5ueVDMRaZh8caHBJIUYy3ir7yWH+Xke4jMSsb0elDPg1dZbmEgfPC gdCtiEbOwjkoa/FNLQNU8i7Tpa9daG90/hZcOT9vmKqbV+OOX21bNvpp40yQiWib vqv518VaWz3cQlRprTdKuxh2/l9ljw0r7mwWKyNocyUpRlPFLLYyQZ38ayuImx2E Itki39z2jFLJqbx/a3hS0zxgdVY3tLuH0++EZOZpW5kkOU4zcLv1dfBkTcfewH3b b3tGELiC5Odbfl7+Lr18znZI+h4hiIr7/8jbhbwS+A/vfEk2RdTxS6wAyXl4Hmnl Nr8Fd1cXGDPArZWz121rXVsmMe+X+1il4Wv8gRXrCqGKHIuZqUxKwHMI6AQRhyZs jh2rANUTG4ymEIYlEmP47p48FKTdAQfjusN/r/TQw/yekbJxs5MB8yfkj5TF1pE9 wTaJEMNniafSdKJlUPjbRcYapMSVrv/78gA6U76hbgDD8mDIZTBBtTNorvlUBBO+ rdB+iXC7HDUJbH2bRKD5qMrJg7euehMPMyGS/Hgfoi3Afzl65jYzRo63UwHd7JtX iAmSh71Og4r3joIAiI+nU640HtaIFZVNIDWyv+DZ/pj5KvQYSfNzdJA6wJJ3kBhO fHA5+mMMq8JNHigaEdBBL2yJ9f5YPgMF6rYrcGIm/OOtoVrKrD14d2VOGLYpZOQl n37iVgLPaYPjoY1uqbJlDbkXRFiH18qdyyaCwpfug9byb7sDEHMdDJzdufwqCblS yP1KB3hqMkzraPSg5P0UJNqdnUAE5MppI3EEEg4Yx6QWnp9ndGfuAFfJccVqar/J h4rwpMKohvHZafPoTh2FP9LZGA9EAVrWXYSiRK7adHh5migJTj7iOtZdH+QIA7+z MOVW/GxhCooOLcK+7QEqbEDvVe3i9Q9XF7nKxB9a1I/wCbEjaBtBDU9v2YYhnFqG GKzdkLJ5XMGRESAmS00M+wjSYwz21IRcsbNSDDfBd47cPgJtMx1E7y4DCQKFbeew kcAqUzecxA2yi/6cAnzTd/wDKeHGlQ== =tyZu -END PGP SIGNATURE-
[SECURITY] [DSA 4256-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4256-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 26, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117 AhsanEjaz discovered an information leak. CVE-2018-6044 Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6151 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6152 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6153 Zhen Zhou discovered a buffer overflow issue in the skia library. CVE-2018-6154 Omair discovered a buffer overflow issue in the WebGL implementation. CVE-2018-6155 Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation. CVE-2018-6156 Natalie Silvanovich discovered a buffer overflow issue in the WebRTC implementation. CVE-2018-6157 Natalie Silvanovich discovered a type confusion issue in the WebRTC implementation. CVE-2018-6158 Zhe Jin discovered a use-after-free issue. CVE-2018-6159 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6161 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6162 Omair discovered a buffer overflow issue in the WebGL implementation. CVE-2018-6163 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6164 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6165 evil1m0 discovered a URL spoofing issue. CVE-2018-6166 Lynas Zhang discovered a URL spoofing issue. CVE-2018-6167 Lynas Zhang discovered a URL spoofing issue. CVE-2018-6168 Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross Origin Resource Sharing policy. CVE-2018-6169 Sam P discovered a way to bypass permissions when installing extensions. CVE-2018-6170 A type confusion issue was discovered in the pdfium library. CVE-2018-6171 A use-after-free issue was discovered in the WebBluetooth implementation. CVE-2018-6172 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6173 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6174 Mark Brand discovered an integer overflow issue in the swiftshader library. CVE-2018-6175 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6176 Jann Horn discovered a way to escalate privileges using extensions. CVE-2018-6177 Ron Masas discovered an information leak. CVE-2018-6178 Khalil Zhani discovered a user interface spoofing issue. CVE-2018-6179 It was discovered that information about files local to the system could be leaked to extensions. This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs. For the stable distribution (stretch), these problems have been fixed in version 68.0.3440.75-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaqvAACgkQuNayzQLW 9HN1Tx//TF/lR0JT7+g9ZV4C8b9QUjd8RziW1x3Dr1c6FdO01qRzRTmuolgGkd16 irPIel0bnvM7Q707UaX3YlfP9teWThneAXl69wPxg4l/cD6KQy6TYyxY3VzvUiYO
[SECURITY] [DSA 4237-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4237-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert June 30, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6118 Ned Williamson discovered a use-after-free issue. CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. CVE-2018-6121 It was discovered that malicious extensions could escalate privileges. CVE-2018-6122 A type confusion issue was discovered in the v8 javascript library. CVE-2018-6123 Looben Yang discovered a use-after-free issue. CVE-2018-6124 Guang Gong discovered a type confusion issue. CVE-2018-6125 Yubico discovered that the WebUSB implementation was too permissive. CVE-2018-6126 Ivan Fratric discovered a buffer overflow issue in the skia library. CVE-2018-6127 Looben Yang discovered a use-after-free issue. CVE-2018-6129 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC. CVE-2018-6130 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC. CVE-2018-6131 Natalie Silvanovich discovered an error in WebAssembly. CVE-2018-6132 Ronald E. Crane discovered an uninitialized memory issue. CVE-2018-6133 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6134 Jun Kokatsu discovered a way to bypass the Referrer Policy. CVE-2018-6135 Jasper Rebane discovered a user interface spoofing issue. CVE-2018-6136 Peter Wong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2018-6137 Michael Smith discovered an information leak. CVE-2018-6138 François Lajeunesse-Robert discovered that the extensions policy was too permissive. CVE-2018-6139 Rob Wu discovered a way to bypass restrictions in the debugger extension. CVE-2018-6140 Rob Wu discovered a way to bypass restrictions in the debugger extension. CVE-2018-6141 Yangkang discovered a buffer overflow issue in the skia library. CVE-2018-6142 Choongwoo Han discovered an out-of-bounds read in the v8 javascript library. CVE-2018-6143 Guang Gong discovered an out-of-bounds read in the v8 javascript library. CVE-2018-6144 pdknsk discovered an out-of-bounds read in the pdfium library. CVE-2018-6145 Masato Kinugawa discovered an error in the MathML implementation. CVE-2018-6147 Michail Pishchagin discovered an error in password entry fields. CVE-2018-6148 Michał Bentkowski discovered that the Content Security Policy header was handled incorrectly. CVE-2018-6149 Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the v8 javascript library. For the stable distribution (stretch), these problems have been fixed in version 67.0.3396.87-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls4J2QACgkQuNayzQLW 9HP9zR/+OKevx5/QJndGvdxJ/gce4jMx9iqd8nrMEDNeHobwaMS9z44yCjgHo0NY rOQcgxf3ATASJHfokrpKi6mkRO3bnyytu8VB2ekGdHN3WCab84RXR+9BddNrVQDm mc1cCH35ZjJiLYz/h9xvowyeJb8hR6GgfL14BZPFcJkyHgyDjKPa4nCZKLCnIJqM 4CWwU0msAkqEMtzF0YgEtk6oaNT5h6GCd/lkFxa0Wkl6KRjTgS56FU84UT64mpQM rq4Y0xtYlTsrOYXzcn1tnXCXfkBKke6Ck4SPepfSS8RO73+8a/LfHRGQKMOCOh1M hT0jp/cMIwc78/Zk1+ohXiIre1HWatsS1UbMhNV7rwSl1V4etlC+KKQxEai3R8DN NY0HikvtIVmpDWnk9wLzzjUKVQPtj/EHNNW1d7miArS1Y9wvLSA5UeuWFDUrU2nD +zbrrJLz60cWpt4DVswavUhZz+xjxqvaC1SrYTXieOjKan6HV5ULYOnwApQ78NVh bBbs62mwHavAhWmNUcuykUgr1ZG3aaqXiWE1QBMIEvU52n736qG1OXlOLnBJJjAQ VMs7DEF9ZASHQkO+CMCA6L2yBVKLvFv+bd46na4LwIo9/eJ3GDUOz6xLkJEgL2Au a3nELYeh4BjO89Sy7Mb4omwGzkO6HjZxmDVCXINdZSX4yqHe//LKWoeJ5l6om73w
[SECURITY] [DSA 4182-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4182-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 28, 2018https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6056 lokihardt discovered an error in the v8 javascript library. CVE-2018-6057 Gal Beniamini discovered errors related to shared memory permissions. CVE-2018-6060 Omair discovered a use-after-free issue in blink/webkit. CVE-2018-6061 Guang Gong discovered a race condition in the v8 javascript library. CVE-2018-6062 A heap overflow issue was discovered in the v8 javascript library. CVE-2018-6063 Gal Beniamini discovered errors related to shared memory permissions. CVE-2018-6064 lokihardt discovered a type confusion error in the v8 javascript library. CVE-2018-6065 Mark Brand discovered an integer overflow issue in the v8 javascript library. CVE-2018-6066 Masato Kinugawa discovered a way to bypass the Same Origin Policy. CVE-2018-6067 Ned Williamson discovered a buffer overflow issue in the skia library. CVE-2018-6068 Luan Herrera discovered object lifecycle issues. CVE-2018-6069 Wanglu and Yangkang discovered a stack overflow issue in the skia library. CVE-2018-6070 Rob Wu discovered a way to bypass the Content Security Policy. CVE-2018-6071 A heap overflow issue was discovered in the skia library. CVE-2018-6072 Atte Kettunen discovered an integer overflow issue in the pdfium library. CVE-2018-6073 Omair discover a heap overflow issue in the WebGL implementation. CVE-2018-6074 Abdulrahman Alqabandi discovered a way to cause a downloaded web page to not contain a Mark of the Web. CVE-2018-6075 Inti De Ceukelaire discovered a way to bypass the Same Origin Policy. CVE-2018-6076 Mateusz Krzeszowiec discovered that URL fragment identifiers could be handled incorrectly. CVE-2018-6077 Khalil Zhani discovered a timing issue. CVE-2018-6078 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6079 Ivars discovered an information disclosure issue. CVE-2018-6080 Gal Beniamini discovered an information disclosure issue. CVE-2018-6081 Rob Wu discovered a cross-site scripting issue. CVE-2018-6082 WenXu Wu discovered a way to bypass blocked ports. CVE-2018-6083 Jun Kokatsu discovered that AppManifests could be handled incorrectly. CVE-2018-6085 Ned Williamson discovered a use-after-free issue. CVE-2018-6086 Ned Williamson discovered a use-after-free issue. CVE-2018-6087 A use-after-free issue was discovered in the WebAssembly implementation. CVE-2018-6088 A use-after-free issue was discovered in the pdfium library. CVE-2018-6089 Rob Wu discovered a way to bypass the Same Origin Policy. CVE-2018-6090 ZhanJia Song discovered a heap overflow issue in the skia library. CVE-2018-6091 Jun Kokatsu discovered that plugins could be handled incorrectly. CVE-2018-6092 Natalie Silvanovich discovered an integer overflow issue in the WebAssembly implementation. CVE-2018-6093 Jun Kokatsu discovered a way to bypass the Same Origin Policy. CVE-2018-6094 Chris Rohlf discovered a regression in garbage collection hardening. CVE-2018-6095 Abdulrahman Alqabandi discovered files could be uploaded without user interaction. CVE-2018-6096 WenXu Wu discovered a user interface spoofing issue. CVE-2018-6097 xisigr discovered a user interface spoofing issue. CVE-2018-6098 Khalil Zhani discovered a URL
[SECURITY] [DSA 4103-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4103-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 31, 2018 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. CVE-2018-6032 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6033 Juho Nurminen discovered a race condition when opening downloaded files. CVE-2018-6034 Tobias Klein discovered an integer overflow issue. CVE-2018-6035 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6036 UK's National Cyper Security Centre discovered an integer overflow issue. CVE-2018-6037 Paul Stone discovered an issue in the autofill feature. CVE-2018-6038 cloudfuzzer discovered a buffer overflow issue. CVE-2018-6039 Juho Nurminen discovered a cross-site scripting issue in the developer tools. CVE-2018-6040 WenXu Wu discovered a way to bypass the content security policy. CVE-2018-6041 Luan Herrera discovered a URL spoofing issue. CVE-2018-6042 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6043 A character escaping issue was discovered. CVE-2018-6045 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6046 Rob Wu discovered a way for extensions to access devtools. CVE-2018-6047 Masato Kinugawa discovered an information leak issue. CVE-2018-6048 Jun Kokatsu discoverd a way to bypass the referrer policy. CVE-2018-6049 WenXu Wu discovered a user interface spoofing issue. CVE-2018-6050 Jonathan Kew discovered a URL spoofing issue. CVE-2018-6051 Anonio Sanso discovered an information leak issue. CVE-2018-6052 Tanner Emek discovered that the referrer policy implementation was incomplete. CVE-2018-6053 Asset Kabdenov discoved an information leak issue. CVE-2018-6054 Rob Wu discovered a use-after-free issue. For the oldstable distribution (jessie), security support for chromium has been discontinued. For the stable distribution (stretch), these problems have been fixed in version 64.0.3282.119-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlpygoUACgkQuNayzQLW 9HNBhh/+Ikg1SNGsaEWkuJNv4js8jx2fsnDA1980/XVufw+qltdbPmK12qzer1W5 CjDD/MlBA5umM6IZITNzA/Wo+B+icIP2fxduPb+B3ujO0yJpq392XkgskdgR1Rxy cm4DPFIZpuO1zR6OaemmG4ySJBtwaZvZguP3tz2auhmMHDCQtdxltzgiE+Lt6Gmv P5hTjJK3WwbSIfZiJXe0f0Zqu9b0eardXNdOTYwpwzZG65ZHwhANLCx3gzCMK63t 0oWBT+rR6odkc1esGFs3CTr6vXicy/ZICBbUEOcI2DXCovVeJKtuRg3H9Memdh51 Sqd6rX1j0kgm4QPBIYIsyAZMmjcInCdd5f0tGXkrXXvm35K2WNudZR6OIp9zK4BS scn6YR7CwdNVaKXxKJfCmJJH+8Z9s9tNkROL2OxxOFq27uJY3VTLoT8qUQL/yn4j UBpLwf5t9iRvOdMRFpA2Nwhwq1/QxMJwIYlLP/oMwF3zBlRjwGaGbpAtVCS5193g TBF3GZ3Za+f3jUODo9kz8Qcq8QiIo/pg6j1cJHGvepJ/3FjH+ZuAwJcaKqcWrcqE kZMjsqU2QGNNvwEwUAQeYsQ61oKwVlnJnBTWQcXw1v5sCCic2B/qQBYQzf4AgujH VO/3Fm4u7WoR7lNUtoauutEcOceGYcjZ+2kJlz0Hb+j3mAlQo6GVPMXup3/nA08v aswU1kVE+//zmV00v8TTxbY4+EjYZTwPN7XOMQoeAD3b0FVRv8gM78mUOvFkMwqI 1m3BhcHTIOCQzpIpbwyAjjRqhd6rFo5O19yCn4gUAzcI2BN88Jg/zp2LmFcg6orl A1kXGJSDVjiU+ZS+XJqNmqqmZ4hOjuMIC/yqIMsSbtHDX8oT3Tv1pD+uch7tOJzP JncLCS6jzfPliIgzQMb+XFeMlURu+4zV+UsyGZ/MXq9AM8sLqKDbNEM8IPs7/XTz Z4k98t8q0qAZhRlV08KfsvVR3wXn09ps9vuXGKYcDVEy3jlVaIeI8LaV41Uwd81U JS9Pp0cDPrcDl12JxMuylxs72z9rzBIGA9qyEFvUKx5RrHOE+dVdcLrHL98J8s/M Zm2HCuJD1Vm+IIYnkb6aDnul06aEy/81zLaBG3JJXVmaR/7VVasG6h1rKuKQIyXh cFg/sbLKJ1PZlCM7YLS3riN1Mm3lCp9fRBee9uwkGLneMGjIx/Q4bB46xaUYGO2/ 3NM8BQhu2DiaQ59b1
[SECURITY] [DSA 4064-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4064-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 12, 2017 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15407 Ned Williamson discovered an out-of-bounds write issue. CVE-2017-15408 Ke Liu discovered a heap overflow issue in the pdfium library. CVE-2017-15409 An out-of-bounds write issue was discovered in the skia library. CVE-2017-15410 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-15411 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-15413 Gaurav Dewan discovered a type confusion issue. CVE-2017-15415 Viktor Brange discovered an information disclosure issue. CVE-2017-15416 Ned Williamson discovered an out-of-bounds read issue. CVE-2017-15417 Max May discovered an information disclosure issue in the skia library. CVE-2017-15418 Kushal Arvind Shah discovered an uninitialized value in the skia library. CVE-2017-15419 Jun Kokatsu discoved an information disclosure issue. CVE-2017-15420 WenXu Wu discovered a URL spoofing issue. CVE-2017-15423 Greg Hudson discovered an issue in the boringssl library. CVE-2017-15424 Khalil Zhani discovered a URL spoofing issue. CVE-2017-15425 xisigr discovered a URL spoofing issue. CVE-2017-15426 WenXu Wu discovered a URL spoofing issue. CVE-2017-15427 Junaid Farhan discovered an issue with the omnibox. For the stable distribution (stretch), these problems have been fixed in version 63.0.3239.84-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlovt/gACgkQuNayzQLW 9HNCpB//Se2Sq0zIXpibz/22YXknmUdQ9nnjsNUVDhc92r9HyGzU2Icn+WwGh8aH kg4tNk3tzE4Gf8qxpU3z3Z/KcyJURX1ZZZBxLJrLzU4xPY2ynCrOXzSTsgejBkAw gEfbyXHD0dJefdqHTmu1fquAg9OBKokMpf5HOJhUHe12erMjMTin+Su8DAUvE4Uq J0+hWJAPaeNKsml0bVSEshZBoaeqI6DxcA5tIQLaektlCG9BaxOriS6NXxf3v7TT r16Erb1PQq8CIdl36r9wMl3xqkDYcxJmsn88is7RxcG4W58FfCc0Bvaeqp5+ygGT RC+aN8+rNj8dTequVVBtyRhUY21GsggWWTkbJCu6dN1QcB7sAHcgtSe50eL+9w5E Ny2Jaym0UrCSmWvHb1wQZUHzWlogKjsrzuQC9Ces+QQmZbaoop626cKz5YjVQDp5 9NFIkJvFxMgY253mp61HL5nmgdfl1UqWM39mZ1aOOSRVMlw3rVk2cCNCbMVj7IBZ 3IuiEJ25pzo4fUE1gXMsGnHhn7Ppa8vCd8mfw9mzUTg6OY036O6Gzu4ljE6AF8z0 6rzKqzu0y4YckhWZz3XFH1TTkENXZbQCp1EmiwmOfLWGgG+sz15DwL8yk4LkNLts yqrH+XStq4B4D9hLLHw1ccmwsweRW9gychBVJIBb8mYhxK9BIvE5XGYL0Xol+SbR nKMNgswkM0KuiJO49jM4biP1GLFoU4LIT+vG7f/cfAbkPMAS6DLKzeFyMUnvOzn5 QFnJh3o2I62q21384svr0/WMbL1xzLQANRreSZLI45Ou1sUNraFgCR7m6Xnwr1T+ A5upVEitlzWR/EcIODNghrZbgtBAzGjLLAmHxmuXJhjb84LqXrp0EtKx+oQJvapE 3tkgCa308EDQEDqbRMEeaZcj3y3C2rGK8h95j4HBKjEfAPD2nx9D4kPZI36awM23 xX0QBA18VvG7TRTVgCv9nzXvzTFA8Fl5WHc5SAa+aKVlWvY9aZiTseSUZsoF9lYW nC6HUydTSoEZxjcH66l1upVfgctz/7yhhiKpeMx3ScunGnIpkCv3lHqMQmH6vasl Hce8vsQ78yPPHD5CLGp1QaailFeNw/X5ybMm2v/uGAkLWfXRaeW9ArM/ZYRpBltF DeFXbKFhNo+5tdCsFyIZ+oSswMhwwfrCXlP9tlKqcwBxfAYhHQOu4Lh/VFXbB6wW dz4aLG//Hx5Bj8qX4TEAv4T/dwnihPmGpodskFXU8oCvnEPWxmjRLAlBoWwiUhL3 L0FhUnql8v3z33ebJRnaE89CxpAeBn8WQrxeQJBfzx/6ZJS4wGe5S89IanrYHgx0 M2MFwAOexKQpMEwDU/reyyOTZsHDAQ== =66jZ -END PGP SIGNATURE-
[SECURITY] [DSA 4020-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4020-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert November 05, 2017 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release (jessie), Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release (stretch), Debian 9. An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time. CVE-2017-5124 A cross-site scripting issue was discovered in MHTML. CVE-2017-5125 A heap overflow issue was discovered in the skia library. CVE-2017-5126 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5127 Luat Nguyen discovered another use-after-free issue in the pdfium library. CVE-2017-5128 Omair discovered a heap overflow issue in the WebGL implementation. CVE-2017-5129 Omair discovered a use-after-free issue in the WebAudio implementation. CVE-2017-5131 An out-of-bounds write issue was discovered in the skia library. CVE-2017-5132 Guarav Dewan discovered an error in the WebAssembly implementation. CVE-2017-5133 Aleksandar Nikolic discovered an out-of-bounds write issue in the skia library. CVE-2017-15386 WenXu Wu discovered a user interface spoofing issue. CVE-2017-15387 Jun Kokatsu discovered a way to bypass the content security policy. CVE-2017-15388 Kushal Arvind Shah discovered an out-of-bounds read issue in the skia library. CVE-2017-15389 xisigr discovered a URL spoofing issue. CVE-2017-15390 Haosheng Wang discovered a URL spoofing issue. CVE-2017-15391 Joao Lucas Melo Brasio discovered a way for an extension to bypass its limitations. CVE-2017-15392 Xiaoyin Liu discovered an error the implementation of registry keys. CVE-2017-15393 Svyat Mitin discovered an issue in the devtools. CVE-2017-15394 Sam discovered a URL spoofing issue. CVE-2017-15395 Johannes Bergman discovered a null pointer dereference issue. CVE-2017-15396 Yuan Deng discovered a stack overflow issue in the v8 javascript library. For the oldstable distribution (jessie), security support for chromium has been discontinued. For the stable distribution (stretch), these problems have been fixed in version 62.0.3202.75-1~deb9u1. For the testing distribution (buster), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 62.0.3202.75-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAln/kmQACgkQuNayzQLW 9HM/ESAApOvH0EduB5iNIPY4t2r7ST8O32mk5tONAg3nkG+UuU7yk4E5RZ4JbZGV 7LN5rkuqXqszSJKza9jGpqbSBMI/6AourLOIunSS0WrhGjLQh+Bq6bOCD4rFH0g5 30n4IIJs8MZ4isCmcr6+ag5DgF1Ay1BbT81yEaYUY8PbWN2mSllLXTtRhfyTal7D GtsTaqk02uX/WJIg0lShQ+YqJUcwv//ALUuxJKoKd6/KpXy42tro7ANqtZZQn8lq r+OlkdKfpPaQw7TwEpRXxfcm1lNaCi/fRmPBWZZEG3LEvsF/X8oUhgm+mN018vDU meuPn108C73nXZ4zSeHynnL4xtNKnjXaQb0b54/z+j09IWLB/yFuf7etsx2dO2Sf hjdi5VTlHn/EaQNjhmM/oER7aqmsDkBPdNgWC8Bge+Bpcj3Ylgrs1t4Mt6JE47sK 6FEmUlv11KXXF4oNASjwOnmkVIfw0M3HtDrfaVGqd09NMlLztJgzqO0HyjX1tCj6 yo1+6rlDD3Ej+r+iIoA2xCW3GK/SDdtljKzjKjFXd5FvgHmqgwMG1aMF5lJJZGj8 X0SUJMU+HVP2nWioy8nrBlIRjLAy7jLLMWcqE1YPFLuQ/ABm4rcLj2JzGz/EmBDi JTPvgICi194ME6YkicKn4s/gOzEwbZzFxK3hlAKcy15LSvtFvT4QWgsQ/ZkkYBO+ 7hYHTv24spX/SbDl07gp8dpjXNisH9zTrfvxRz6lI0LoMq8RSPsyy2NcEeuxEh0G I7OESR0LAbUdJeLOhLGxfKWCnukbNmNS26HCtyT0h816DpSJ88B7IrYCa5J5T49o B7H/tZuxPhU8hdBidV5eSFj1fDxO3xLuA7edWTiH5VEs7z7LkXqJ7TiqVOk3cdzZ stCgXE5vyat8WWCpagLiCAJ8MolANHPiZ1Ig5V/iBALlGD26AwGoU/2g41wfmq/B e+67Nmg2/TSN222m5Htsf+fxBb7PBmhruWpaq1K1uJXXR87qcByCJI6+eWUXOV97 /7EONDt2teFubm3w+7H4Mz4E3aujEWXPyDcjNAKdsIJzWfofcfgXeYAXIk4Aj/Uv /U2a0HGHmEpDoRwppgUqb8oMk+S+YpFubpZmtgX2p5eT4iC4QVgQoXp4Z4c9c91K 9FYRfb
[SECURITY] [DSA 3926-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3926-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert August 04, 2017 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. CVE-2017-5091 Ned Williamson discovered a use-after-free issue in IndexedDB. CVE-2017-5092 Yu Zhou discovered a use-after-free issue in PPAPI. CVE-2017-5093 Luan Herrera discovered a user interface spoofing issue. CVE-2017-5094 A type confusion issue was discovered in extensions. CVE-2017-5095 An out-of-bounds write issue was discovered in the pdfium library. CVE-2017-5097 An out-of-bounds read issue was discovered in the skia library. CVE-2017-5098 Jihoon Kim discover a use-after-free issue in the v8 javascript library. CVE-2017-5099 Yuan Deng discovered an out-of-bounds write issue in PPAPI. CVE-2017-5100 A use-after-free issue was discovered in Chrome Apps. CVE-2017-5101 Luan Herrera discovered a URL spoofing issue. CVE-2017-5102 An uninitialized variable was discovered in the skia library. CVE-2017-5103 Another uninitialized variable was discovered in the skia library. CVE-2017-5104 Khalil Zhani discovered a user interface spoofing issue. CVE-2017-5105 Rayyan Bijoora discovered a URL spoofing issue. CVE-2017-5106 Jack Zac discovered a URL spoofing issue. CVE-2017-5107 David Kohlbrenner discovered an information leak in SVG file handling. CVE-2017-5108 Guang Gong discovered a type confusion issue in the pdfium library. CVE-2017-5109 Jose Maria Acuna Morgado discovered a user interface spoofing issue. CVE-2017-5110 xisigr discovered a way to spoof the payments dialog. CVE-2017-7000 Chaitin Security Research Lab discovered an information disclosure issue in the sqlite library. For the stable distribution (stretch), these problems have been fixed in version 60.0.3112.78-1~deb9u1. For the unstable distribution (sid), these problems have been fixed in version 60.0.3112.78-1 or earlier versions. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmE3e1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RoZg//cZyW1q1xGWs77tpnC2aP2BTG3IB0cMP3zwpWnLmfrSvkf8f2uE5xU7uZ M9ZXfsOXoex4C9TvWkV8DlLI8oS2kbrmYHqcdc66Qfwn0yZDHtLVKZuphWeNZL4A GZQCVj6M5b7t1aXny3Fks7ozHUKJLymBMjjMdQ8OSlLnLILKeTV/TVnRRZ7H 2MOs9i4Oh5Ul77Ny0Nc2x9JNKk5a7jMMZ77c9gNnwdT/KRiFS4sCVTtNHSND7D4g mM6W3UJIl6AbIzMVyAuA8OJ/voB1RNOvgCFFnuavLFq5knEt0efWSz3F7lhPrnMF N2+Z+fzXqO4yiwtynG1TLvUopRBBUAyrTCU9cu2ENxFd3aRIxEvkjrpYY41In7vN Oyp8+SPKWANb7PPh0KgAp+RSSq1hbRPGvsebBpSzPv5A4gJTAbse0fpZsLCMKJFu fOfDDFRupzsPMBNxbVD8UfrJwVWdARtoaOm4q6gJKhnHbUwwkAWYnwtLmoTIxAmI oQuoOQ5Sf3Sob8i2mM9Qk0KchacfaQBYrMMlTf0Lfq3z1jkK/LS/naX301BJY9H2 k2U7/m5q/asgc8A66lpKKib/KdGRMy0mg8BSupUoaS4Eyn+VrjgDYNsaxN+v3mTq dKodrbkl0gRhB2OZuO1M08fxsfZiJ3WGY4qZPuFmc3acT6tlCYg= =eGg4 -END PGP SIGNATURE-
[SECURITY] [DSA 3795-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3795-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2017-3135 Debian Bug : 855520 It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice. This update also corrects an additional regression caused by the fix for CVE-2016-8864, which was applied in a previous security update. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u10. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1:9.10.3.dfsg.P4-12. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliyQEYACgkQuNayzQLW 9HMZVx/9H5lwU5/miP1j2JDkWToPNQRWa5Tm+UI1X+8APc+k1CsjPj7DESEJ5vKr kZigmrWnuVbla1K+19sL3zYgBeN2PIOQywEyeP4Os33zufAvjSxiwNmxd7lABlF8 cpryWmdStxkFGapgHnjNJkAtRADiRr904Yy4EVMIlowaDxf2xoFScvKGkDfwQb2E /xzGoRVC8gzWGUtAqTPk1PTuN3XoHLBxLP0u+tthkuBA7QI1GxBuu+hKc+NrBDN5 QT9sIF+5aVEnWOhRoCRwpCfeelBG0LDB0VZrVl6Wbp3rj78urw6Eo3wKEpO9HHR3 iICnTf1/QddHOEUwkWC0XVoUddqI9QYhb7EYiqRWMBNEaQAQANBHG4eQtX0Y/TE6 GwqeLXTLiBP+jZExvZxMhoQ10grg3fXExG1FuW/rAF+YlxQTyAhDSUXFuNtuVVtZ +V5GMLbXIdsW4G5JEGNHuiiwJYzhp4l3r3c0FrvgcXJ9r8YEwalBCVjAshc31Eq8 Fd+VAQAiTfiA9KHEFxAhWRn1IS73K5ByitJeJ2n5qfXB7GrJZal9Y3snegmA1PGD 8ZQ2tryJ2GD7yVXe73+isZiTYPPzPasoAys/UN08F/j3yO44vIdgjJg8xnQ7N+lN outKPUmZ3wuttJZa4MtsSw3fUYKYIQDqljsGnZ0592B+V44aq4UvZ7nOJkfTkiV3 o8B16trbMzOWICSglhPasf3XJrG3dKNOpuWj964g898w4mzJjEwSMU6edQj7kHTz OMK2Tup+tndHoAPtm5ymN709zx7RPpZ9tRoTdWqQkgemJfPpLMG26/oyCVfL2+a7 RqnWJWlvpj2RVfctO2ESMw9GYJ1vDib/M1S9NKZADMFTBMVfuAGcheS7KaObtO8V B7UnDOE1Q7O1LRl7krvAbRcJkmDM2QdsrJJWSfCwaCrI4Tv4qJZbi4OtvEE92UQh YqoSYT+j7AAFiiEg4YQ230S/VeF5a9aF5rAqrk2V15pCbldTVApqKqXy9G6w+8hK aG5JK+K3y5PF07E+cXynfyMKKM1jIFckrgBLx53gXeAl3gGuggmZr0aXnY2+KCyR lQIwf+b+hYJlIPgT1PaxCDGrRZ1O9qlQvfkMkZubN6NUKUSWMkNzgdXd+oY6ETn+ MR8W/qz/mWhgCq7BBzkpO/HzNaQ+h2x+2/0NS6tXP8SQEw/8W4zsxwKg3tuXVVOd Ix5SMLkcb0VxzOvvLxycdbu/cAQa7rJyZdhAsR639aIlIy/1SVtKyPalnmAet6vm YuVtOWErusmlnCLlB2uLRpGFqNMByNjx9UyQfCQILHyY6yC6+O1gOv6ZAIdFivc/ bcY/PLeQuTJqF7UymjuTnZ3617ADRQ== =wXg6 -END PGP SIGNATURE-
[SECURITY] [DSA 3645-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3645-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 Several vulnerabilites have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue. CVE-2016-5142 Sergey Glazunov discovered a use-after-free issue. CVE-2016-5143 Gregory Panakkal discovered an issue in the developer tools. CVE-2016-5144 Gregory Panakkal discovered another issue in the developer tools. CVE-2016-5146 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.116-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 52.0.2743.116-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXqSxLAAoJELjWss0C1vRzZAMf/RlCz2hHRmB+2Ohkws4NYE1b Vfmfwk/CC4huOIURfkGsxa0ybUOKL3/477xpZwBnpngDe3fxMaKpBM8Z2/MGbk10 r93KFtW+1ULgeN64FJPRsROkcmcQS1q+W+PXMmVUIt61FiThzg7RG6klNu5IKTU6 s9RgFGuXiD6gY4SuBw2jq/RHI2KxXSW61WmRMyr8GHpRevds+Y4EU3xOwce75CNc XEIes0fU4FuI/tZrzI8NEwcvGF1Q2GyV6iMeOINXHcZd0et+IW0f0dWY6V/V46U5 Q34wVmBLFVUHj50zQCA6QulhvJO83exspskXHk3IPPUZdW9ruImhQ3OqWW6vhTlT DJ3Gzv6TwEhsR3c+Nw4r1UtOCiD5TlCKiOmqf5CWeG7bYPaBGPCVaIxTQF7Qznpt amRpUyUCry63+/jzyqRnVDM3YoR4E4wgvYWkFgnBOrm/Yhr68FL7Bbb4iIGFuaXV KXpEDizxG0HxN/P68c1TsGQnO6rOck2LYZDh93c+RmS6j+Lx/m/1L8QUSnV9hPsW mc/Mch09BgDEouU1HyHt/XupSoPc3ByuPY8PwqotH6c72r8zgALNR4eUK9K5bWM7 pFBquQT4AKkyqczGzkBxHOkR4fvgtRr9jzwNzgAz4SaAKw4/ApoybEza3LtERds5 41QjIx40Jq3Q7pmPcjpIQZ+Fmpir8e/8PptnZfuZVKC6VeO1qwBRrzstuDAO4uB3 pU56M3+L3yobHWb52XYZY3s1sukILKOvCazbDwl0Qcgpwq8a6Gzq1B/N5+rD+9MS ipLxw6y6c2LL+0l6p/q9rl8BesQkF5EHdienW6p6VhkRhnT9RbKNtRDiYlD5i4G3 2k1oUkMCF7zfF+ft6bg/+E4pN4mYYm9T8RXklV47av8xIoXxz5z327kpKX4TZGqq 2f8EpbsvAVk8tO7JT0g/fCoR23KV28rDo8CdWIboa6WnaxqC3qEo382MmQsGtx1m uQE3mDFJp9w1m7Bye3VYDIv+HA20mX7rXSxH8DeabRmk1OYZU9cIRWANW0ozsv5p vJUdnCK5nk7gsE1Lpm3ERpu4UOcQBKM0XIKQ6GirmmBZBCDuglCdaKb6ox1vdqoF DjbusiZvfC7sZDYKtLNvJR9fKHrQZf2WZlFYfBPmthjLzIEH/ZCmzVUEigSeFQUA i8w4jBkCjxBLDNaUBX56o0B+jGAXywF2K5wnqjG7i8OBRC8LypRWyAA3s5z81V/G thoYOQqk3RQO03w+f9OECmCQ+BGC4iRdvOvdqn5r5XZsUEpTI+cvelRr6S2RWLCx zpUwPPRbr2ATf/XulSuYnQPGHt5haLcYeU+rKvSibOg6PJRNwDaGiZT934KoXRA= =d+e+ -END PGP SIGNATURE-
[SECURITY] [DSA 3637-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3637-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox. CVE-2016-1707 xisigr discovered a URL spoofing issue. CVE-2016-1708 Adam Varsan discovered a use-after-free issue. CVE-2016-1709 ChenQin a buffer overflow issue in the sfntly library. CVE-2016-1710 Mariusz Mlynski discovered a same-origin bypass. CVE-2016-1711 Mariusz Mlynski discovered another same-origin bypass. CVE-2016-5127 cloudfuzzer discovered a use-after-free issue. CVE-2016-5128 A same-origin bypass issue was discovered in the v8 javascript library. CVE-2016-5129 Jeonghoon Shin discovered a memory corruption issue in the v8 javascript library. CVE-2016-5130 Widih Matar discovered a URL spoofing issue. CVE-2016-5131 Nick Wellnhofer discovered a use-after-free issue in the libxml2 library. CVE-2016-5132 Ben Kelly discovered a same-origin bypass. CVE-2016-5133 Patch Eudor discovered an issue in proxy authentication. CVE-2016-5134 Paul Stone discovered an information leak in the Proxy Auto-Config feature. CVE-2016-5135 ShenYeYinJiu discovered a way to bypass the Content Security Policy. CVE-2016-5136 Rob Wu discovered a use-after-free issue. CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS web side had been visited. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.82-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 52.0.2743.82-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXnmiAAAoJELjWss0C1vRzfkEf/iAQmyjeea5CZznERzq8DZ19 1/kZRSeEnF+mksPDiAWweFPvuLMrNPbWWJuciG7b6dxhLOHPjzoob0+d7WD73A2V iAHoHSAUPFlOXImSw2lheamgDOoqlmlIb7FAKe6T9e+WasI8y6S+gbSsClO+L7/n WU9N1PtCK1A6sizapxv2HlKnBsYDRmVcgsl90poBk/oV+IQ7ztOdEejos+sg7XOP 9g4/vtisSwwwMMv61LyV00IYBfw+Inq/6IVDPB0PrLUMhI+Mn9mwZAIyAdLsJAow tfySYV2QSgv2MYr+ln04XcMt4uvWDxQ+HJkIY6mRxZG6D4ysmkllCdB9RYvoBY0a mLrldEcD0+78PlMJEtBZ67WJPHINZhQIuy9dLftBsmw9ZXAeX42t5ZzamXdeU6mL 5bDRxMTm28ZV6d7thH/HQ+jiZjE0xEIneeVPQMZSEKsUj8OdNyfX7zYus2Dagqjx u/5pZX+HkDujUCXHu8sGE0zOQCEK7fpsYTcSjNdllorBtbVEqQY2w47uSNR3aN2L ud67Yn9+BtnJhds9lHIlwuEkPBL4doZZmoeLn5o8/mQm6EnHYN9lu4HiAjVjzufK vQ9mZovxaJAx23cmeLrr3mZyoQ5bc2tKCHVaBlJrA71Th31evIVhNsAZ/h371g3Z jELZw4o390N0CkiUKGA25LRdPX6KhNi+xJ8VlmAQhvvb5QRyBDAQOvJ9a5309FhH YWhEmRqZf+i7bPUC0XhcpWyG6AeStDSdLHnleLCkKNYuAiBJBYSXyGlv+mD935Nk PVFGrPa7U6WpeuEWZoyEzVNVF4IhQZlOspnNloDZiQw277lKNKUjxvUERU0ElK4k C9KO7U6hVrU/ilW1KgkPjEA1j0kdIX6luUFuh5IPOtkk//WD6BnPZBLCHaRjYp4G aJXrNOiR2YOcmeqNfoA7q+rtXmXEKj9GNNp0HzgcTZhTEV7/JG+rnplEypADVgOB yCz5T4nmMMEFJPhDlEr5cH70lZDpZ+Oul8BKAJGsIwbDB9JSTyXMzwoDVD5BO4k8 AwtMdLoXRxxKkQ5f/TUBOiCu7JAmPNl773HFVBbqtA+j3727sXfoc3sffPwIz8yp AMjYheT4xB3VBzSR+SzW352fz/NmpcoJCcisiVZut70+XCCu+lJZbQ4B0OT04KHa 2rtVpoNf8aUaaXXSlZIjJ4Cl0nefQT5nflJjKb7XcBeXwWpWyT9X4TittKjdlPHT BNWgKs4iN1xuyqZBKrGf8Ldy2VmNjdTZKeCaDnzHsmvbpl+eeoez58Lp/3dpyZAQ T02HeL3JM+JRq6RK4KSnwt9LWRP9DnM3kX6mf0SwFzmmzyBU3l72nnN2jG9NBGA= =YNYq -END PGP SIGNATURE-
[SECURITY] [DSA 3594-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3594-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert June 04, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1696 A cross-origin bypass was found in the bindings to extensions. CVE-2016-1697 Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1698 Rob Wu discovered an information leak. CVE-2016-1699 Gregory Panakkal discovered an issue in the Developer Tools feature. CVE-2016-1700 Rob Wu discovered a use-after-free issue in extensions. CVE-2016-1701 Rob Wu discovered a use-after-free issue in the autofill feature. CVE-2016-1702 cloudfuzzer discovered an out-of-bounds read issue in the skia library. For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.79-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.79-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXUxfLAAoJELjWss0C1vRzXSYf/07EPiDkG/Xa1dV0Sjq0nQyc GuqoIrhAXfZpwpl2xlEdgs5u+uYnbCBsbJp/jJtaUoHZxCkqEOBW5v301WOL+mVH NKEY7cNSiE1siVcyY6Z9+N7n6aEwOLtBgxvEdFueFwzsKK3nMJ5LMRdOmU8yxTjF dnUOrN242Y0AwGgdtTr2JTbKqjOUV2sIQGv14fUi2wzLIN5OcgVGGVvz/T+wkTLP cDpmr3NQRTeiXbKKzdMm0UWtGGISbiXYbKPedQDoOctfnqGUyvGquOB0p0NPJWHs ZhI0dGi7UwWSJ/JXDA3I04Q/uO/5PtCjMrsM5V/4eTTeVDz7Izv/CAVPmYPcb+h5 Pkt3+79dz/Kk5I+brRy7PiYpomP8x2et0eJTnPpI5hzL/U1qO9QWKGv4NklQ1Gt8 N8KN31Wyh3Nzy7Ih6R1vOhomktkkKn9H6/NsLoNX0zyx9JS24Oaqz5OFJF2vEcc2 L8nY+Qerve06JUOOlElnGxSmkq0vxGOTCdhKuto1+KFn0P0cxE7nj2cT0cGBrmud NYpDavh6/EEEp53o1h+mg5d9quoFGGG06DJMqAzWolzgPi+/93JmcRY5bhL1zKF5 0mwpaVeD61YEcxvvKnNDxSnNJ1ijBAaFzfm3fvtr5XhxEwXlHOnV88tv5Pnad511 rJW0qupuD4p2YYwZp5egtLRmBFLi46qjCRdkpJ+WD7Tj0+ogc9OMRUvGX1QR8HEG gvabVN2I6tsQh8qGoIWH1w+3MYOvc/FCIjfGRyqPlKtd+XGGShad8UbShI/fvHSP v96QhMMlBM9bqIWbEYA30oQMHdtj5FJanNesIs3EC6PEygTjcuk2sJkwt8vc4gJk jXstj1pb65YrReP2rD2YH0WRWRXJDHuGY+h8sw1UjZzCUHuepqHPhFzvxcP7o7br AkzW85fhaJoiG8WIGn9BMd0X0slYPtagC4/g0RRpGRqyibmJBETAkRdd6WOPhBWm LvwpmsujfqSVeb1yxU6aRxgz/0YKwzVVN8PvEpeYgKD0FwlsSAa1sjj+GZk2l1GN 6oIvn/oVjvfQlbGYlOPW90xlPDqQG+ujZwjIr08iYZQ1D6aR1tqnxX33L0nSQKFH lIFgqDANJdDP1xJ/h23rJVa6A+vwGvjGLci+N9C32nn0MEyFBPQp3IypW1++FfMr kOFmWsSEF9e5rFwZnQBHd69Wfz4n/cisacdQuidXu5KV6qi8xouw6C8Q/Qzk+x4n JrwxB1rhi8oJfR+r3p8W0RrDOawdBDaVWm0mUD9v1D5vsEhhmYi6wDS2H/qNVYFY 0PFTqTJ4ViszE7w8AJs/9RuhZRKRU4VFbo5B2M4DX6lNt2nvMEcx30JsZZf2uhs= =fz0n -END PGP SIGNATURE-
[SECURITY] [DSA 3590-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3590-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert June 01, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript library. CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique. CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings. CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings. CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit. CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings. CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 javascript library. CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 javascript library. CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8. CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library. CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library. CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy. CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library. CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library. CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library. CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library. CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions. CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 javascript library. CVE-2016-1689 Rob Wu discovered a buffer overflow issue. CVE-2016-1690 Rob Wu discovered a use-after-free issue. CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library. CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue. CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection. CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache. CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.63-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXTlq5AAoJELjWss0C1vRzX2kgALfATFCC+g4mUsxAHEX3v0Hv gnFgHgknu4bJ5JkkGord2TFpqWIBe6dq6ocSHpNqapiYOrhfuUFtU/x/l2lvaoWN hQTpbPzK+J2OxIruf3vNW1731NvYKMcNLsdMzxjaGVzxTxjJesB9u2yHEI3erUR9 YzSldrcB8s8fTiWQUcBQoQJkEvppvl7tHeZQIv2SrFQ8v/EstJ0Bk3VWw9AwgL/b /L2KBTIruEGikLGOsWkIST0Kzkx41D/LeIeIRbP1qs6JQUj0SHXyjLi5BccFcf2y MqSOst4q1t1g9aGREAfgSsJJTnDMpyLAEFLabHcKes0msil0JxTIDiaD6ePwEsb/ XygVpDcmPXPEnKLeh0kd/2Y4i1Q5r7tspQ1JFvolP3OG8m6egl25UZ/PGn2FZkgm Ie9uZx84S1x0ysrCph0lQtlf8Awe2nw7rQ2kAbNzgAW/Jd2w5w+eFBI3FzxemGX0 feHwbIqOn+TzbT4QhIsvbHrjbM3SbNmuj/fvpufqZDDIfDTSzIbfoQiSVach6gRo nK1Sy6nHkm0ygHm3w7ZO+eg8GCi35y+8dm+su6OfMOLG3P6MbwAWnPMMwioapFcH
[SECURITY] [DSA 3564-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3564-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert May 02, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1660 Atte Kettunen discovered an out-of-bounds write issue. CVE-2016-1661 Wadih Matar discovered a memory corruption issue. CVE-2016-1662 Rob Wu discovered a use-after-free issue related to extensions. CVE-2016-1663 A use-after-free issue was discovered in Blink's bindings to V8. CVE-2016-1664 Wadih Matar discovered a way to spoof URLs. CVE-2016-1665 gksgudtjr456 discovered an information leak in the v8 javascript library. CVE-2016-1666 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 50.0.2661.94-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 50.0.2661.94-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXJ0boAAoJELjWss0C1vRzu90f/A33N+vaag1Ykl1wdVujSSHW bTBVW4MgqoAlef30CL0EXx5FxV5Lq6oBwnHSfSTTpyZaA89KtWwFiqWdPhAzq1Kv M5O8+ggQrkxEt+tWkbVaS38lPUPkvQIRqykLEr2j4FEZyyp0/JAGBkoDNJZ8 FuDCxJtqbV/bAPw8WkmDVdd3FP3HOrlhy2Wxwnne5896IkWG7Itus8alf+lLIstI trzspkVpHGFao3iNA6h4bZvUk/RGvEZc3KphPW3qStRnIa9WhY43uGItX4/2F9Ct E7ZcLemhzSzFTGYCQ9fBUrLwizC4WFdy66nba4ul2NbxGWxFspWAXkKgSOnl8AoX h08/VeTLix9J6NVVOVahf0FyimHhoVo7zghmg5p4y3pugir+UigQeo3JHNac7F5Y CnBKaKcrjKo1EYhH+UTmmnGMiEJoHcmop5tKEynf9oSAb74sszXNWIE37CC5GBao eL3vTkDFQ7bsNhqvnPom9KeIP+D62HaThFVpEigffgferpDlw1Kk+kdjS6u5RsQS k0ObDZgmQNzKj6Lp/fg6YIbcGXzCYx8TViYTEGJpWnl3sQ8EqGqKqywQpGUnssTe yRTvQOVHHV224FcbqkcstJ9DQjuvAibz848KpEDgxrqu6oU9vzJt2gUjxWOU+ovj igR9B/SKsWLhe5buPNuWhabiASnb3GOu/PEHUzxzLerK9JhiumuVK7Ni01S+WkkK 8DVr+dD6UuyjzZl5JMtFf1DUDjPlOKnFoGUKeFIaCYpbuZ9fbY32i8FIS+A0AJK+ JLuwo7+2eelpOI5TfGN4iffyS1S2w+iEUKPhx58Pp5wuoTxuGwi23/35Ab52FkZ3 U+PZGtJ5zv3otQX67KtwAbSSaju+PEmrJI4vGKYVB1+lm/T5wFYFer7GZAspLuzD bsNKYp47jeNimyvWVbSSP75qZ5I/BAfOWunSMdvM/wtEnAnUrVUetX0xwDuqh9cu FB0yn3CrPuVmTe9BLd5Fx81dH9IHHSauU6CXt7QtkrmNWfCE1fOmnkdyQZsJSPfk qasuoOwyOV1S2GukKD/97SWIRVlAxjin5bIxsDnZ5746kuPUeegMNbxY9hxvmt73 +bYAtiC/g/Eh3MpdxCr1Or4QW6nr1RSkJbKbiciS6eV36gg7I8r4PZSa0uo2eYMr a0I18Dtw1d050i/4lyqlKuUfnLuBP1Le6tjCBqJi6n4iIMAOy00ne4zO89lZZLfY oMExEVICvXDdmxlMfi5ZwO64JDgnUk33sz9tZxyN8aKUpe99HO/J1K8xLrRVklAi Trc5kkVWFvDz5kmazfke39OmLllFHhf3bYnxBp1s/pfHjVvVTO2QcKaWOSUe9Vs= =zpNw -END PGP SIGNATURE-
[SECURITY] [DSA 3549-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3549-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 15, 2016https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write issue in the v8 javascript library. CVE-2016-1654 Atte Kettunen discovered an uninitialized memory read condition. CVE-2016-1655 Rob Wu discovered a use-after-free issue related to extensions. CVE-2016-1657 Luan Herrera discovered a way to spoof URLs. CVE-2016-1658 Antonio Sanso discovered an information leak related to extensions. CVE-2016-1659 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 50.0.2661.75-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 50.0.2661.75-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8 cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1 0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo IMvWMdosn2vKkIKdGDMrN+mo/hqc67htPDHw/pcWzomJT5KnO8I79p1PvqVklO/i BZdS5GPZgCjcQPTSWIOX0xkk5SnHlY+BiE8ZBaIydVC0K5sum+4JLBxZnXzkNO96 m15tQ4rS1wY9WPYV2/g8kHS3juwvBX1COj+BDqzQs/VKXQllv0Hj0rdQvq70O9uY eXLu4Eh+k3R9vQ9WfX7dniumvCVtZcqaplkROse5MQ3j/ord1YmTMmsuPvZ3Vg9B ODUinvCGBD7Hk/zKI2+YIzzHrZOAsMJyE0x696jNCzCJq6Pjg7MND4NH+PX9RIZ9 22NpX/GfplOnp6Kvi+ciijPnLjdo9d04AIoQEsE80efXANk68G9EtpQ6pwF3TDYd OfaXGymljLio3ca73O0yGOdNzufQYJGd0/DHpHr4ED+RHt1IUtXQkE/N5DufmOxw j3wKdDk41VJJ1klfix0KAniTFjbUW43kuqahuXnB1EEULgL2gj14YgxKTEjBf9JY 7zW6HmKZ+TfR9uu5XS9CRe/igkaBIFa9CljZ4JKL881NKN4rewXZjG4R715J8Ql4 AY0wfhwTBiiLqQy9P6p8SzItxm3gdgktyCYl0VkLpwaVnCeegV6zdHqb4k1ublks q6aELszWe+W4OjPxeEW5lVUkFU55vxzUZ9OYe+oem8Bt6bBZpu3Q2SmsZmGnNKvQ /58GXw76U2/fI12uh4MVREDxkdhI7oxELARYgWFFJ2RA70Z/Ju5j6w1j9Qpfap0q 64+a1Hk10P99yClJAJnjDqAx2ZHskYjKeqKFB7BGk6QkR7C2XSSDlIq73fytDIBp Ih/9y1sEa8B5vtQK0PYeg22qLMKI7++r1ARKj9i6JhrIE3VqLWiA4DU4k8dE4EOr ei/f5R7sJCQzs2qn3eOKTHaQizk+B9CCxmHxMbCNkydahnlJRPHPlh0dlBvS9Er7 3lmFfyxg8OdD7RPjcrcotvnzif2LqGhSd0Jit88zkGFEDA37VUbmRitorOgVYY2o bNtCorDaCPjHHUy3PsAhGqla3pnmrJ+OAIyKdddXTqovrZZdUthGi/DghbU81dg= =n5pX -END PGP SIGNATURE-
[SECURITY] [DSA 3531-1] chromum-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3531-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 25, 2016https://www.debian.org/security/faq - - Package: chromum-browser CVE ID : CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling of extensions. CVE-2016-1649 lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library. CVE-2016-1650 The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.108-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.108-1. We recommend that you upgrade your chromum-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJW9gD0AAoJELjWss0C1vRzlScgAKYDK4DCzy99kl4PTLdWUn1x vyOXZAtRZRPHWIyA7OaD0XtCkA+vHbjnUBy7W8JuwdxcfoDPKq7H0lqtO8QSsIPN O5vqIoWyEGo4mP2/9AB5xZNXFGZuAp3Lrqq+BpIdbYGsR0IBOXHj0yEgqzWFzW0n QMuOA0nM0MnXCdXNhnxR1XZxv2svVVYthR4paFlw1JriAEKdmR8F1Jfl+4ke1yeT O7nt7WZlHpdrpicg13+BqkIK1qCipbmdA9wr6qP5UiHYkKxRdKHkhxEYwx1i5wLX 7op2KD5R4d8W0g6VS4Asc+B2acZCPTi8djZvXXIKxbXk+4o5bl1DfqlTWnZANniq A62k1yc/5olq1cPH5LZHPk4casMVNNCXKxjsRU+vsNIlHVIS9+dJ4c7fm+xsgc+s 9Z4L4WhBz5pjF5Eq2Qurbn9J60I9JPTUgL99fN0eCeqeS4xnRnkVmbGlJWWJUd3y VpkBvsa+PYgoAcKKZ+axasfcROJ1VIlfUgcDbFJ+AeQ06UL0oVyPc8Fngh+4wDDj eiEJRh+c0om+Gb71fcwEM/yyE3Fs7+xl47sst1JMKacjLx/yqRNWVa7nOYGNKj1T 1vf4rAtTNaaTkDwG5kxNVJy//iCG2dvQGz8kIifzQ93XvU4YRukve6Wxva8K9xDB UYj4VfqiLAjMmqLBsbBctm5geokpIyWRQrvkMYB5Of0WEnSLfLjklIsp3/AY9Jan so8wTjVVhFokwAJJnkqoLE/yAfJKZHKio9Fl8H4YKi3uwf628pdgLukRjwgCNXRL RDe+r+i65n8TVcEw0ODO1q3eEtJsAo4cCnqZQxZ4/QvG0mzAGbBDsmAWbDB43RuJ 8Tzxy22LTGdYwtM8nrJOVjSK5yaf9f02cmb/fhVLfqtZTu27nEJRO7dmygWtLDeR Dj7CkLJ07FgaV0W9FIGmXxydo261I1W6hMSKwWiQ4AS5J/IODL0mrXHGHRjcWuiG wTXp4VytlaV3kngh1WaTh+V8PiEDA4gl/ciRNe1voYGYv/7/5PV6yqwffkCC5sVH xlyOBhetI9zjHDoT0VR5pZlV05FR3d/f7xAbkFXM744hsUKRLDaMlyvTLMSDo/7s qDtYWH0cFrO7PEUVPrvP+o8jHgrGLVjip3/P0aqDegsU3Eq9D6qtEQ34GK9mn5SJ MyVgysUF418MshnG/tLT6xvF/JLlUK0a7PpGijgrGcuGrzweTzPmvJsEV2xeac9c pjhTZITOcglew+YzAo+1ctFwQV8VeZc/2ha+ZdRTA7hU07zz50NPtTuM2KoOlMxk DfgGmvFjt2OaO6yX6t/oOrSG7E+/GO+y6Vp1FyQTe1G2zvAR2Rz71dlRJOJkW58= =NEwx -END PGP SIGNATURE-
[SECURITY] [DSA 3513-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3513-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 10, 2016https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1643 cloudfuzzer discovered a type confusion issue in Blink/Webkit. CVE-2016-1644 Atte Kettunen discovered a use-after-free issue in Blink/Webkit. CVE-2016-1645 An out-of-bounds write issue was discovered in the pdfium library. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.87-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.87-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJW4XlaAAoJELjWss0C1vRzYAEgAMISJmaG/90dQuWVD3qHfB4x LAjGkIx8t5e8MkFksYI9uLNLoFzUtEO5YAZlIx/cz7FM/ifEn9sp8n5gBkxxB8Bu Uo/eHqM+IbB6qUY4Bz5pgVp7x9cFh6t3kpcGbABYX9+LImVEhomB2j5NMMC9Iwg1 gRJ0EvvSho9mrDSxBZAQY8BHoMagFXdXBEVWSqNDbXrt/bwiTBGtQb+wBSNlJTTN M1xMeL3uslDXjDQ65dVib46Niwb/XaqM6tnwruFjZiB+5vbKig/FUkIykAYWjb2+ 6etZy0Nnxt8UZSPrbT7P+LDFGCuQQLOkbyVzZoL77mjwwu9bN7qnIbQRa8O0orGw e9tPQ/f5UvHn/4QYtNWKY2+5z9asFBcWJyqfIlViFRwU/qaPnJzDsCnncKUhlHCu mW25RBLrTxXTQll5zx5g87XfpY+eSccSm0PUXsJ0T/UwXydviRDjX5CKM3zqFg7+ pX5OiqBQAp5WO6cERHJmEmyUkxRrsQVeAxzHU6/HHNf6sbOaPFrqAIBd9zgMyH13 W+7z+29C/a9vJwNfJtAIcuWcPxfRzmRntsHP+SMrZR8NEd4iacuvB49/3uuyUmEN vNG079YSnn1UjXdoXyNOHbbzQP1sxQZTHhR9UpY9wwpKtFXmLcnpwbYEwmeBu1Gl l93k+wr6UAqJQql3jjkBJqJtOyHFjwjf/Uyit2LdAmlB4Ww0XsydsXhb+X6x9NxP q20kXf/jV8E4st2YKBpFVaDlJCtQjdSShW5kjUKMoxRQ1xuDUHUK3jn5uzlNxxiM V4NSCdyCmH8wi4Kwym3bmzcljW38P5m4zESSWIoVPlJbXKt92kNJ46DZdi0EsJUW NBY+vc5sC3bMQnGHyOjG8O8oo5nOKX1QrRXK0S8V+EYUP1PTm/xEIl69dPdNCyKW hAnRNYg6Gc3zp5FIqt17MM8LwB1Ljdp9fBr60pSaxOCSdMRKX5vG6qNFfVSEJtkn 8s8RkLxpauQSZ8rP3Z8WbuDax+BtN/rat4uCqdpaU8OuugIII5E4GuHzWZdagaVF 3WtZQFusE2+gD4msVCPszGFGcsw6z91bfA5x5yl+tZlLl7FyRKFJJ/JpgLldYcXG y5XRX+Asycjbe+/0V97lk+BstdaGAKZ8SGjYoV9UDcABQeJyv7I2B9F6Rik9/GPJ EXHSUMEzM59BMlq8OnCIsxHI82hyVqxZ42iKWta7/EXwP+/MtSz4SLcbVyyPNWCb zO21jPEnLzdxl+Wfte4efsUnNyXSg4+QNM2N3t0+c7i8byJbnbFswwesJJAVMkbY FK5DJmgosDvlHNIiwfAlEOSNB0NpvYtQHr1mMZcG7JumrSPgUkkmpTYWG3xPrQ8= =CVFG -END PGP SIGNATURE-
[SECURITY] [DSA 3511-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3511-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 09, 2016https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2016-1285 CVE-2016-1286 Two vulnerabilites have been discovered in ISC's BIND DNS server. CVE-2016-1285 A maliciously crafted rdnc, a way to remotely administer a BIND server, operation can cause named to crash, resulting in denial of service. CVE-2016-1286 An error parsing DNAME resource records can cause named to crash, resulting in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 9.8.4.dfsg.P1-6+nmu2+deb7u10. For the stable distribution (jessie), these problems have been fixed in version 9.9.5.dfsg-9+deb8u6. For the testing (stretch) and unstable (sid) distributions, these problems will be fixed soon. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJW4IfBAAoJELjWss0C1vRzazMf/1ZculXzFJ55Y552ygS3+uBc n1ZSKa1BTQB7LuZ/wfHY3yDNXkXWQ9Ey5Rnj9QN6zJfOPnXCQ6RlvgNISMb/meHA oOiw9IXtx0uKv5b7VGKGrEiin/l9TDUGVv7Z/d6P4gTjbQo70BdC1+UgLNJWP2jI utUippaTlMto6WeXr8xS0orM7852PDWsSiWjLK216IgsWgUMlfRE1vS/UwSBwN6j xZHl5xhhb2Qs0vORGq//h5Y5umBA92rW6wG1vmOOGGIScYjKIJVH+fYKaJOQl6Y7 aRVpnvdZmSgbU/uglSjhlvx9BICjfsV+cAAvNY0OY3G7bmYMAEtQQThCRheQRSui K2z02qVZ4YAXiyfNjCkrO2J3B1xo7C5kVzGt/hcn7vjeMsfJlTBd/ppcAwWhLYrw BspXLhn122QDjqAS+wL64MtSz9gWKgQi49bEsVNRYmqpt20RBs0stMqU/DHxJhCu L3eCQuuBTzOyD8aTJ2c1KvGi9J8l7+D9TNcvg2BBudDpoyNvpxGz1ppNnzGQENN5 kNR701pSude+8OSFrGnK9JUmt1ap4WNKWaUcIMZG2f9fBm8tdMWgp8iqou+Hiv0A WlX1anODSWiCX5+T1u84AsoNZrYxyOPr6h3cOAEyqy6dJVslJw5xvmsq6x0GYVy+ 84oJVY4sV8WLL4jyqIeWLaAp/GcKKyhD0liEgDrO5GZ/BAVCLCu4466XVNx8mPsc QFLx7vjHv8eF9slrAw6beJ4Qulw/bEefn6OL2PC1Ic1EJSJ2VaHhC4dwhLSduLau DXjbeYBKpk8n5jukTrIrusKqTlgDqtoNC8TRx9giBXUfP9PYexAleO4fMT35UYN3 FKcpwwjLD5wcOjc3aVEhZdaV9rbTcIwuPxXg3qsZLXH5RXn9FwgbyaXvmoxoCsf0 6gyOVF5ZlOuxM2ZoBdVwExZVys8yM0ledJAaChV93CWENRxJKOzO06CcqKRfmJxa aDwza5tcIx6yAFx6990LGFdAns7hPLi245pElO5AU16DNcHSbiSsEIdjt3h3S+/F vJHb9VvghVmO71XaLCxV2fXdsYMNnOKGheEXlC4F4yBPn10di8U57uyB8NKJ8Tgv W9r+6oeh9kVP/4KN8kvLmQWShgFrBPhbsuw3UPz9UnEYiFjlMRuTdP/TaYeroPJs k+Q/+72K69UQizKJ9UtkPoqI2Tn3I7zptDMGRsr5Pmil2+nx8xkRK3VK5BSDqkkK MEeY7zStrxqy/u+J4Uqf9XkgXnLMTkjv9UxFBp8D5e4Ao0Xk/LMo76ZJZuahqYtO fQw1Xbb11+cSBtER67gG48v/2kjHZINqKyIG17/SofTfOusSiLgOCRKgLkrod+8= =wSXP -END PGP SIGNATURE-
[SECURITY] [DSA 3507-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3507-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 05, 2016https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the Pepper Plugin API. CVE-2016-1632 A bad cast was discovered. CVE-2016-1633 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1634 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1635 Rob Wu discovered a use-after-free issue in Blink/Webkit. CVE-2016-1636 A way to bypass SubResource Integrity validation was discovered. CVE-2016-1637 Keve Nagy discovered an information leak in the skia library. CVE-2016-1638 Rob Wu discovered a WebAPI bypass issue. CVE-2016-1639 Khalil Zhani discovered a use-after-free issue in the WebRTC implementation. CVE-2016-1640 Luan Herrera discovered an issue with the Extensions user interface. CVE-2016-1641 Atte Kettunen discovered a use-after-free issue in the handling of favorite icons. CVE-2016-1642 The chrome 49 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.26. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.75-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.75-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJW202dAAoJELjWss0C1vRz9jwgAL0TiUnwvdutW66wNE/T+jYW W6yyrzLOJkoocT1wpp0opB75noRxqx6KDrGOcKByyK7vrM2y/amsId6NyvD8mRm5 RTfEa/4d00Y61W7xDXeyvOazTyCW3+LCZK6Lg1XYvXleYdun4vNWIxsEcBdqezD6 0oLrwHv+TuWCqdQxB3ZccXBVOOP8RVZIcq/BCAL6pP9VqwtR+jR4aYLsQ8RPn8M+ wR+QO6Ab+Dzja/+l3NE4+q1Oy9uyfr49Afhfvc2bGlTiUgCPMZiACEZVoH4CzQi6 Da1cB5vckoQhqixf/+HSp8ohQ6jOTemDfwpbXnyqKtpdoeCfbuOwGipZHFb/mxCb APCWZwcfVIvNzCZr4Vq33VpWHS53AE5yMiWTKqOqQsSNfvEwP1QB+8ixDFqgIxlf BbfuzyfeBkh6ylGpd4Lvsav6BK66pRvNr+liFbqyacm4z98oN0K+Soyi1FxJTBDA ipb28crv+LkNSX4yX3aFptPedLaYyqtR25MYKtjw4Ro6Q0aw0jdQfABzol9vyJiM /SaS4rSJ1zGV7e2nk9nYrDPDzsL9nzar92/qvRIVSXJJ0gGIvG5En8iPg6OLOZPz rLyECn30QtT35bKfy5+/VXc6rArb2IEcR4irKMSp3zon8WkX5amVPE05RKDzPX8p 16Kh1lmHRk0ng3FJtHtbZHe/T3W8FwPUWUhr47Rl2vlqFDlZM8zAgZ0DOlbzmwQJ 2Wjuy9dycoKqQIhE2opgKQf1+Q6rJHEB7FGz3oG6VOic7vCvf3lms3kBH4brOGwV xukXWds7xYQA54ItqzSnUzkgJfxBxVrm1++CLM70R6HNkDtdUrHwKLjzWqlwzTfd S0VpePjPVpEHqnT4mEs9bP8hqPno3upzwm0+rDTLocAECtAH+2y+B3UnYxIvSMcW oeSqjEuJKrKGcuhvUp/grnG/f1J2o+d0/10nkDV+XjHDzsH69qTT/Szs4cCS1r+L 1Ig/p0FwXSUMyO4V+nKv6SBG053OGWJWK24EuSIMcae5ZwPAZzni0dl1K1lEo8jf Z/tRBJNci0nvKKSHj5NURt9go87zrDB6oDCnk1hHYKCNIH2m9pKBvA8B6hC+KxVu gBjDEDEkdqyWTJqdQBN37729LMTh35N7p3qL/ddObTvzmuywsbEyufOCdV+TbgXy OYYbIumES6M3wryst/SzU/xUHZHT6FT1BLx39Sjyhq8UEnErQ5hPeMhUsFlj8gEI MIm3FbPIVfYuU0W+yl5gaLxLMELWwcdqyzSkZD0WyWXXoAUsC1iVIh1y8/uQlJxf v2eW0faGXHuifgjGOV2vqBMA9rkAmP6uNrgVbcdsgUqWxcatEduTXOAZy68zocI= =TLjN -END PGP SIGNATURE-
[SECURITY] [DSA 3486-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3486-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 21, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a buffer overflow issue in the Brotli library. CVE-2016-1625 Jann Horn discovered a way to cause the Chrome Instant feature to navigate to unintended destinations. CVE-2016-1626 An out-of-bounds read issue was discovered in the openjpeg library. CVE-2016-1627 It was discovered that the Developer Tools did not validate URLs. CVE-2016-1628 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1629 A way to bypass the Same Origin Policy was discovered in Blink/WebKit, along with a way to escape the chromium sandbox. For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.116-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.116-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWyjGQAAoJELjWss0C1vRzCOggAIHfWmQnUTLoAnqKYxsfAnLN xRTduJLr2Fba1JcINXKiiRMcrEsYrWTiN+UdiMYtC0TSU933qKEEFvHnVl6FhZCH 9crXNFGknjpz7ql+OkKG6d4Snw1SuoOEziBtk53AaF7T49g4FwV7vzep16gnK4FS vzZJQDr9qyz1DeUMXC/Z1kJRRystU0waqV8G94Cv4X3xcB1zcTFQleQyyRrM3NcU fJkVi35CX7SNnwWrxAqHG0MZvFmDI07Uro/v+erSVxAF2+Pst0Gx6NkawmsPTNcY qMDnWSpCXLp0r4btFZIsCviH1dhvvf91wolTb9m1AkL7gp0j7KQZbjNqvlmYWNLj mpdcDbYwJq9vvJd8y/Xjri0nEHftemDXkEjqf/0cjfqJqsJakk4sADQZ6HEydJ0c +P5K4Xhz1Xef6+5oIFRJxoYl1kWrYDy3By74aiY++IKj/pkzff0wYNQFLHpj0FZ0 mBnOTYHsvB88afGklSyPdfUxChPQ80t+CXp0QdVGJQnS7EG7tLSC+D4Icootnf06 Gmx4WRTtRm4vN6xufY3/wqDyHJNJTAteqN9/sjXGOjs3WjeSpEy7EMHrvOPU73aH 6WTERHwTCkMRub9M39bOCxHIgkFAU0U27Kc1WwuFHnRsh6b44jfYZJjf0BUhC22F I4Ym+jtmMOt17KrvAlta+qBb6weF89U2Twaxx2MPCO4Z1g1smnTX1FYV3SuK8/+/ 5Sltbp9dXRPbnsPtWNdXkf0tlRbjBVz5L+lQF8GM4H4Y61xfcNY4EeCYWHMbBWk3 m6PR8jFViFdsh6woxASE5CYadSsqhYR+5r9FXsZsgmX2rPuv8QysauiWIXQA8AU5 y6YIZPk/JoL5D87BwUKwzE1SHfNBmr+pLxB21TIIsDOSfvwyk/VQgKWMK36tlc77 eXGFJ8ErCIXAzn9VTd27q5lnmbfwQMt/+i6bR09mIoFtFiJz0X0b9Pcw0AjiSkVm 6PsfqJf9b7O1HOEeqYdzGW5nKuWpC34EVo1iTbtxP8LzwaQMgM6J8SPTRmJianep FaeD3b4z16XehX/p2FGutoWDd/oxgl48TwpET40HKOab4ZNehRGJk7CEUtYH2Z9C 2gHOH1vOQSfrkxPCBcQvkbsjFbtL4ECJ5aktAg4GkXslAIE4ZyxQ9bNFZC5fM/rX /LoK/O26mHsZLJtdd3JMnqPTrNhYe9gOrdOcYnr73D5En9kyP0nNoUhQ6k4J8eOH C7iILgXfYhVjscNJ2L8IFEDnBe9naQM8Bh3pgZ2pWNU1PhjJDGiZbN4IN6LqaI/6 dPYLn5Ib0hQZM7gCn50uUnxFD10PqG7EYdZmuWrkNC2CzAO++UxSC2Du94/id6I= =5OhE -END PGP SIGNATURE-
[SECURITY] [DSA 3456-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3456-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-6792 An issue was found in the handling of MIDI files. CVE-2016-1612 cloudfuzzer discovered a logic error related to receiver compatibility in the v8 javascript library. CVE-2016-1613 A use-after-free issue was discovered in the pdfium library. CVE-2016-1614 Christoph Diehl discovered an information leak in Webkit/Blink. CVE-2016-1615 Ron Masas discovered a way to spoof URLs. CVE-2016-1616 Luan Herrera discovered a way to spoof URLs. CVE-2016-1617 jenuis discovered a way to discover whether an HSTS web site had been visited. CVE-2016-1618 Aaron Toponce discovered the use of weak random number generator. CVE-2016-1619 Keve Nagy discovered an out-of-bounds-read issue in the pdfium library. CVE-2016-1620 The chrome 48 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.7.271.17. For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.82-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.82-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWqL5AAAoJELjWss0C1vRzIIAf/AhRDnBaJlyd3Y8akhFRBH5n FBm4XT+vo4gSPIH/zMHeZFerLjNTSyl9sf9zr1Nk6U8D+U3QM0gLPb+Xvbgbx6Ub yEEGUu69VNh9Z5hpr6as7ISeDSbJZp4r4b9Ef08zNx5H6R5YNm6rhp1duC7SeKx3 6D3Zs3uxPeRLEHYX6NUOI5BhriJzu0SPY8h1Nk5V0lKJwgVEY1gpwshAjb7D2hPX MoKshsgn/TRbMotcxPsp7JckMJtJogelHnPH67jhD9UNGPdbAyAXvuHaEYS7Y1tC WFB8oNGilDEYHBuyuZMNMM4p8kIqGBgQjaYomD1GjdjkYJNqGeXO1j3BP+Fg+OSH q9J4xOTaHbc5F/7xZB74BbvF9JTSx4/eH0tAXzSCTKdqwxtOjpZXiuUnNehwGS2C 6qRwAQ5Ih/hlIgKZzfJXJ4ZUnM1OvQ9igPUeQKEoK76HycrVUSnqAopIjRrOxvPx nox3emuR10eXszV63aW20mIPwsqA3wfdxmPTIHJdq3Po/5SLfQus09IX//3IhjXq SHQgTu3xkz1u8nOKTHx2c2FvdfIoQNq8HP16CvVj02XqPvqeFg+ULifKBLB+5HZr 8CisZk9uTQhl8toysS2RGcxXRmV56JnoClh5IMTiQOx9Ox5b7BKNjWEzMlxvP9IE 9l2wRD5kR8YGghrRItspm794Y+mbp/PAImjwBjWVW58q54Nx5WqfvOkr5glJiBvk Dq3p6Si+RLdMYJx8RBLIgcWLp5yz/8WMmDeurlP4QY6VkLctVR6CWXHqTs/AQnJM +py+Yxfk09pJhUUd4OwRHTW7gxM3DYzhmdPBoHkV1oV1XVGtoX0C5I+9dYz323e/ EKvMBZ82n7Ithtyn8bcPD7KlS3HO96gJsDvmFuCvZTl0ycy4fbZCllRnwMT8PR6y JhvuQfyrLLUWJLEZo0k28t3QUY0L6qYQMastzOXl6nd898XLHBO5vvozR3aaFxbN TKnda7mz6zDrpcxOnkibBczMkVnICbKBCoR+mADogvqddknBbW4qSqmrkw9BJWNb slxCvTQV+0UknDh17RW2IC3X/4MFJem2+7UzKdL0H8i7kG7Sgjt2J2jji0ag6mtm 6Lue6gObeGvw5QyeOgRLxOOM2ALH2LP93OhOxs+cTrh1b/rssGif/PqNHsmq7ljy 0fbXbLxbsOy/41V55NMh4JeJfS5y6GETFZH8LeR/nu+VZJtrdZevzdM/l5LWCqzD vnN21bAkB/19Hl7KiSOPVrE6lV5u/I64mSPl0Ai0OwaAXNPKdXU7DMJfgf9lx94i m/4bpATokopLJ+NoTq6YIx0u5B7Ds/y7OEaKcABOf8pRies0l2sUTy3o3N8fjXo= =9hnu -END PGP SIGNATURE-
[SECURITY] [DSA 3442-1] isc-dhcp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3442-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 13, 2016 https://www.debian.org/security/faq - - Package: isc-dhcp CVE ID : CVE-2015-8605 Debian Bug : 810875 It was discovered that a maliciously crafted packet can crash any of the isc-dhcp applications. This includes the DHCP client, relay, and server application. Only IPv4 setups are affected. For the oldstable distribution (wheezy), this problem has been fixed in version 4.2.2.dfsg.1-5+deb70u8. For the stable distribution (jessie), this problem has been fixed in version 4.3.1-6+deb8u2. For the testing (stretch) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your isc-dhcp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWlkaAAAoJELjWss0C1vRzsbMf/jnP/y8lv3v2wQKan7wkkLQb 1aGma58iIpvrM22SCX6jfZ+kCwdwB3pbcBVKTg6jO8J6D461CnlSBePYEf448uKu srXcdW2A8oeoUMpWPAKIvbP9mhwWXO3vyZHB4GTZimIvq4Zi65bpX7V0MmWV1fVl nHc52KYzjCwCk3ha9GrZdcEh8Ur4gAhK+iUHS7dcg37r2nLISob/nyHTTUgD4DjK MM0XBNfpWpXP3kQuUiYVf4HKl3aAZnHRoisT9/t+ZAkPUrqZmvAWsQ/RQeC197yY lVJwBUyXGQbMM5xQ+TY2qbW2UDPpYBIArKzWL0oklKTJWoc908qi45y3Hj76ImKM M0F3TjZ0CNtFhhSPn4XN/zBiyTiyYpH9fnPN0H+A59kuiolGhrVcX/lKc7mUEZCp epcKKQClvCSELPUtGsO5S6GH6jBRLm5I/zYMB4CJVMqgGW4pi2Ep2sUrRMDxpkHA pqc4sO2JiPd2T1zIRsCCujaiPHC6w8X1bq4ZVI596/yunk6X/sGloeQjwyfn5IFo IKfFgSPRFocwMpa1XCyjc5+2/55kvh1UAaPjMW5Cc0607ktaAjvpAXprD/denlt1 kGqZPgD7vS+rl/41e9+Zn68HEp2kOdtrK41vlAITVUXZrRuXCEPDuQryOT09lsnz Jgop0E0mogtZqS/4N7bQ5ViBdoRikvAHj/oMmwIhCXzsQUfhk7xO5lIgjgXKdNLt 9li67asHdartgkGtEpTkNyYn67CKnbjNYAU3IpO2B0pkiQUQ8IwmZEVStOMda59K igvt/D+5rOS0CiB6IkTIeNJrw+G6lEtJs0uoTr8MG+aLafmzx87D/iQ2RhlMHzar mqLMAZcHLjTtFaMCtOqSL1SBki1EsLecltE9VMx/oyeNYbglnWX8feJeW0X+DgC5 J+B4Pz2hhgRndnRdyNkG04tPB/NMMu4syoqr4Mhn+uHepBjAracD38LZYnBkFgas MCsfNlAIAjeXcMrVApGU46/1vITJfHrqmE8ZZ2J9wa4NG4GibVfY9K5Tyo+UHlqS s3PINEd7yWn6i0rCDFYW19O+uHuEkC+6mIhLCjMrFqTw7Kw2fixDnCH9bCjshsbi 9MlcRqpGruq8bsR8PL9sMo5eJpr/lVqr0E4qTD1IN/jq9Cwezp6OWmJd0HDHBkaD ktcJkxVgxhezKVpDXZXCzyDtnX8hZkURXSwoMW0pvAbuoKHCbgbAjQPMwAYrwIcl xD0PNXk0ba5ej7XlMoSaCNTafuj5mBgxe2UNZ5noK0A+uC8m6z99Ww+0/bIcZW3W HUQtxnuXreBYJ3VXoStsPs1DZ8y2/Y0X6YLH4xQq5hXhJOWx3x8dgp7hvgCmlEQ= =7PE2 -END PGP SIGNATURE-
[SECURITY] [DSA 3438-1] xscreensaver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3438-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 09, 2016 https://www.debian.org/security/faq - - Package: xscreensaver CVE ID : CVE-2015-8025 Debian Bug : 802914 It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. For the oldstable distribution (wheezy), this problem has been fixed in version 5.15-3+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 5.30-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 5.34-1. We recommend that you upgrade your xscreensaver packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWkdSSAAoJELjWss0C1vRz8f8gAKZVd93r5W9p1DzxjaKo0OCi cIBnzsUrCi1m89yztrecnYORFAEc5KRMras50I5OcTNQzOqyY0nl9VzfDL4mRIfP w3p1qyNDvh51+4Kjnrf3g+UxiwcvZg9Js+Y5wWGI5xMeGNyJO9nARi7E1gvHOxu5 mNoPaZTUiitxsYYR6qNliLWvqeK2DYL+cLHkzP9p14yLumlUpdML33xvgwnznUpH UlgUCsXxvrPUYgmOACQN23WZ5ETsdj6ZKArGlpCvlx2769o+MziecICY0nYvV+St KzWoFvf0CQ2JoyIKUcqWvCOl2ku14bSbIW5ySWHehvw+c9lSo/xbeYECUSXUf9d2 JoO0GPUwTCGGsXsDuTj+UxmzC+7qXOgutiMA6aXWGxWlvewy9+366GVgOqvkjOly 6/pNRVGX39xZAXdJR+jHuPldjF7iZx3v2R++Oc95nP94A3+RLksku0ZUIrG0mjli tsfzyYzvjpxDEhS5ETn4V7aKqo0veYwuUCmFgzMjRpIKG3s+jMoO8BJmBb7FW6SR EIyHvkhir7uVHG8ERJbAQxjWaBzqSOy45fDtasNSChhHZdH4NNzmFyY32Os7FjNF lVIcXYaOKr+mhnDekYWGvGj+Fr08U+dJBPUztYuRS8MClIgED+y77867PovwyQdR UM70qRYLpVDCkh46QZ/7dMEbCD5goeuJetshk90cyhl4WgRsyJMmcglIrGBi04aI yK9JuuqPLesYrlgS+IlhNwhAGVlwrLFtj9vat/E5WckjiXN/fSuLyHxtt/lKLKsx dxE889BHXrju7QzuCSH9KeGIpnm66CdWhIKn4SRZiaXjC6NbwHyNxalF/F9Xj6uy q3hPzOXYddASQEH9Wyk1swlXk92uIGq8qo8fqOH9ANygcPEdFxCvSntweIrfqg6A nJ6xBdW6aMKlLK1Tu/kq3pnIsUUz8tGIdzgYuOIucnbECIJl1SgG8O1XQXAvDx0G kFVsuxnRJ/3f88+Y0PF1n50/90NCbXBYMQfky27R4xpQXDxppkfH2HYi1MEDXZiq ZQQL5nm3ZbHprgVSQTrjiZ7E/lDv+g0iyd8EnUmTUi2BCOCPJqdW8+HvfKw74T7n sDjAn+D6IDlk+qSZwVFMgzZVhOVK8dANQIOzH8Pb2VcTTVuA4SHsEyZ75lkvpXrt 76QnSPDEo+ItK6+4j2rrZ/Smsl6ujqr7ttPLKrb+/gH/0RlYfyY+NZ6auM27bTTY eqgKvNM9apzppcX2piMf6OUKV/cMbl+XdWdq0xEgtRixBc/OzhSE+GTTySVriP7/ UeJinBxRZROJZMBzyavcd8hPX8iLpm9jp4PeyBoDaawUdbgxSc6hwjsVBDUQszY= =k6lg -END PGP SIGNATURE-
[SECURITY] [DSA 3418-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3418-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 14, 2015 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-6788 A type confusion issue was discovered in the handling of extensions. CVE-2015-6789 cloudfuzzer discovered a use-after-free issue. CVE-2015-6790 Inti De Ceukelaire discovered a way to inject HTML into serialized web pages. CVE-2015-6791 The chrome 47 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.7.80.23. For the stable distribution (jessie), these problems have been fixed in version 47.0.2526.80-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 47.0.2526.80-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWb3h0AAoJELjWss0C1vRzX/cgAIi/ElAs/swYNiPAGgxBeF2m Xprs8R5JVQ1ZyaD7GXfEMZ3HQm6j8ubbQNGktT9/5iHaa18ERzyV+no4erLv3YHh 97KFa13PQvdeCiCkzwKiUxgFJ8iWkIh/zYbvGyNdfGClZnqCDnsU61LmYatN1ROq ldw1kt4qpW0lAj2cXmf3MvppuwafOMq3aM+Oe480+UUraSjlwr0U01NUEccY6JLT /Kdp6eA+x0WAkVfV3kFVodTRFkbuGlp87CoqMb5qbiy+k6ImvZ16h2TsSRU0G1yP rJMEnm3//FI4JgSduLxgVjWH4ud/kogbdcP/qPuzZq3LQe9Xk0L82whLLwiru3P/ por61wEM1drKP+oHYvDNp/O+XDoQXfBgfpCoS/hrP8C/PbZACgCOTRKu7ioYZI3f g0wjVcxh+6kElmHgEZNN2wXRVv7/KfvnDoxg6f4AtdPvnyG2f/eEez3njxVSCp7m jY323zNQoXkZkpBclIDEtVNLd/iluRmT0K1uwVAcC2xAR43/R+b8k+av4uIlS461 gAAb0zuzJ3EQqfZT1EE7KJ7xAmkfu+VEaglZF3XsPFmXIraLMXk09MzLaH9vHDp1 ntqX7itumFuTNw+o3YwTftAiwXf8YyrFCuY2t18ccMlQCwLCI7DTb18f82L/Mx9D nnUcyMOcfDrJk34/OrCEnou9lcJhrJF5xUciGcWJiTnyIP77hatahQuSR7WfG4UT vz+LF0Tqgo2XDDtrbf3t0AitG6o1GRqqaE5to/D16Y/OWi4l2A1OQQ2/6ZX3dJfE hry+wXIYlXRNsIqQXl39KKuzz0MVvMJRlWSLLyLjsQUxiC0iB+gET6N/pRvfPDcx +EFg2NNkT0furCosCP1JRqXwL/8Szxex4bXlutUUx6yTOv5OmYR3nFXJ8LilV4B0 N5nEesF5/IF//FzoM2TvU3zMiyUTuCKlTPFrARe37CbD2U230/3SWw5N6csFmHZI Z5l7lHsTavpgkDxgNI2FEXdwDWUnXIXSl6lBJ8ema43Wootwb9Kb3I0n5xVw1qMq tNXs5gBDD3+Vzukr+Aoeu4VGyxV9QmWrC8F4uc+7jFRQ9DvZ2R3srbG3Is8wT0JL PW3XYU6dx6e7aigG1nlFnY7/XsaAxrDIY3rUM3YLvovQw/XJkrtdY1ihQRzO/Hge eEIWZfsVBr9cvdtl5FjlqO6FF26ElPRCaD0efA2HqKpwgH318khQ+qAQeTWCjh9L QkmM/lD8KuLBf4uue7THMTLIzdp/pMQMETzvVyPBIHy+5RZYvuPpe1L3eGh7t2wn iIPXgHARVtVRsdOQIYsjojI99EQqy38C8KxEEyXQbFiw7QaNrZjbrqreVZKIQbU= =BLH9 -END PGP SIGNATURE-
[SECURITY] [DSA 3415-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3415-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 09, 2015 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library. CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2015-6765 A use-after-free issue was discovered in AppCache. CVE-2015-6766 A use-after-free issue was discovered in AppCache. CVE-2015-6767 A use-after-free issue was discovered in AppCache. CVE-2015-6768 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6769 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6770 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6771 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2015-6772 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6773 cloudfuzzer discovered an out-of-bounds read issue in the skia library. CVE-2015-6774 A use-after-free issue was found in extensions binding. CVE-2015-6775 Atte Kettunen discovered a type confusion issue in the pdfium library. CVE-2015-6776 Hanno Böck dicovered and out-of-bounds access issue in the openjpeg library, which is used by pdfium. CVE-2015-6777 Long Liu found a use-after-free issue. CVE-2015-6778 Karl Skomski found an out-of-bounds read issue in the pdfium library. CVE-2015-6779 Til Jasper Ullrich discovered that the pdfium library does not sanitize "chrome:" URLs. CVE-2015-6780 Khalil Zhani discovered a use-after-free issue. CVE-2015-6781 miaubiz discovered an integer overflow issue in the sfntly library. CVE-2015-6782 Luan Herrera discovered a URL spoofing issue. CVE-2015-6784 Inti De Ceukelaire discovered a way to inject HTML into serialized web pages. CVE-2015-6785 Michael Ficarra discovered a way to bypass the Content Security Policy. CVE-2015-6786 Michael Ficarra discovered another way to bypass the Content Security Policy. For the stable distribution (jessie), these problems have been fixed in version 47.0.2526.73-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 47.0.2526.73-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWaNtaAAoJELjWss0C1vRz6d8f/ixjSiBDXKjBnjtGs0dr2nRK ruz1uHJWHqSElOAc/qD100VJk/1q2vR4JU5XR1j5eBj03MZNI3SJnuNMHoTmr3wZ gj6BvhDBRiOEvgRTCnVazjNU5ep+8XOw7b2L8fhy+BliS4sOBH9l/HFbGsNm9exw 6xgxiy7aHkY1IqcncL/UmJrJcgGNrEDzvcijNCxM6sMrveSGYjLnhO4BiIu6ASHb zs6KtdYuyOnja3cL5Rq6Qq9svx4QumjULqAIN6/RLYzzYe6+ZWaF+i0V+0OYfL6P RttBW4OKYLbNezT9206ujsjoWvDKZJ6vZ1fYGcqNlI/CrU7IskVs1IcNkB8iRrhY AK8Q1KeEmFPaWCa+60hdQ0K1M6rGR+FVyA+gfE4bu1DK1DS1NXE6HQZOvihkxFMU yN9i2iX0pb+DpZMQmJf4nv78ASzw0V1V+x2p8+ccyIKEYqnP4mSFo/61TvuA6fJm 6D7TLWT8DpZ5Po0LaIAUzwwmDAgQi82rWDgL2c7ebX/HeIZZ9MnBuzSMitjR05sQ 4uLUl8MkVnP5azWCBNATUfDvNjzlNiKlwCnoRONfF0+tRBzUpWGYCA4jLGYMcgxc Kx3bdP6+r4HyfjebQ5M//FVj37MbLH1YwMofeO7muuIuwMwP27UgbTRPJqjuGypS MSHyyFkmaj/RvDoIgkM4BFyc9xzejhGMnDeg0qlFS4xocdkEGUKjr8c+VUhzMpAM T+3Kw4lEtTXy09ttZ4VP63OOelUGd2i32ir2PvvU+3QwjArjAuBsvBlrFwnkJWqC 5UUPQ+lA82NG3n0JYqHu5QJEUQVyhibbg3yzXxz0LitaJC77NoPJIxahz7RDxNCk Ox/imWUapkHZWO8ewcuHPgIf7OJarXOOn6cAaDH2J46WUdLTnP2ghOYwTm0xZuHh 78aSCEqnYVImepwXv9ndd0BR3S9etnOKmmouwFcsMiZd25ASOCN9zVUrfPki7CIz LZRO1s895cR4Wa9/Gx2rja1wJqUrdYA4APJZGbaU8dZBmnEfe1WFSMP4dfp8KdZQ iSzY6/339uzlE6Q/aWDvYBGTFS2+Gf3FxnlhAGdOT0TLRt8GvVIt2YjyGRET7UUh zHpxImL0bY/RrPOaRaUtEcZJrRMgLT7ZPIcIeqZgOKHn8+NRcg45JORuDQ3ibhba cqNZQsOZbNAsTF0D32T/BM1rdsu0BoK/Z8FFE/WbrvP+D43wU0m9jjRDNxv2ZQ9n ZELwH6kWxLAVapxJoe2CHmfFxB6rYnQJxsmDh8OLqzqBpcVxEkjlX/
[SECURITY] [DSA 3376-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3376-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762 CVE-2015-6763 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library. CVE-2015-6755 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in blink/webkit. CVE-2015-6756 A use-after-free issue was found in the pdfium library. CVE-2015-6757 Collin Payne found a use-after-free issue in the ServiceWorker implementation. CVE-2015-6758 Atte Kettunen found an issue in the pdfium library. CVE-2015-6759 Muneaki Nishimura discovered an information leak. CVE-2015-6760 Ronald Crane discovered a logic error in the ANGLE library involving lost device events. CVE-2015-6761 Aki Helin and Khalil Zhani discovered a memory corruption issue in the ffmpeg library. CVE-2015-6762 Muneaki Nishimura discovered a way to bypass the Same Origin Policy in the CSS implementation. CVE-2015-6763 The chrome 46 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.6.85.23. For the stable distribution (jessie), these problems have been fixed in version 46.0.2490.71-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 46.0.2490.71-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJWJwEHAAoJELjWss0C1vRzawcf/2VLLVk0XIIvX6TajYjXf+O+ MFWcbB/EVhdMcF3JTekflcv/LRbYq2TnqWPb0W/AM7hOCWbk4mgD6stbe7l/j2QW 0o3FZkL7pCJL72kvXPxGdvHFs+Qhemrd8AAS9nIqWnqGGcTSC2IdFOLEXec77an7 pvQCjT6g/gBb2ywbip7Pv9G3n6oMGTwcBAklm+7So6OjZZpcFrfEqkv8a9zgqH6B iSaoMws7iYaBisKn/5ot91lLbDIuRkSX8RfbG7b6s2v9WiN8bzPZUUJYpsBxf7m/ BY7bZYqpMhjDOEMQJ8NedgHnLabjpBXJi7gn444eHS9VGDgEBtduCJhUQ7oqq/Bl PEZdBardMDwmV/DSDKGH0WHsAzmDInk5Bd9/yqNspIl0azYaEownEg5mQeU06G3Z oIXX6l+hYzMRrLPEachAdHUyz7PhYU9X5uPUDtpkaGuJsylh2vyW5pGTumhdf/nt ae6VRy5p57HD7atQc+lesNUbO5225QFwaBRf3t/e/nHyYWZHZS9hFWyPha1EGpEy wuYYnjhSTh/kThEjDkROz3ayNod6NRJ8BkUfsgoj+Ui1cUASFdJtih/S2k70YM1e mvq5P3kHEUrYVvHpM+m9ZyzbwcluQKS4he3WGlSTEAyS8BIoohZb6QQO+lTOYo2/ qjqBYRhe2GMlW8AYynjQsSdQcHpBxX+qH4kS5+C5swH7c7NogZo7KWdPENW8LQgP irXB/u+RMbje5X3Qec/pG85vX196r+UUUQNV2ZFIlXbqgKGHWEeJ3+cNulJE2xet XI5pthBmzxEG0Xpw2OOkjkpRg0W7C0QBlNRbCqsk6KhobhxapoqNmkb2BTxbAs8r wqrL8R+c0JM0dYH+PuZeZmOyL3XJxHU9cCJUn2f0oCrBKLLSG9gj0v1a5ntqSEjH A00PXcXq8IXXnIu+xXe6fU3RxcVY0YykKkZKkh003gRItOC45PBP3/gu3KRStNpB zz4iL2jq4uwEPPgWAGS9BQrDgWaRxDnJPuF0C+uwfdTPLclHSKLewWbgH2zPa5ff XV60fxw6PM3VyGO1lCfEOVoHHt1jtN9JlM14SuNLaC+y/jFqcVVJJOdqGKAjAqNk O7fep+G46EPkpy9zTeM+CuekDdU8lClq8caLEC03zQK0C+0QA50zCRxJ6yBzpr8+ DstSjRoqCJLPbFTpHtMK9MEcEXXOyw+9d7/wF9sexNMhq0ONGs0KNFPb+H4dSG+A LeYtlrgELMQYhWq2y4CB/5EKlljDY99axy/HyICfaRejcTPs6a6x7+vyrcoCcAAm Co9vSkn7QQJKB942+uOPmcd9bjDhboLrBARbN8q4Rk0tYMYUqa2mwnyYAnSq1xE= =OCPh -END PGP SIGNATURE-
[SECURITY] [DSA 3351-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3351-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert September 03, 2015https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-2015-1295 A use-after-free issue was discovered in the printing component. CVE-2015-1296 zcorpan discovered a character spoofing issue. CVE-2015-1297 Alexander Kashev discovered a permission scoping error. CVE-2015-1298 Rob Wu discovered an error validating the URL of extensions. CVE-2015-1299 taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library. CVE-2015-1300 cgvwzq discovered an information disclosure issue in the Blink/WebKit library. CVE-2015-1301 The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29. For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~deb8u1. For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes. For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJV6MUMAAoJELjWss0C1vRzV80gALAwbzKMcieds/gjOr0M0+jW dexDtkPuVNQ5x58TQt3h8rqd/St/aDtApjuJqovOcGRyFRA4whhiEtoLtccjsb8C 2xBQycbddkq1DVXvjYxSbWBsE+Cv1HM6BSKfKU+y3wrPJJT/GLithJPa1TXW3U0B aRdkwvESSooHl4TXfL6hf38pv3IDwBtOOTMa51w9PPi5gG5Xfw3AftN0LKr6GZID yTTYw18rweMThPbESFt3IDXPJcKH9lap02qtrqB1cdf1lEsHrKFizTuUdtD6p+yC uY7knmzNN8uXRZ3wWn7LXcJCgdoiifSYAKiT0c6gmmnWBjLHuXeNPXgTfO8l4nlg Y6Fb0hjIBhqrO3y09ME1jsZLn4VxtNklm8Ioq1sF2RXWLJW7KM5bZSoID72gy2LW W8fJrslMRWd86MY34aVlkifT4pta07vpCripNjYjKPUgzbIrvRZ1y7PT34oiBdtz pvSNrbng7Y3cAisKhiNA+mHurH+bLxw8GOyUdL9ZpRaiGF9hcJR8Nntps3oHuF6g RDAMxKEeP3Z0vNP8iqlSiudLW85P3/aRCj+qQaQXfy91cOwuU22YsnZ9/GxmRRli KxwpT0JqKAW7fnUny81+lFSUN2zGpBxWquZMl9PDRCYvlSAV8OTuPly7p14gXjrh c1bn7aXlbS4AHZfCLllNHynt4qLAddCGObKqbhR5CafzHmQMVilv5rNBR7sDn7Ql C9EqTquZ1niYPp9NfNmveuRknemIZPWZPWuP1D798vDKZcYkQ7kFeZJUFFPF27mc MiV4wdXJUSYyHDc7ZhzwUXjm7EKvU2wUR9M3/K1gd83Nq/h7+bv3TP0pnLiYSGOv LAo3i4r9qEU3ETzTg0inAJQtob4XmsN0zYlrLSHRuPuaMLXQdzn7RWWQXBo0nA6s r11ppkqZjnryniY9KEsLLwZzTfpepwbRPyMpzR+KvdzEuvYdHVFn52Rid/UOfLA/ iXYehrZgXeTcDyHhVTuzIA5PxorQazFOHpHjlICpFv1qMXizutu4P8935kENC5N+ QZH5ArnQrTyAJ2JcIdx4NNEbR6c8fx7jENiJA+1PulxoO0ctJfXtUpTBXWFezbcS KDPZdswAYhnzIHjF6HIdSkAaI/tSFQPuZwd6rdFzA2um0gJUr3Gq+63h0dwQUdMu PGyRvdpS3Q/hag0O2vOLOcJPzEgF8ykjDMGLvwhh/xO0uax/beJAP+gV4WcBwGzu BaYiyc2PaXkzFEDebGnr3lAi5hLD37e2PXQRsJar9VHrV2Xxne16hJZTJJ479sBL DMuebEqvgS4wu/PnnpCbcIrKXT1UgkSL36WGm0axv9yh4Yc+O/hS5tEmTIe5eK4= =mOrm -END PGP SIGNATURE-
[SECURITY] [DSA 3315-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3315-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation. CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL. CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library. CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library. CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy. CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library. CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library. CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked. CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems. CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 javascript library. CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy. CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263). CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing. In addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention. For the stable distribution (jessie), these problems have been fixed in version 44.0.2403.89-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 44.0.2403.89-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVsi9LAAoJELjWss0C1vRziN0gALQ34XXl/qN5BlJrTH+8xaUm ZUZYAqSJK+QgFOOVxXiMWDREsLV7OcQ8CgAbq/l+jumfaq2yY6uVo61xT+mlzIY5 aVT6t72NX3fUR9dVxiW31M0qnY3jfNFd0tBD2Q42Zuh7PvDspLYKKsytrcyz5oYJ GFbxrW2C7/8bUmhd+muzfYCQ5VHohNMaV+QgeEPy/XUrgFgjWJlEVDSFIS9UnGsZ y+bI4ssZjC3/+SeqkyIxBzeqUK7zbt3cDqpyEtEjI1e6KijkJRbazWh2Lc9qkWON VOzU0o0Sb/ftdCV0Rbkfakk2cj2F3WAoZh7nFzCMAdqRVzczfUZFzyOH4Ups30CZ qjHy2K+cqtmDg2egsuDKI7M7k8uWlSWo2J6hyLY1UKHei5QwP3nLkC6BQUaTXxCW gt1IlVF77eoBOXTnVOXj59OQdh1KKXsZ9IkQVi3c3JunKHeOgYRPey8jNEjTp0IV 7YNew1a8RnsIpf8GwTqCM8YaVUcxxQE7sv1ya7k2C0QTGQpqUlyT8FV/P1ZembDJ 6fpqn/IQWv98ztj3yuuJA6SwI5uDpE69u3JUuGCweGL8iMN+DU9cyWcxfIvvAewK
[SECURITY] [DSA 3267-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3267-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 22, 2015 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library. CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue. CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling. CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS. CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site. CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21. For the stable distribution (jessie), these problems have been fixed in version 43.0.2357.65-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 43.0.2357.65-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVXrgRAAoJELjWss0C1vRzS5Mf/iSPN/47Wt02hBpAGEMEjirv 4Ee3gJ/Sb/z8EtE7GsZOxci1AsJQYZusm5T6rcwl3Bu3Rnsjj7swZg7cMJBb73+L hfwl8xY47cjudXFc/V2wJWghjBozIrsaINSVgpEA6AiGl/5S4f941Hgz/Nik8sfg 0r9hH2jU5o3BfYKViAZhjkOjxmXTlO9zPeFD4bA/FCo0YNyN9dIIJYbeBdvG+z5H pOCs3L6QnDyVqu/Zcpi7BtqilDvseV9QGagqg0WpbYimnqvjeeWQAlsKE9+NhwDY DQ+NufPSPpL3hu+xxPm1kLLndiKRGb5S253Rl+8kWgeKa+UgvdWKePdtQYaidjSK uVF+8s5en36D0Mr/OOC3a0ZImMsinky+6mg4AjWuZwo+AirZ+DQVTkxMRS9T6l9k FR3h//VYnqBihbuYrJnRunFjo1RFzLM2P7NiMBAJOhAuVAK4OSpN0pWb/KJN23Ch Q1C9vdq413VCtgsUuMYc2pqoc/XDBK5CNjtgtm+e9ZdPOKg7A7POuvw7QIv+g3me iRmkc1evjwa9/nkFzgF7HpcoHv25YdrktsF5IfVOXEZL+AkIhViIDe/rIkuxDvz1 uGQFLh+NRWnAeXM89NNrFJ7wmpJoG/PbNWZ44HYa0nQoVz/ygaw827U88FxgoZsD PVvRVC9cV2S2OpOU1gMg8O5mbQi/g2HQVOEdM/rjoot8W2/K7zfmYVFghFAoNBp5 kAfj3j9c3yHKZ18wFqF+yvcmWBBWGIQvd62s23hKVb7PW09ShArvYp+U7bMwcVfB V5q9hboqgGVjcyd32BIT1ZW3zSyZ9Jaamw3nLVc2ro8jlnb3UqOK2Kkzb87tBfWU /ga1nLgy6bg9H3au21/6f+ReP2X96Y4KA2sb3gqhI2FVtJ864anbJM4KcOR3nsV6 m1QqfkksTx8EUlca/k65zDHt7bveQValM437V/OspnqSMt/dquDKJxiRY9Kb/wWZ Ao3QzrLb349xEvxq1vqz1DEiZ2a+w9xA9FPaBXXMinX+93kK5ZJZbIlcn0FQbMgx 7MIWSBI0EutMfoMhexB+7BEdVBRvr0QppxMFJYlJwl+o5nY7aANtboEoU/tqOiaO /+gQL8evd5Fh6IaC1WMWwXcpypPqaDWzXF1ExkGRpwWO6Dm67k97k79r1ntzVs7o uDz+/V0cKTm2mL0FxK7+DEyxsxb3SgKD6Fymd3tiknD/hXOsKZkoCKMh5XLzWWBP PU0DRS/WysA+bGIvqR29GWHADQUvj1A6DjkMIinkitGdaOysn8RlENFZX39XQ94r EjpXvjyw9rkRZtwMeGDTcUJxoeWNCyRBjJMcEuSeCKmOratYaOMgVpvQeGR4Xno= =GyQo -END PGP SIGNATURE-
[SECURITY] [DSA 3242-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3242-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert April 30, 2015 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1243 CVE-2015-1250 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1243 Saif El-Sherei discovered a use-after-free issue. CVE-2015-1250 The chrome 42 team found and fixed multiple issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 42.0.2311.135-1~deb8u1. For the testing distribution (stretch), this problem will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 42.0.2311.135-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVQuVNAAoJELjWss0C1vRzAucf/AjbgLGoN7weS4+7U0AZnQhc gZqTdMYDxUO2cWikkJbGPdbUtKRz9PRle3YSsi9Ls5aSHnKTF1h99+Eor8eWBimV VRjYDC5bdF1x6rByA9NR3J6w7aCwFSQXYrsaJyGPrVR5I+4Hx3aDk6C9JKtq7iDd CX7cpk7GAUNbQixiw6/YQuevEZc/QcjM9i+wOMJD1agTQV6O9k0Ash8OsmMrX+xl 8sO4upsRvFC5e+zc+ARbq5MCa/0sFRATd7w/biEg520hFhpTeXLZSu5FJwgqPbQF 8TzDd/xQjKz71YO9Bt63Y0t6sivrKyJKbPJtjYmdRU4dzWEOUD6fC+MvsWvb5YjS BbeP2iRNZugQly/HhhTq163gbQOcizX2/yAZ73iEfWfmKuIsiIgh0Q1CYMNeHnJf VQ7pAOBMx+zsaAE8JD+dE4Mp8U2dUD3+kNwW9w1UDq59ax0LK7slJCiZUl2qcJIA /uLhcvfJRSGJ1n65obzKhzSgW/JkydYDWTeLOY4KrRARPkB0WrI8MgbNA8Cx6jOM V+hhhaHflsUcBFqB0SNMsLTUPvbKDhtqwhrWuCc+/h7h5na51aOyXB4BoiBYYgZj V3lcp3pwKsV0lVhBQbHKuJXX4J7bBYhoIxUhlmjppO46yWvWzW/lLeyFT+culiaP STW0dngqmpLmX1WPaHosnmCpuVnCwpl5vQSNoHuiy1Oa8sZcw23byilNMH1ol8zP 33tITma2j6QASCwu8SAOdH0iZaOHEtgrNiQqhFI4HcmJQNZudREF4YAsnE1NYvTW C9Q0b2L3emX7ylrJYF4RfmjYl5wU5mnxjVbhSQKbA3DjjKMPrZ1Cw3s4jhKMSLFP liPEmjogWULxU/XBGKB+EworO+TOJwpdMXEwSEtVXWdHWl4HfSw+oU1NQD6ruIW1 UA4n56/vVGfAvKzVVxnVINFfuDl8shU734VGNGvxqqI4m7G8v0vTCM4e2an1bYfv Z3hr1ybMiFDfnTcMIp1agOM8lvXRjinfhy5Crbqxajx3fKJ/4QuVPQEtaC3nXbqD gVjFVb/lWQQaWJSPqcRUFSDLHt36WP5NGSkseXi1Y/jWhZd4RxWKPwUs4Qp1/0gf kZ+fLpnbNmRQETicrridR6IuAoEmcx4cyGpjJ8bRZCIGo8dhCsfkV3dagxqwSANJ irGWOkoJ/dpxS7uJ10NOaNzfigvbGg4xr9Fj2aZtJbakwNjtn6bHPO1VHka1/wWP sYcdYqtxXh6x6xA1X+0/IBFPcC5JVPUtBJRiGIEK85h8Hhib7SWbChxq2h5ZSOhz GgqsuCaf24q7RqBDAkwJZw+XnQYXZdcyGismEX03ZZzioSpTFG07KhsWWooK4Po= =oHz+ -END PGP SIGNATURE-
[SECURITY] [DSA 3238-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3238-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240 CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246 CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015- CVE-2015-3334 CVE-2015-3336 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC. CVE-2015-1238 cloudfuzzer discovered an out-of-bounds write in the skia library. CVE-2015-1240 w3bd3vil discovered an out-of-bounds read in the WebGL implementation. CVE-2015-1241 Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website. CVE-2015-1242 A type confusion issue was discovered in the v8 javascript library. CVE-2015-1244 Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy. CVE-2015-1245 Khalil Zhani discovered a use-after-free issue in the pdfium library. CVE-2015-1246 Atte Kettunen discovered an out-of-bounds read issue in webkit/blink. CVE-2015-1247 Jann Horn discovered that file: URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website. CVE-2015-1248 Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file. CVE-2015-1249 The chrome 41 development team found various issues from internal fuzzing, audits, and other studies. CVE-2015- Multiple issues were discovered and fixed in v8 4.2.7.14. CVE-2015-3334 It was discovered that remote websites could capture video data from attached web cameras without permission. CVE-2015-3336 It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking. For the stable distribution (jessie), these problems have been fixed in version 42.0.2311.90-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 42.0.2311.90-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVPaCNAAoJELjWss0C1vRzg+sf/iimJ1F9r0xfcyisL5j8I6Bh OjrlAOS6tngtr8Mq7RUR4hh5Dusm6gzGswuftgZ3RtiYnBcCBIpE7QEaSRJS9lDW 6N31qxEC7F9fs7tccaoqkRnEbYTxCNRwp1Y6DsNxj5zzFzvMpJf9zvpI+vBwEUK5 cEqZ0X57v0VjW/OEpAuSY5KFodvFvOLteTpi50cMzvBOo/0JWcepXpt5mvbvYowu eA2dQDhlcwlpKWS8Fobc7T2JkpA0oobG3RmzOGCuX2mPnXEndNBoAE35vNqRV5Fs 70k1Y8b9Z3P4l0vnaGcQXnz9pvBsA1chm+vIJ12VTUh2ZVFTxvyCupDOwsryEeNM pgPQqi8I3UOzP2jyuBm+/a5ADtCzTuw+fCFXpkETul6jlAPFzFth+KTHZtOX6cXi D2pUGYlNTLRoayRSl962ikGuje556Hdhj9jnOzyQvDOKvdt/RykNM/S0aSBHqub/ v1+5M4PKgWVmOpj00f2uQqhLPw1bUC8LVLaWzusNWY/Jf1ljiyZtjD+/+fn2kW6e JjXSAqkbfSBz1xu9OSsUDuFj5RnB/NEYIxtTp8dr2xUKVVaWHoDX17mbZ6V4SpIp bI21vmHXGxzxvHlkv8l/7x/Mmyoec0N/gYxQBHVsmBmXCF62ombK0NmAtShdNekr 0lVKpWCOgKabUvW8nvfFrZjb8YVXETLvAAKkgW1bQNEgNT2bIs0AyoF06VJ+lF4j Wm+6tKLsoJoVAQ835paEZbw/4c39ABZM25ZIquo0srZ+WeoFBsnLZ78hOvsZUrLl 1scj2tIwJXI1aEmMkqCsjF8bizDpzjOiQsxNL7MteIsVi+BCRhqatXOqTuKjkgZT QaMKOtbS/tbp2qq+uL7rFbmaPArV6YtEBghWjW8KfgoS7/n8Q6XmMdhzPA3sYqMp 14U+KqbvcAvjujiJzT0wfo7rfkdcdPmhdWEGILTmxYkIg38IvOYv3bLJKFhRSUK7 B1+RIqXOHGxpqY2vyZQxgJTzHZ8dwjSDDtceuSaKbZhxi+pl4RlVQpYbzEDW2IEo BJDYNHjqm0yyeY9n90O6y0lwpz78mr6+SxDR+3qaUsGyrt6LGI2yNGTsULjc7sXu I1Bcbel+NtR/xmTBBz9Czueg4jD5ik+CB2sNi90qgQlZhlbcSlN03fFQ6eCpYSH5 EThWT5rAiscpZHGgXfVabaAv+w1OLi0ljK6A08sYyAz0CMGHz24VlxJtXZBfuu6C Y2C4eDZ/M96wtWz2d4p6sm62spKhZoRHD0JjKlGBLeloeqlTagcAw08zf964ozPI wYoeI52SYPjal9YikqPLlzYiJDkAi+ejxEobZ0dGSHKuohqVIIAygOJCbq5ouoY= =D5o5 -END PGP SIGNATURE-
[SECURITY] [DSA 3187-1] icu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3187-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 15, 2015 http://www.debian.org/security/faq - - Package: icu CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654 Debian Bug : 775884 776264 776265 776719 Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional out-of-bounds reads. CVE-2014-7923 Memory corruption in regular expression comparison. CVE-2014-7926 Memory corruption in regular expression comparison. CVE-2014-7940 Uninitialized memory. CVE-2014-9654 More regular expression flaws. For the stable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1. We recommend that you upgrade your icu packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJVBRIKAAoJELjWss0C1vRzffkf/3c3969L9aI5JN/9i+N8cT3a 1wdG7JnH5W990a9nt6zEfpgVT+tNIM0AW3Q7hY7P4ld9rQbht4qKZA2n739cqHiF tpQwWWv+zPxwYYS9ZLKv36ptnnL4w9Te7IqHyxFkEijxyYO6zyWbxe/yrDIhRh4i ayQ9RGpqWQk90A/CZCcJm+7DWJu67gU0RVaRVTzPsd1yXnLcpXkmcHJHyUDhHvOF PhfDIsXdNCqxkt4o/rUkkWM+wU9wIFP1L356QCHU/wtUJjvdfd6bLJH4fbcgaW3f tzzMRv1Vov78KRxZqdYK8EBJb1BELlHvjmTmkvPuXuflNJT9ioiEi+OM0it24GGI 8bl56KrPxkAlkkfKwJ/0ZKP1UJsHRjTvymV9LY1wNXUTl3TCDbccX4auFq8/r67G ohI5nhgOT0IHs/hn105LfKAa6IEGa+QvdAto31SYHhqKONkYIUw2XzTXLMgZGLlY u8QRi9IEd/lSK6M2gsWlGBB0zKZqymzyOOMJXEs/k+iwyenVp486/2Vv5xP3gX6B Q4NSW6DWU9Ke5XpAT4OkeE0DDSkr6LjsFTRZEudcNHeOmPAuoD9n/mtZOdXcpBqD 3qe/EjqmPSjrKNonWcubeeSonCX8Svxd9nCwTxrKaXHjKanNqWkjulW9+a/86TWT hDTrE8OIwAnv//kZc57ugNehEqEv9njlhFCI3UI4GFNyAyk7xkE6MDlQxWYqPwt7 ZTU8BFWwnF1wd1rAHijLZRvVCaOy279JrtoIKhfyPxicCZjlRUYDueu7cTe8hvrb YBeKobGzKuj4qqatKeGfb6zZvmt+FjbS17Z17O7dtGmb9RKTpAbYoipr7kRVCJtX 5pSUpzKFYAnHZAd1B058IjY3Vv4EZE/ugn1InxtAjJ84WaIzGXMG96rWyEYyyNGx 1gi0rygt2Cx9I5akDvmDAnxr6U8VLS/LUQKHp6vR6RU0+VpGn0CkQSgwZK4viEmf iBsCmHXbLp7K5hvdu3RXqDVjdEnnGP54NARu3u63E/HMs7VvXti0WFJqR1ZqnzIk y2kcJufPtDFMeLhXAIygF9RgIB/0RgLXQCivwGKaZRiBCWhRgUcWppuJpRiCeXVn 5KsTBWAEn/eGPtut9hCy9wjxCqYYXb/2/jT0l2ZOBKWx7bWsARa0OUxXRFeSONIt rcYAQHr4ta//pQVyi1wF15lTTLFMrhqKkwS7029deDSV7JuBX+hFObVWQT8c1zjq UQC269Da7pnps39JWrwukdqKRxyA9/GkyUHtntwKB6dxdEJ8OGtt90V92dUzkHxb 262WsoTQXWX6HMxgp9BDz7TOnAB4BjG1ACKud9GYjp5m46wxgbt5MP5tgSGAm4E= =4GJD -END PGP SIGNATURE-
[SECURITY] [DSA 3165-1] xdg-utils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3165-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert February 21, 2015 http://www.debian.org/security/faq - - Package: xdg-utils CVE ID : CVE-2015-1877 Debian Bug : 22 Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely. This problem only affects /bin/sh implementations that don't sanitize local variables. Dash, which is the default /bin/sh in Debian is affected. Bash as /bin/sh is known to be unaffected. For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u3. For the upcoming stable (jessie) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your xdg-utils packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJU6WG2AAoJELjWss0C1vRzmEof/3yl6xrjW+HidxZWt1gFfxE5 f7h5IvNqT3CYkR2oTUruUH8CuKqGgGDOdF3Xg62gid2C0KnK5Y67ZLKPYrxTM1EY yP5XZvBwHWO05SMx9qpyk0qCknTESXKVongIA5QVAJxfKfStnGa6igHJzNdremp+ qpm/0IpAu50RF7jWJ1RI3EFAYT0xWwFlBqhEGVEZXEE+4BSR87NL66UG5qaXuiT6 K1Tuj7s1mEPuXrL/Kg8wpFV8e6RUuHSQgeWZ3lTLB13AnMeZnOMRDG/rf8/iruhX GXl50mzReTeVzexd6CerG7lZkORWHIhPvRl4H/4UcuH5QIUrWEM/ipDgYlzvw/W/ c2gesywaO/F8b8TKy9sC/3VHQNXaFr9ar/lShkHU6z1XyqerHbFQWWZb9yc0zSwB TPOzI4YMylklkorrOm9HeFbSIrB+pfOI9ivQSapQqucrkejXy0R47bwy2FJY8QZj 4D2MkAwjhlDiRWGVyvqRges/s8+zBUzMIhlfNq54xI7ZaPlUAPEQ3fInLFZJ5v2a RDFtqvpzdi3GL3vR/ntdiu3zl+gK2OOfgHVe5CWdZIqTcGNmUa4W8Gy6KoTOJGRq UMrvp7qKI0lTF9tyQbpDi9Dq8h74foxnfrdEpcasNVLlup5SAKRgtiUnmku4I5Ts Hp81UqYWWdWjoD97U1pcy+3xgQeariDMMN5WDDYKzT5FTTcvSHEmeRtb3p88fqM/ kDiUD+Muda7j6nfWHVgsO5p9lhi8WrWpry0WAaZ7w64HXhgb8WM0/aWcn8onY+R/ jcSkKyKFEk+b71nYrgS4JWhzNATCu6kgPH0kLNvJiHZkA9rVHWxsqZfthCBrysEm aCftGyqEkGJFWVcFwxXkCb6NwN9tIE/rJj7iIi2Wp1cVSQGJA24Zyr8n8EprCnYm kMGEw33+iYo3xdTTie0XWR3yMop7R/yw/FXGGjkkptBnMS4EHizZsvTtyQskO15V q9qI4rfMAmV4AOY4U8eJoARZ++haeAbQ+JArjwtxnQUY3ZuYDIDiUFv1LHVKGM+c UXdRgiLMhz00ejTLLAD5x8MZ08MFED7E9km3zHuzKmd1QS1V0OSZc8jEquDd1IRd ivc0DIRGae55zzgqwkZV6znFIY81cmd5sFAMrtQBy4pmhp6WWFHh1W8JETc+l/t+ HcIA1FMMhUC/peWUyJkkA0o+TpDpbfnfSwOJoQAxeXgslU2XyOU8r/mc3ze2/GSu Z/zbVLr62agmh0Y44hdTHFGBlZcYPDHJiKjqcBvQSjTk5BvN0FcQ7m3HTz0lYHpb dnbBCteP/c4srJwjTwCuPVTlz2WI9mzg1NNTvVWaB/ivLSPiGky/lqKt058N0Gk= =eXk5 -END PGP SIGNATURE-
[SECURITY] [DSA 3166-1] e2fsprogs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3166-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert February 22, 2015 http://www.debian.org/security/faq - - Package: e2fsprogs CVE ID : CVE-2015-0247 CVE-2015-1572 Debian Bug : 778948 Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem. CVE-2015-0247 Buffer overflow in the ext2/ext3/ext4 file system open/close routines. CVE-2015-1572 Incomplete fix for CVE-2015-0247. For the stable distribution (wheezy), these problems have been fixed in version 1.42.5-1.1+deb7u1. For the upcoming stable (jessie) and unstable (sid) distributions, these problems will be fixed soon. We recommend that you upgrade your e2fsprogs packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJU6WsvAAoJELjWss0C1vRzei0f/16GTKMx4llhFBgNmGQVoW7e O9HSbb1iBbuipUlIFeAD+YLOiQ1CHxANbiFBbDa1u1/PGseQn/3U1fDNiICbT3a0 fVWRgAvJce4q8vnKFEPEcCU/sxOlRY/+ya3rl/lBIQM+JIFR3FVCJZsEqU+1Ldp9 z2ZFgqwiLdriAfG5BRAqRnoWQYwKqJimouwo+HwB9p6S+Uayx0/YdgjlC4loOeMj iErt99EUmUHtgul8pNacJGxx8pE06LX8/cF9G6IF0wkIrDLbJ8Hqsd+2IMHy/oPD ya5gjFAodbFo/bUmBsQEgKxbSUqgoWLT4+7xh0f/OoVRUW+rr2Vvc3wZzuDMt64P swD5cJaB1LgETQpcmDZzQyLl6xlReJCNl/1ciLTDAWA7wep3z+iSG0CGLCFuBIPr hPigRY3kW/iFp3wLstX++8SNGsktncVWRzrPiqpm4gZZKQgIUTPpRGCXxmTNYHyb QS4ANsBIJ9ZSXytVxeA8HITOr6rZREJpCR4x4+Pq5Fq9gkwO9DmX5tNXueYHRNN7 Is5Rwp+qH6Z5lFMk1FRl5PqNPr99JRMXUKhBxUUAhOkouDTorLe/MF2ce/iwSTvw qPN3NCoAzsPOBOgud+4XzL6mKTZYhmAVPYroFmNAEviQTvUvBwo+cJsBx3ePNC3z cEI6u9XhK0by3mWrz2cjqqlytv9wbAhS9l0OfMxFm/QA5Qhvooq1qFcjXn6bmVjQ BOosBHi6e13v93qvZ6GiXcFNChmm8y2YAzeyR0OcNvHNruSDEVDO+c0zdD0DzuLy EXZo/tOOdpR6jUE7UiUg23bjz8FbyaUqr8XoF8e4FZK3odvk/1uhZAAuzdhmNRc7 W3V+pmxpFPER3lAQbeDBln1nTX7fskGYcBHax4KluaxLuoeOdDxKzt98y6DA+LHM m1kRhMR/fjAV8w+gCFUic3nFViLIbbArYpB4GiFmEpdxWbRmbGvNDDbN+T83JJaz 8EqZvPOdU0p0Ra6mHLnJnh2HDN0jSwN3484tNA8jYnG0MxpBeOHYhOyyUV/8tfZR u4Db5UWaQGNjvxD8pQ6Q0oywgEWhsj55qoR5pYuQeqVbOdZwOqkYdm1xww2L2r4m m1IA7ZdFkgZIDcJwEKu1Gyizg+Qew/1hx+5qJy41+0jgvPicC8p3KXHAkTlWlCYZ j31N7bxLBVc9oogwOnrNcBTLgWqZ9FKj2/m9B0oLVEK+pmcTzIUT+nhdWRTK26F6 6Da3yJ7P4kN2o4/wpjQaKr54R/TCVbMkZs5ELwuk+jP2AMR1SBF/qy9uq5Zwm4sX 8hgIC6CaO0qn4XNBlj7RgjieuJHVImDirbjwRBlSLyFF/+ge4pKjqoWY1K3cezM= =GKAx -END PGP SIGNATURE-
[SECURITY] [DSA 3148-1] chromium-browser end of life
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3148-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert January 31, 2015 http://www.debian.org/security/faq - - Package: chromium-browser Security support for the chromium web browser is now discontinued for the stable distribution (wheezy). Chromium upstream stopped supporting wheezy's build environment (gcc 4.7, make, etc.), so there is no longer any practical way to continue building security updates. Chromium users that desire continued security updates are encouraged to upgrade early to the upcoming stable release (jessie), Debian 8. An alternative is to switch to the iceweasel web browser, which will continue to recieve security updates in wheezy for some time. Note that until the official release happens, chromium package updates for jessie may have a larger than usual delay due to possible bugs and testing migration rules. Also, there will be no more DSAs announcing chromium package updates until jessie becomes officially released. Instructions for upgrading from Debian 7 to 8 are available at: https://www.debian.org/releases/jessie/amd64/release-notes/ch-upgrading.en.html Media for installing Debian 8 from scratch are also available (the release candidate media, jessie_di_rc1, are recommended): http://www.debian.org/devel/debian-installer http://cdimage.debian.org/cdimage/jessie_di_rc1 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJUzVNbAAoJELjWss0C1vRzeJ4f/jOV3x1a3ygWo5ZeLsh4yX2b IyEvuSzEQJMlwo8gZLNkCDg/6fdwbmatCy/AiSWSIoeQPHBGJ1CRUAoTsxvdPrRd FYryH5R6L6bO5ADmQxirQb/mTHvvw228EBRhbCjVbjUe+dstRhkwIDz0I39cRd13 7UY0KS+GusmviocafghxjTjtsFOVv6HsqzYRCYB2DYTvumiJa/egJHuGqtFTU216 jUlPzMMvWopI6Gm4rc+L2Q2RZrK03AVr8xygRlYDUoNhOHUxVACtjrrjQJ3UJb5N 1HJ+A7j6MdHKOvTuHpMDYtxS9d+uwkiAb23VSeb4LxnH3idsQEsMrzXQf6KU1A5p KBkjwg1G6ZQ2EXG/PLjuYj0O/n7Xyrs0RwyRSWSU3rRqa3pTy4MTvDgFTYcTY7Vj 6T1kZZZBfBFtOAReFFtDcu9/5LL4qmtC0eGn0Fh3X86V4/gKcOnJ2iRNok0u5d7k nF4HNcHGIdgQ0tjAW0DMNWfLq9AucAH6rZswnF1XpM5TOZze3M61lE6Y46bT1IHx LXYeQxf0wY0Dw5StT1zMbyCMNpsFrvts6fcs3STdAdF3+smJ4uys08L+AiTbzTbO izo07eJylVQJzm31YXdV/M4LAsHZpPtXLntEsfAB5jwMqH+lGhKjy9OwhFhvhDKE 8FZ4YRXii/RN6ofjcyuzYRfVZx+6rQcgreAFNKGp9XCY3qWdUIIXcGMp9DP7npoA YXwnJo4AgweGgwUBvk6Ak8J7Pd5ubpMF4DwLT35yE/GgPOMn0Y+159Uzh7gA0LXR PLL6GbcbfmamkOK3c7/5ulEUUmZ8XNFxBBKPfEN93K3wnep61qjEPeDtiOdeAsiM yoz6oGYF9PLG5A7N0BK9suTtwESUB7DH7JHW61rZw2sFnnpYvo7dQGvoEUYezICv 5o/kI+/4EXASCi1hBQBC3auSGPz/Sat9j+mMPHIDo/9g/LrOhB3X2q0C4YaG6Aja HVKCOW377RYwa8aCmw4XouXeAnlliUzUKUVBrss74Pze0BHbkHQAwhNUYhVsOojb 4JV5sE/7ooOCduxWuhCG77tKIBxzjGebzz9AllzdcJ6JBcix9v8p1HoVRp8vaDrP o/hEzjxuU0Y5h+fjoJ9w60t1NkVrYRQA0qoFGK7uvQZfvKLi84aKu9KBmxaXyzvX 3SCTVAjJ5pOA7Fy1FszLG908rBzrUOBouX2zImw05JnaqZXyxqcCVxGcYlNg5LUf 4qWPA/BVSY2ZEvP1ZSq5bqvKGi/k8HmBiJ9/ZwJGecGZzn+jVaYrYfZW+n0ZvIdR +W1u3meH1H+lEqrTmAhK4c/qJAVFXSBSdOuVISYnX5CNixm3uPHOiev0KsSGJtw= =s8I8 -END PGP SIGNATURE-
[SECURITY] [DSA 3131-1] xdg-utils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3131-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert January 18, 2015 http://www.debian.org/security/faq - - Package: xdg-utils CVE ID : CVE-2014-9622 Debian Bug : 773085 John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely. For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, this problem has been fixed in version 1.1.0~rc1+git20111210-7.3. We recommend that you upgrade your xdg-utils packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJUvIOpAAoJELjWss0C1vRzyfIgAL+XQ0ld3B3JXgdPJQQpfdaY 00JPoJhdpOEBxofEiAgkNd7EV2COkmRPO0ekvhxEKavxd9oxUWmNyK9bZ+LaVcDg OQtAE57gSTF3qFbgOsuPkU0q6eMVPzH+kSxuXBV5962LNKTvdNnnWlri70aB5JLW rMXdcGkOlh0ozDe5CNz3wZRZGUmbDyRbd29F+BtfAqH7fBtrCBUifwr00A24E6aS +DIgCSMg5GUuAU3SfTh1xSE3+rfU2uxnTYC1ZdrnJrlBiMIqfitNaE2QOVw8RrAm PA62BWnbkHJmTHmG0NfAlU5mv3QcaXG9QEny0Plh6QsL1myjkUngH+g/EfdGg845 LNU84A8U19YGfXdWD+dCol11c5mfAPk5NQdtapo9LuP3Hx05MDYVxXCfupbsEV1i AMHplt7jhnjAsZhgb0RGzgIbi8OEk8rEL+hCiwzzHnmL1RjtHiByhOMFf7ZpbTNA tF7/cDNchhVaxJ+iKId9JBB0X2FIRrJVfZST6LT3hoCV0nUwjeiTMQTz1Lshs/8Q EoUfLpJJDemdnk2otXNPGDD4kzJMdpsZx+u77Pm7ZD45LaWuVoROUrk2j4MRwHzK sI2B+8FA5GKiG1XWRmvTaqm9NZl/N8C2IVmvw1yPDVdSQ0cn90NeJdjcqFt9VV1e RljXNebLmbE0eLXvhB2ZHPmEy/uedzr2isrLzvejU2NyJKE4qwmc4Xv1o9cxT85J lh4KOPkOEIgTAsKvywG1bilv5cNLhliEN7CzcFO2AIDIYLz4Txy8WiOHHEIYxTWt DlhdcXACQ/jpzt8dZh+yMUU33FjsO7fLSb7eaGe0FIx8juZG5gIr0OTg/6eZi+Eb ruaOCGsKHV0uKBIvID22nDjJnvKsp0fDzKDTz9522ypNQI7k3Krv7I7nM46Y9oN8 n1gVKH0DflS/eZnMDgixUoBHg35pFPSz6FpSAcZRPFxCBU45+K2u0ZZ7Yq1BwEWc c8c12hVnydyIdNmdqVNIXfcdal+fAZd3ZD9fS53UMQac+RnU5LnLHVaZuyMkITyw IjJWolZj5JfENaEOEPOkspzm48cu/vp+u4yBnMMy7KyuXGI8y5rQGQIF1/7QJ/SJ kWVE+qFiI2OPCMQlcyvEZqcaiBqXVrA8kAtH4P0fzz09M806+kb3dqzmxiEUweR7 YaRWSBLir9t6LXRAgAEw1v6oKxwMUWc5ES63QvHultdc4rhB2tFwwuvg0aYXVi3+ HEm7O44WhX5qQgqOUY0N2AJB30i7VNelwLK2Xt3wm/ychcHhkv+otLp17WvBVjA+ 6LnJAClnPFm1CLJbpVMi9iebHkw9kJDsN2CZqVs6clSGVYYzIMfogg8969Qona8= =TI29 -END PGP SIGNATURE-
[SECURITY] [DSA 3111-1] cpio security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3111-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert December 22, 2014 http://www.debian.org/security/faq - - Package: cpio CVE ID : CVE-2014-9112 Debian Bug : 772793 Michal Zalewski discovered an out of bounds write issue in cpio, a tool for creating and extracting cpio archive files. In the process of fixing that issue, the cpio developers found and fixed additional range checking and null pointer dereference issues. For the stable distribution (wheezy), this problem has been fixed in version 2.11+dfsg-0.1+deb7u1. For the upcoming stable distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.11+dfsg-4. We recommend that you upgrade your cpio packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJUmLzoAAoJELjWss0C1vRzf7QgAIy/vBsx1WbBoO1ntcCB3QWT ThCFDW84kFyJhXt08VGSZyAV/ywDLxx5Njdd9JG02ZS3cq7FRHkXs5PlI8R04t9x SQOhrNVIvOGZ5+USewDcXphGkJ1RYZX3jg67Cj89v9ELJZxG9g9OKGKg2jTM0wVZ dhBZFuMt0lUsXlG9mms8Kzg/Wqdt23K0kpG0zRPB3G8WKGVvqZuFPc4LWMfI2lMp vv150qEOD37S8rsXzZdELrrDt5ERQFmvR5BYrhWMsmyAA3HmpLsWCxj1zIvQCRMQ jeYfU92LQW0fzgl4DtDdGXJhnpH47IPt1VK7gAOhUB8tXH/zLRU/96JDaRiyqvn+ ClbtmUebLkK/OcB3KjXWUcnum5xDTrh+9ba/4OJppZifpcXgHkB2rnaqClBcVTm2 CZYtlZNPzCMofMkY0ZB79lRvleXJ2vUtDBeokqe4IAc5pB3eGIDov6PCRTYgggwe WCfCKx+k/WrT5sGGPAiFXjbJXmRIrBmqzoDrQQgZ98r+bQmDCOhEfWW4bd0InwfE lc3RkslRWuMiKl3hz0k0tE6kG02r2TC/PkNK2PXZXJDFfcvJkfSMZgcdkw2rRNvv aWG2V7EKMrupM7vlxMhPVOBCidNbx/Kvj7zLXWWnTkyIwQPgBHEEQ84N0uPk4Ow+ Zx9GIItLVfRbF/4+wa06E6xK5lSFI6frvxiS08hXuCWw77/0ilfARo7HjkSs4uBZ zyS8YshxW3S74gKqC6QOwxH8+3Z3Y611hcMLeAnjtTK+LsolSlEE7ep88LHNLAfz yjKTqcPWEAa/BKpysTHNKOL4sNG0ZTmXylx9BFkF3guQsCTyp1cJSxW7mfQ0AQwT sZHAaQvU8SflIAyXAGL34Qi1IU+bE4OaIsh5ltf1PaoJDIpdkQjAjG0nAoV2IrIR Qxdh8hggPln38vmDbj5/VyDa3895iu3djHlfMBUvpqcsiJpdHbPFHwgWQczFIjHx OmSIavnJuny5LcUZFMiz7T9fXvLDMNXhtaBe0yUnUO5ys69uYrcM8g4aobGidP4Q Wl6ZIfv/JfiCYmW+vMZd1Ckjd9A9ApnVNwnwo2eZs5/zoK98glJpEv3ZKfwne+lF RWOE6J/hmzyIX0pz+V+XdXP9voEELsOo3xHIYd443hUkI8jANV5/ivifhFrHhndr PIrUFKpzBupkRCMg3Nua6RM0VxEunyzNk32Ac1iB282Pm8GwOqbvl04io8+JidXt mu5Toop5XI+PMQDUSK18cE+LxwcM4DdE0J6rE1cM9m1ub975yi4ZB4yXglzEbxra ecDtfyB0Ygg0aStwPplnGZ+JcJb0RdhmzmZEflJ+NMM+h2eRpbF3Y9VMM9Cu/Dg= =9vV8 -END PGP SIGNATURE-
[SECURITY] [DSA 3052-1] wpa security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3052-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert October 15, 2014 http://www.debian.org/security/faq - - Package: wpa CVE ID : CVE-2014-3686 Debian Bug : 765352 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process. For the stable distribution (wheezy), this problem has been fixed in version 1.0-3+deb7u1. For the testing distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3-1. We recommend that you upgrade your wpa packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJUP0NCAAoJELjWss0C1vRzUI0f/0+0H+kYgMDFtpdD9ujvGd4J Su4KrAw3ZfX+4HXaBn0LrF8siOMChdCmsNDGp54B3PnCTNNuC1I13wDu01jgqJGa sQnnie4XeTKF3hRLm1BLIkp5ozwtLKxEZA1KYoaVOEJq/06wO7YGNJG+ObDMFcUG pJbqqtpBaQ/f2NhY3N4RfOgBuVsEPDSw2vYA9aaXJp1gilOJWkenCvrIvmMwWnHu bslSiqlv7TozQY387cPUKCco19mRcskkl87eaL2ptQ4q67p4yB2Rw6NHJp+HnC1T EQhLBVJJiE0PTqYckVVtU0yRuj5yqgRB8Pgq6Qe7/n3LdKhemnMsT3QuTzMJbSUI Dxro/54MM9NzggbqoqaCTZDkv3E6MuFvnkB1r5r/9I57L3f1iSX9sBU23LTRq146 dcvyaQZwB93rPHvM18tMOS+cnx2cylyQdwIxsSzOrfYbqBE6ibJ/VbQTUJAo/yEs 7wHDB5FN3KTfWygPS+MbiO+ZTuBlV7bGQs0lli07guDLkt8PPSjkctF/ycK4CiO1 u3DCDpoeB+7gN6kwHAEq+FlCH64UDac9YsZFXmvh+QBJ3hecy4Sg5vF0KnEzJaLb 6bQmoCnw4hXkBfqdMeVgdDQNmDTRMWM31gD1MKZmyXFQioeUeK7jIi8zWo7Q9LQp bFIoegAgBXtjUNs2+XNyAWVUC61e5iPTzbPS4m9EibKNV2kKmcSDLvgyprz24Wrq 0sVVv2MC0tA6g5eD4Xkcjs4ERrgjcEJHye0p2pUkxOie0ln2olGnUmMIMp3LJ9au zo7LAk1TI4KppJBRj0o34qykXU//M0mG+Y6I2GZMsfamqcCOPq41sXHpm8c/EyUA Uv91COG9z3JfEvw8X6PHxU/ZB/K6mwi/8fldBTBXmCAGaBLyKF2m3IHhv7l9TWpx qs70ldpz82yE9nP4j79su8qglrLF1X6Ef5ClySe7/l4DlkyKy1/LJc//7hG7ml8T ukmiLoNDEDUMBKqOxX6w5fOVtoGDrn7jyZVlEgAhGSb78UckOKnaGgf+hLd/PD98 rCYuw9qoAbUYmja7PG5AKfxz7VfRL3rOvbt4DfBYXd1F6UiJVLLVmLOshBW050qe AYxMCnjRFUYcWrOjX2YjAaEEYHvIA0ZewBWXo17/bKOK0GCAwm9v4xi263qjkC9F 2e3Qg1HaEMxwN4TFpEigpUL429OwLagvR/5nrd/XBl14WSXhbcUw4UENNd2L2bv9 wM2Y4UoB8q8X6T2Vb8CwYNW8t8hRRbB/caV6wQLeh0L1QMMFqf/SCBQ5VFRMXUag GTknMs9oYCT0EXg0ketGSKKMfNzQLinUD1cFl+vbt7yw5aNGY9PqlqBQVMQCmBg= =7z9s -END PGP SIGNATURE-
[SECURITY] [DSA 3039-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3039-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170 CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178 CVE-2014-3179 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.125. CVE-2014-3165 Colin Payne discovered a use-after-free issue in the Web Sockets implementation. CVE-2014-3166 Antoine Delignat-Lavaud discovered an information leak in the SPDY protocol implementation. CVE-2014-3167 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.143. CVE-2014-3168 cloudfuzzer discovered a use-after-free issue in SVG image file handling. CVE-2014-3169 Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink Document Object Model implementation. CVE-2014-3170 Rob Wu discovered a way to spoof the url of chromium extensions. CVE-2014-3171 cloudfuzzer discovered a use-after-free issue in chromium's v8 bindings. CVE-2014-3172 Eli Grey discovered a way to bypass access restrictions using chromium's Debugger extension API. CVE-2014-3173 jmuizelaar discovered an uninitialized read issue in WebGL. CVE-2014-3174 Atte Kettunen discovered an uninitialized read issue in Web Audio. CVE-2014-3175 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.94. CVE-2014-3176 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3177 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3178 miaubiz discovered a use-after-free issue in the Document Object Model implementation in Blink/Webkit. CVE-2014-3179 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.120. For the stable distribution (wheezy), these problems have been fixed in version 37.0.2062.120-1~deb7u1. For the testing (jessie) and unstable (sid) distributions, these problems have been fixed in version 37.0.2062.120-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJUKFfrAAoJELjWss0C1vRzHiEgAIABz3HDoSbH2wCbN58xmQPs EXADJVYxCyYN6YFnR4lSxekGX3p0Gr+zjGnVzmAVAQnflWEX4e+U4nXN581oLvC4 9DRGyFW5IANzi98AViRZ5SV5lFG93q/ipL5H74/kfg4gqBoxXTw/a6QF20nRYxES S5LQGqMu9Hzkto23nzQUc45uItapphd78StNLtdpaVVN2UV3dDMItMnDpDWpxv9h kUGK1cKjcMEVWOejvI8YEALYo6OMunwR+G6HwG7soc7k4zHOlesIJ86HoKz1aYgZ Yj6reRBZxpQSwAKMzdxKT5OyAMbYadOk6ryPmJSqJv6ky5q13quqqjjecIthY29G hHRInemqRNoGjza1OJj8+vs1K+uWoLbth91CC62KXKhSGVydbOhBXyLtpWsSLGVn YOAeT45QZqmIzvSuAm3HULJmZdLmiFefu8bSHZRuJLt95UZzHBYtD8i85DTCOWaO p6XymJQPbvJtPQ1Qw+ZIJnsjzMhFIwRmuJPm67ZiLt/aQdnsY+WKWlZAvrCSxczp n+eRNRKBRsEiKIQUvRv0S91wCSVnEX6ywY/faOrZv2aH8J1VcYT+qqjMmvpzHgKl HikDmyW7k67Lko8R8Ah92+pktFFFTx/aPEGWrJUOqd+OdREPlv8F06ZNe0lK1nM2 AYn03pLaJvCv3JqGFdEUEPQQpTMsI6cs+VC21RkP9/c3RV7Y6ExjtarZ/1nNVf7q IyqZyYPRd3WmS9gIrsOODUDBWeamd1RkYm3r0u61oP+39m6rX9GIk/2FrWzrefDK nbewNAPtywb4y1Xjg4aHHFiJEVy+8D3qhZkgUTug10Xye2qSzlwRbi+eNmdFwJ/m xf8QTNvGluPcejRiCYmTEosqT2SksWULDfqUx4+3k/uIfpaI15V4QXyIhGFlNxKs cweaD6U5pAvK/RyTuxigM1ezYTs4JZFkYDhbzeCgb03mWOmbU9VP3Sqr+klRRiLA 1cOm22oXmb8P53gHFXxB9V4jBdPk7XVwjB4EA20+qHH6jIePGnhjkNm7hgZJB7Dr vuKmA7g/bCEnlGJC9XjutVXetgF6rx6uVpDKixLOHYwux+2tIu/Qy0AuWfUhT1Yu /CuW/CVztOPyLY2pOwLT5Ao1ERdCk/JzqRzCUfvX+xGirm5b3yT+9j+C2Ij1ohBc Sxs+kAJlldvbUN8/D+gyInWHqbacnu0pnIag05Cwk2mVgOGhPAyJsPuAawqtPj0K aQbBNpXhCMkTc4kRktISA6CBcQUBdWuavKmkYej3SOmluc+sjw6dbm4W8EjI1pJY 6Up8h8azSmt5OTNiAtjxrw/ddH2mFCJGo5+jUjpaICs/218+f5XnquZZMTD3tV8= =pGsl -END PGP SIGNATURE-
[SECURITY] [DSA 2965-1] tiff security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2965-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert June 22, 2014 http://www.debian.org/security/faq - - Package: tiff CVE ID : CVE-2013-4243 Debian Bug : 742917 Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution. For the stable distribution (wheezy), this problem has been fixed in version 4.0.2-6+deb7u3. For the testing distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.0.3-9. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTpn43AAoJELjWss0C1vRzdBMgAMSF6LOZehhGi/s/gETqfDBh 5kRsWm/fjKjj+0RFivyW1o5N2DLX1Mkl5i2N6mwP7k7PkFqd4g5POWB/EmILfKB6 63UU1V2Xq8AYduj2txiYND+JUzkYKvEgBIuWWaOdQlhoa3ruTu8gEq5raA24sME5 fwkbmMGNffTRrileo/lw7I/N5wXjiBq8p/WTq9V0G3Dq0BZKMpQmneyfe3M122FG CiBLcP48bi1b3G1fQ8EtKvaDlvfq8j55k4jiH8If0KD+t1NSZKOPiPH8voH3Oxnm 8Ijix65NPdVYQ+ZtPZDnr6qGEIbMpbmDxggzBaHX4TXfJEmYzxxt9nLIzP5zf90j bFbP5cCub++3psoCBQ+jEh5TmILBJdU6xqPNcMOrUyCZYcDoIc8F0u1MLdmupDiY Hlk9LLrgueVj7lyM6A5y6pWMfca0+Rir5F1TTlO1nZZv7q4KRPI3E7dgXIX19gmU eytQSou61bYAuQJI0Cgb6G532h+xD09c4iwAu5aADiK6wKTQ5XWjdl7DjGJt4RIx bKtuprofvaVJ1iUWaFCaRGo2fQs0Z4e8mgZtT6a0xLNZdmwmLpjgK3ngFhf1sEsf rKYuEV9m1COm27mBo90J+4RUa7BGXh/H+mtj0zbH3UqZdfWxOlZYEOZa2VVKDlgw Ulfn2kUOBvs+Gh68/wqoqjjILsrnzXBxjAhwJSR0/UjLcOWw54KZ+Kyw2gT0lf2Q AoNOE9qWxk0ZNSDBI5SwH2Sf0XfDqwqoQ7YJSc6AuvsPOWXnsOdo5FHRXiKa3gVo aBykVk4H4IcOqld4+2h+QUtTqxYYR7LdWRawzekDKXRUtyUngrCP97BbwxX8afq7 t6YSUnE5zCxgeSss1LKSx3bMi4JitJoi64g5z+hrYQRSwVzamqVBnt1aB7gT4WZh WlqgAkjAHaiyD1XdULhpCA5N+dZKvt51C2YaN6mOnOFKsPqfWltn2R94nHzIhONl d7tRjPd1JkXgYp5H6fK71hREGZmBEQQNbdgYI5bOWFBRb8RbtS0yzgEV3VwGDbqQ W/f6ATDntaPGA045PS9S1EjtDG2bLBPxEs5Fk/BBxFfYntYMh/xpMCEKL5VfVcYN uvsMvd97aHTBSvMixq6Ncrt0roE/jaWkUEU/JUXHNRWNUBInmJUGwoVI4HB2TA9c 4ih1E+XIJxwFHZAOVBKA1DUBFAA4n0BZ/UpwJnh5TT1V/+F53/msrDXZ9FVvcvCl pontPEW/fJZbO6sC4nhJMjEjOjZv4q2JsUV2HowOhnNfhpdmvVrvcgSlgCHK00OP Y/Qbj8g7DbsDqAOO5rOdvB69V4xWjeBMLBmEYvYZ4yX1dHG9Y2uwyXaHRJidTQE= =ZGfn -END PGP SIGNATURE-
[SECURITY] [DSA 2959-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2959-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert June 14, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-3154 CVE-2014-3155 CVE-2014-3156 CVE-2014-3157 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-3154 Collin Payne discovered a use-after-free issue in the filesystem API. CVE-2014-3155 James March, Daniel Sommermann, and Alan Frindell discovered several out-of-bounds read issues in the SPDY protocol implementation. CVE-2014-3156 Atte Kettunen discovered a buffer overflow issue in bitmap handling in the clipboard implementation. CVE-2014-3157 A heap-based buffer overflow issue was discovered in chromium's ffmpeg media filter. In addition, this version corrects a regression in the previous update. Support for older i386 processors had been dropped. This functionality is now restored. For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.153-1~deb7u1. For the testing (jessie) and unstable (sid) distribution, these problems have been fixed in version 35.0.1916.153-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTnIzkAAoJELjWss0C1vRzk20f/3xH0L9p4hHsEb1i2nwj3U4R Y88r+2XDp+foO5sR7PTLVm6xmO0LbdfNzJLghysP/8w4Kd62/nYjDZ0IsuNedJdk k0ezzA6u+CHNK5QY2v6hjBgxvX0CFmstnF1+BMGSTG5Gd53cPpxlrQ/Xhsztxa0i weC0s7dArKY0O1wJcruog0ayvlzl/c4+1s+Kha7T84F2aTMGQ1Ul678TvjH0r5/K lRClxYPn3i6ETb2p5YA3thsgmb8qhIkC/S2mNirG0T5ghb2KJ9UuJRINikeTjCNe /dRKG6dZiYBb1QUkWI/oAwUdyzjho3ua7oOyt6wLqCeq6/QTw869qOUBaDa4LhHr YhC9lSggMs+4MM06Xlo2/4Rgm17tnU+T6ceoB4iVFjt3s1A1parPX1/IQESDTVoQ yAViCXH/R6wvER5i5B7dZ5MJ4u3K629l6cW6rRBQ8fhG2njjcUDnqhgRIgyiBZ6/ WC9naPaYcA+fBTvq71iVk6IBLVG8/azccB4l2o73A99Hxxahg9sDDOAucobXIIb6 86npzVmhwgxUgTR8zDoZPLfBOMr/fMZKdfwr+3/1r+xRIU4N/nxBh7EHhz/2JPTX DSaFNAIsSShOlOawJStq0q4dt/QgVZ/KZrLcQxNBXFbHZBZt+QC2tkWRYzFkTvUE bSQN9iIfWKcamzuapTcwoN/a8sgYpTxuPQbgv9JWC974I88LyQI2/joHCcPms5Zw aZmMp06j4peYDyVjSSjUUJEz6WuBK2PhBdScf7JI/bSy2D4G6HrEKa8yQ8VWbb2d RvIQaI6J6oHPXQs6Wk/Oph9e7M7j8N+Jn4gsnjRuxmdngxeUDQdD6MwPYocp8R3S ch8+OOrjrV6mhdJllOA4Or0+HnGDvEae0rR7xGFEZgAGzTTwM0Luu4Dxw5+a50M9 81tx2cAZGmLgS+0NOIthb3xFaKqAg6z//jeUOwamCQ7Y8/wtsqn9Z0G1m21BE81s 95aWlEWVuv0LK6JF+SMs5ZdGF8uMPgDVLTrsvd0ID+OIN+3r1DSGYs/rERbSRIts 1Gufd1FW5/jst6EPdXKEyqstMgdGNVyjYqsBFvPmpkHVl0n/fwr+0oC7GFHwgZhw vOT0SW6d75T6pBY1LZHx4HU/S0FI8aeK91OnbF2HYOE09UJjJFjAN/vvgcdOF7Wm 0REMyGfTRdXmADIr7bey2wtiqNdSFEU64P6/L1vK2g6afZhx9yYSxe1NgVc80oI1 fAvghpO6jZ81DYJBaTXAx4ZMg+6qHV4kr/34ZUbtqJmHE0zWcptvc34yIjetdkRK ubJBir7LFDLHAKXtWw5OqALiinhTev2OZxTn2nKsvlAXkBhVxLh7XIzpnwcQMgA= =ZO4y -END PGP SIGNATURE-
[SECURITY] [DSA 2939-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2939-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 31, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. CVE-2014-1745 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. CVE-2014-1746 Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. CVE-2014-1747 packagesu discovered a cross-site scripting issue involving malformed MHTML files. CVE-2014-1748 Jordan Milne discovered a user interface spoofing issue. CVE-2014-1749 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-3152 An integer underflow issue was discovered in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.114-1~deb7u2. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 35.0.1916.114-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTiYO1AAoJELjWss0C1vRz2cMf/ixDiv7EKNOdYllZu0pGCtPu wQ2G+zBv3EIV4vsmXzhp4sQS2hK2U4FLtCJz8lR3tSjOYkVca4sEAdKIp7kpsVMM OONydls7xoiJGgUT5DU38SFHXtJ9svhx54ENY+1MY7+DZerfRqTWt7Hl87G2Tw0M VctpPkY6z93qlREF2RQTnuMYiBzpK5cuwqRbvbgZHODYDoDb1PnIsV+g9kIha4I+ XE4zC2GAsQnf3StxEZXY+SQ/Xoqr+LDaMo1xq2mJ/8X+SERlMPEWOZXtFn4OMO51 C7WO3jwSvZcHqpj/85milzUafkYb/C8URpXb6QdOape5Sga7zTVHHxP06VAcG5Rs 9ZndOqPb6D8dchCBOGdM7cNZ/8vWyn01kT6XgWwySq1EsF1hA6oX9FWtteijpOpX 9SxtDhQTcb/oUKjWYoc7czudBl85y9ZBUVEmh7AoOrsiMbM/TT3p71+z0zAPILV9 ksbn5eLgzMY4dXr2CO4FjnCztx6Nq1QSP2sWa7x/bnHHc3KFI7UirlGRpa6Ke417 q0Mj2BnlQCli684dffV66jYUrr/6OamzJr8LzR1iM4/UWRkN5rmm6diSqm0CXPTn Mfo/7Qe8g2gr6jKibb9ZOBy/pmwvLgnslvWpkk8LbvgrNVrizbl6zoWc7B/Gh/Z2 xBXkVEwptEltAeShDBvroAnLFbBlEV6TqncF1+evJKA4c8vcbBkjQMHVJ720V4jE c9YbQGQnegOLwODHQujYYoQpu4xhBZir/Kzl3dcBLDTLTrb/+MqyGaHyNMl9XU83 dYJGh05pTnvwwsOZzJz7G78ZTWkw5ocpuj6a/lQGTK6nW5XD+UScgV5c1qCxLOw7 fqmYripUx7uFPf7Fz85XZNGVO+GU7rKV7M4np2MzvsGOavo3VJKBnx//vJd3CDsu R88G0rGFPzKCKjYMMkHjC+A5tls2SHH+nzUm7ZV8gknMGJX7YgvDIg4Tg8qsKLQj uktm9VDUa3whrT3AdCSjw/Fjr70S/J96ZF59s4qfZmqqNEQ0xs3gYX9is9ufNI+8 fPUHv0bogLmngZjulfulmrsX/Ai5bpnSph2gG6uIks5d82iQrco9cS87/rd1hovK ZNV7jJlQE6t1bB2A8JH/UZn3l+yy/guanKdGwiJOZT4UMqY/hurfZDfFKHIBejZl 03D3Gxd7oGi31nO7EvXGRjLm0xw0dNN+CBzRsxrRu2WPbbWh2OWwr9UrcEF3jdqR 7dBA/UVCEKloOEZuu2H3vrko1mhewy4C7aAvQS2ZWBzUp8weQ9NZl9bR8KimcsSH xM6qzuZhfH1xY+sYfROnuoyuQK4edf5rssE4jowL3CzHAiFLw8fL9//xlbZRqTw= =Tlbj -END PGP SIGNATURE-
[SECURITY] [DSA 2930-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2930-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 17, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-1740 CVE-2014-1741 CVE-2014-1742 Several vulnerabilties have been discovered in the chromium web browser. CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation. CVE-2014-1741 John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation. CVE-2014-1742 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit text editing feature. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.137-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.137-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTd6vsAAoJELjWss0C1vRzzlwgAL0YcUYVeTRxkjLQZzr2dl5I JuSD4Fl3Of8mB1TCPki9u70HLI6joDROXjtWe8pqOO65T5eVVJzmnanUhuMytwRe Iv8s3k4PWgbjhJbZV/c3FYs/vhVn28zsJr1S4g8BSjT7AX90De32K2uqSzTbZ3dX hUPaYM0CTs2sJAo3hhcwmc/WbB5FDhonLTuZZtcuHnkcMRYZkxDT0BOB19fApP1Y OK+Xd9/cZhmFBY/Kn2IyOU2BQY0DX5xPe/E9PYGT5GHGd6FhrM+yDYOQgRoUEAxD iOsYZz++YhMmTSNEhPHmZw19q/wSR4ZE4EzP0gNju0k+wOCDvNySUUSPr6eSCXT7 03+Bi/+8j0gxKTfNt5Ot4Ihzb4m4/pukI0YTK52Oe1n30yV2Z3dEQMVFNQVkrv0z fmF7QoWskVYJZYqQot52OYllfCC1J2b/XRagdE06GkPEogh5G6vWIAbSXCm9LHsS k2I5Oob9oOtqlXWNY0ucKiOvNtjP7r/Dy2lErAH5GEPb/Enfq2qkBJRbfPuU0Lye xdlg1P0edzzCK1lrYobgVTZEsRByFy4hBYgx4soMTO1ZQrUmJ+B/97lY01EbCiO+ Z7Ary/r5vo1GEfMeZ51f8XtiJnJznW5Wo5yL+rrP6lWYSFKUAk+yDtUKzdf278Il lald0aEp6Vvl2o8Y16v32TLi0k7MVYEf2ffHw5cXr8Jn7QiQyxVEoVjhi5vDhPPe xZhB0Ss6FiyBlBLqtSJ8A9yNBW0u9UWgb3YEPvogdrEzbCS6WRkZpCSwHGdVaFYI O5P+6gAVm8Aeci1Y6aTg8gVRbjEGU2yHLRFXmvkanIz1MExcVDYB3HRb/MIKtn+U rklIVuWXrfQ50VMtSxFM/pC1bIC7PkdqC902LuSUEimACghN1QXGQnQgIVoUhvSw IGU5PCYSGVI0U9m/z35mOwumDX3JtkAPM1nZD+5LpY/h7IyWYjN9Br9QEuIlWunS QPD+kbSluAzKXJjtNny1Y+58vvG0jq1hMVPNY0BXtaVeJ2kmOu4ex8qobhWd3hcB YP+YfrTXFOsx5HmBxlJvFcsJ2QuP8wBPC66p+IcQT5q3ShpyDQVmAnjemCcM65rh AeP4dnKojkzPXE6vsEh4vbCbpudQ63ZsNUIRQr0/4K7tlkp9DVvw/78YON8VOhLZ 8QuybOkE3OBLsoMt2I0DaUwGJAJE29yswppYUAMifwvTUcCHTqFPgNxXc//hVWPK r71jJtg8iCLkFAiXZgmQvYl34yGc3kGpFlyq8C7AF9oNhnnp2LP3gpoEK5QHM1cz JWCpl9jcaCi+EM5MacwIlMdVhtSvx6dDzoAOCE5vFZ0a39ONShVDrKGFIJRzBSk= =y9a+ -END PGP SIGNATURE-
[SECURITY] [DSA 2920-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2920-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 03, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2014-1733 Jed Davis discovered a way to bypass the seccomp-bpf sandbox. CVE-2014-1734 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-1735 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library. CVE-2014-1736 SkyLined discovered an integer overlflow issue in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk= =/B/T -END PGP SIGNATURE-
[SECURITY] [DSA 2905-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2905-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert April 15, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2014-1716 CVE-2014-1717 CVE-2014-1718 CVE-2014-1719 CVE-2014-1720 CVE-2014-1721 CVE-2014-1722 CVE-2014-1723 CVE-2014-1724 CVE-2014-1725 CVE-2014-1726 CVE-2014-1727 CVE-2014-1728 CVE-2014-1729 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1716 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2014-1717 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2014-1718 Aaron Staple discovered an integer overflow issue in chromium's software compositor. CVE-2014-1719 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2014-1720 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1721 Christian Holler discovered a memory corruption issue in the v8 javascript library. CVE-2014-1722 miaubiz discovered a use-after-free issue in block rendering. CVE-2014-1723 George McBay discovered a url spoofing issue. CVE-2014-1724 Atte Kettunen discovered a use-after-free issue in freebsoft's libspeechd library. Because of this issue, the text-to-speech feature is now disabled by default (--enable-speech-dispatcher at the command-line can re-enable it). CVE-2014-1725 An out-of-bounds read was discovered in the base64 implementation. CVE-2014-1726 Jann Horn discovered a way to bypass the same origin policy. CVE-2014-1727 Khalil Zhani discovered a use-after-free issue in the web color chooser implementation. CVE-2014-1728 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-1729 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.22 of the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.116-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.116-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTTdpVAAoJELjWss0C1vRzn60gAIm4ZCHrmdSKYiK1Z7E531Cj d4elA1aU/YTK+yFcaLsvJdUqCoMrWoSa0kSWvHlzjrROhW9UUP5hElc6DYgEzTQ1 rRFQm6i36QA8mXtLkm3okQAiCKiOeEXj/VlE4eMI//5O5btYOohtS3X0z16dEwjJ cEcoWP/1ryVjBI0+Ml18V5QePyye0sJiJhXKwNFfv/7DpDDznHd7qp8aageqaNie uusEzp/gOWrHKF+YJjePMuXjp1plDRifmrhtb8BvnNjYQ4IcGMC0ERdw/UJzs/SE nnP8/4mKO9KbkSYODnCoRrwHyBk9uTUX+oFyC6IhXS2Ko7DVK6ZZ30P5/0LS4ltn +QAdtTsX619ZqNPVJKmm65sYbyftYderAo9qGKCgHFY7C1Z/ioTKuqz1xfK1Hqg5 tlwiA6+Ikwq4PsPy8SyV/fwYmT7zS3BODvnlnlO1soSH2Sbcwm7h+DRAEG2zXlDF nLUHn2beh5GRJe5CNNVq6WYeV/b7NT5tvs90/vrvVlb6wQbHwVY55Ivyprq2Kjbr FcC6bn6bqvcRnLGZKfmezEuq1Y2QFzGBr+UFcrIh4i6q9OG3BOhtbeYUaf8SegT4 P99QX/oKcJ0LHLlF2uHE9Aux6lljnD2jGYc4rMKMdRF05eDWSOzjz1jhc45O0szw J96QgYW4SHpQ5YJ2QevlF7J4T9apAvPeyEkiRB0OWAEzROKikKsTejOrXdtC+w7h szR9UlNbpUmSCnveS1tF5FwquBCaDDwBV39Ix0RNYFuc95+OaGfjnunFKAvilrdR +g44znk9mx0pMOschW3HrE1R9AOatl5gr0A5bWzqDicNmlIeqY7omSVpsr7wz7z8 dg3UqVX4LWpAXdPD1PRuaY1xW/jOB5GJ4+BEg9DS4qniM3W/pZzh5LJBPXUiZ21O nCvUZ5apIpn2Pb1qm4nxhTX95QWeRVNw6rW5zW0aBgvlJD4BvCKvUDn8lXVf0Pk7 r7LtlLcT2qBN1eCaF/KzyQjop2Szq7JKl+epbVUwHAyFjr2bkPDGvv56KOEtV+gh MF0dg0QeNalXQNibm1NhzZFe8d87iYurqI9jSqGobCp4m+B2gyD/ypVJByI1/+EE qBBgIHqaFR4dJ0brCYghemSk4gQDWBB1RhscnqvUwMI3EAP8zXBmpbJHJFECILyH BBin/66DexGCZgvc136mlnI3qGlpAfcHFcvK+xzyhZX1LgxBW4UY+JmAwaYrGDBP KW4JLQhsKA2GKeKB+eZb1iAJrnoSmH7WkyiyBLrcun/WgX2Y4M+Ux5Byv27le2yi RiEFyKwoPDtr8/MTMnfISmVpVm3mBOCYLqxJqPk/5yvuv+k5x8Zusc66R/OX4JI= =nUJQ -END PGP SIGNATURE-
[SECURITY] [DSA 2883-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2883-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 23, 2014 http://www.debian.org/security/faq - - Package: chromium-browser CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665 CVE-2013- CVE-2013-6667 CVE-2013-6668 CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013- netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN o5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS 4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH LQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T pbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne FgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch V19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o Y8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG ea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq RcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4 e/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG Fx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72 i7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD cdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc /JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW 0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu
[SECURITY] [DSA 2877-1] lighttpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2877-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq - - Package: lighttpd CVE ID : CVE-2014-2323 CVE-2014-2324 Debian Bug : 741493 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost). This only affects installations with the lighttpd-mod-mysql-vhost binary package installed and in use. CVE-2014-2324 Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules. Servers not using these modules are not affected. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.6. For the stable distribution (wheezy), these problems have been fixed in version 1.4.31-4+deb7u3. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.4.33-1+nmu3. We recommend that you upgrade your lighttpd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTISlcAAoJELjWss0C1vRzdLsf/1umcpRFMVfpb8kJhN9f+KiN qDASrwyL92FjUknXMP3PjeromIVODaPsCRK9C6zzeCCbNhk97Q2B2fFGVgEVaMmr v52T6PMyQy0bmWHy1O/aC30JBK5CAs0f/IWscqdKvNsOOTx+lVyWRsdRQfK059i1 otvQBsh25ro7jTGXcK1JA1ZTlpr41tmJoTyZR7npY5pEpVq9R9Sjyf/rnKv9RZHW MJaH3mD8J3gSlQyI+Ff8mAaCI2eMfBUocbAgRZRUwD1jGAM8OSr+PhmTTuMZTUq+ vsa68sLUwUiS10/nJVZDqH5TTcEgs9f1MnOpuBGtpdtw1pMAF51j73crEiJwXpUl jIFvPvBopU1I6EQ2NEz8rj+WCbFeY6kE2FdZmJzUCG5qzBb07Uj0mAgIu8jr1XCJ iEo6ngK3PWrG+8gWl2z7yUT8IrTYValb6Al1rr2NeW3QlfBgSSRtKtpYJ+QU4Jb4 +/7wMUTTwN4G3OzeugB1541CH6KaVSR+1R7BaI+sLvPwf4CSQB3SY04nwRdoYJGg La92sLzDI6tc0ETtgApa7akWYvpTcb940SYnUrjz56TOUUdfnDh1ELseFgVAHScz GqiiPcXm17C7O1SVjUq4VO6NAGgwoBBGdwozK1+FoiSka353rnPB4Sf6pGK9Z/ng M41qbfBEvSRyUi+6Y4tipRujgRceZwPzXa/ASEGNv98apXaLcMPFhcq5EY7VEY3u xsAqswdbGUea817rm0XO4A20rwCxCatU61ftDHmsrhwqf2HRzfCgYvFx9JF0S36P JllrmZqt2wwoZDDQZFKimFGd+UAvRzIjW+Gj3Z1a3LGzn/eRj756TsCZh3D/hGdx iBYYZoYY1DYJ1myL0m4MJxugVkMIAEerVcWVzAjDd6lKhFHLHpa6WPQENEYBw9ek ClB7bPLRwXiy2UGk4akMznl/vsMhzj++p/zN07sLnZWMLEvxSggGmiFhE9+IHvCp WFJsvc0+miqyJboy7GX3rjNGAoc7yvwsdPm4wwpGJSqC8N/ZDkUCYe5nHmcHt79f zo/5lUOa87RW/RlrToCig4adXbwk6AKWaoBu7k+C2+VZeIGqHS2oeZrAYhVHDt/A omFUi2wCN8kQPqDuX8e0EXH+AfinBs+vqB9pavFgMYverqrIoXeL3PPC9XqhAvAf 6yIj9HqFNmLCfBtw3JRLFnnzeErPJvR5/FNYh1yeW/OR8b2B5mnyYeU038aB/j3A /zsrRABWKdfvb2tTA5cl6DhxBaPKjUJ29ha6325QOLinhbbInKqRrMMjUDqdS2Cy QD5D2wHpd7ZMbhsa9FDklWnoKcbn5dWp0dUnfkhG8biZsU8bBEdY8gwJS0gD468= =z7Zk -END PGP SIGNATURE-
[SECURITY] [DSA 2862-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2862-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -END PGP SIGNATURE-
[SECURITY] [DSA 2811-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2811-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing commands. CVE-2013-6636 Bas Venis discovered an address bar spoofing issue. CVE-2013-6637 The chrome 31 development team discovered and fixed multiple issues with potential security impact. CVE-2013-6638 Jakob Kummerow of the Chromium project discoved a buffer overflow in the v8 javascript library. CVE-2013-6639 Jakob Kummerow of the Chromium project discoved an out-of-bounds write in the v8 javascript library. CVE-2013-6640 Jakob Kummerow of the Chromium project discoved an out-of-bounds read in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 31.0.1650.63-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.0.1650.63-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSo+2XAAoJELjWss0C1vRzcIcf/0IeLihtqzUhizWyxZEDPlEq ZWfz1Vjo42ZqDJDacvh5HqdLARgVXsiRhJFqmcuThOxJGWR961zJEBCVa0uXbqpN TuRI+YY7viTyrBXCa29RX9cB/EADmkqeFswMb1RpcgbmxJaSoOUU0bdqX2fOrN8E yDTwSe//XQRinGuajNiBO1sWyGmRzquZnZwgmWL37raqg8eLKhHvYeuL+TQvVQwi 9/orPVoMELNDKrlupWFXChZSvc8kUuXAuBk0UI4OlTupsscsiaEWOdcPRssTwIO+ Zk9j7XS1OxZAcHD4iO8BeiGJjjymUvcqB7w8dv/S/2ehAYlptab0QNzsG//FTKGa UuNgzD2d8ntMcXSXdcs2BqmWYFF2CI1hQYgCdSUGAp5nRjp8Y3TV+VykmgzjzMHN nOIEXOHSsagMbn1pfmEn8mYv/Hkz38f04LStchD62Mvb9QHXQNtr9TOiJ3wbz3UI wNN1faGePKz6bO3X2tSQboWmKjOfDL5XBJC27Jovpbyqk8zDA5ConHshkxSL7SPX 2MjMjbSUO1rpjehA1PLuruOwVQd1uRL/IgEhAqMWlXcwFI3Lo8C3pZfRHuuTQpJx zUbVq6Kr88EoXfF7P6KnYd10C8mOwMu6Hj5iB/go7gOEiXrqGVa2KlVTVhVege9P WDFweF5dYYhZ1kAB5nxzza5KZJtXX9aFkAK1fmyEc7CwyRB19r+Sm3TQwstgoF0t 0CPCwqQJNG2kLsir4nnB6mcJX9pkwX469qSeWul+3pp5026KmVGXhGtk7pcdIN7j Qyav6UD2bywqt+5RaIIp+hygo1ZOkJ0bhni4PUK1IdCwC3aZqf1pukguBDy7zZb7 UqEzRyoaLgH0S0tmGnvFj/gRWMzkyxXLS/U84d/rBLVV61Irig/4G+gNlAaF2t1p aSluBs5OOuGmyYNzQgs8jNmGdUR4Rx4l7a0Nol9jw8nwMMTjp7VQRUB4uMEWVOQ1 4ooAJ2ne3vqupJ1E21zk71d24+4MYrr/B2mXYQ0GsaDU+0bnODiEbKsliGwoRQGq 2ZXDzL+0SDLossIPYLWTx1s+DChrzoEVdp6n/3z6uul9/AzNc6U2FsCU1XAh3G/+ 7LDqBIcnRX/fQ9p1yxPwo16kko5mJQlKkqgI9IDpNM/Lg7FCVl4+yE7uqR1B1fsc WJN+t0M9uEO6EMO4pK/c91Xna2JP7xVcqsaCf1QI3WhNQnHoGzSX7E/BZYDkUmlR kdkBp6F4izLt3hrz0qaVgIrslrPNwHphMOIlX/TzPMhY6etqQLQ8GXIS7SbqgG53 yWLQbsqo+1/d5QtTox5JfPFFTRCLKJGP8UrHjN7ZMmlBnTuZ5jR0oO+ITube2pM= =5Qyo -END PGP SIGNATURE-
[SECURITY] [DSA 2795-2] lighttpd regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2795-2 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq - - Package: lighttpd Vulnerability : regression Problem type : remote Debian-specific: no Debian Bug : 729480 It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.28-2+squeeze1.5. For the stable distribution (wheezy), this problem has been fixed in version 1.4.31-4+deb7u2. For the testing (jessie) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your lighttpd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSiBhlAAoJELjWss0C1vRznAgf/3GLMXwDwNiZnCXnwyiiWDlz i03rvD4JC/AKzA/BUqxbutauuwBCDL1ed/Rmrk0q3emX6k6RPJlsUe+NCsQXJbcz P0g+eCXGAjos/uMhEwKxp+/BM2ePp64eT80pGQi5PIKy/ecYElda2HmOJTve1y28 0VNoQmKay67mmwkKz6YncD1TCp67085fRmPVLspk2TS+Pp2cEURfjc2m1MW9K7HL Ad9RotqBKdKD6CfNC7owCJiWUaBImHWXVszXNUrpxUWK3GPuwR2stoRhZ3vpdv4X aDuP4bxrrhFg9I2vjQZmD6bhTwPW4dHfP8K+1mmCdI+r587XN2l2Q61HDjYOBS5K u/PHnhqOFC1bC+fi3mpLLD4b3tryDQmGoaKtq2hxZXzAb+cJFwWQVvUpd6WqJzcr j2pjp2RPYHloG6cd0LryuOJmylodCCXx8CNDClnJvTMcKZlTcgfwNpFeAtumuh8R xjq4M5Agt/AdwiJwURj7+fvbkPhyzjDWjJzb9CJSNQgbkQAeZgdS6Z5kn25hmuMs 71IsJtd6F7xpTlh6LyguEBVNG9p9WUGoFAA0R2OBC/8dDpspdHmavZwuHbrKhsLO gW0nDyyyJNGFnu93OfB7f2JgQZkumGLt36JNjgtpGLPQsBHFIcbJ0Ido4Malh7FC sEWbgcjpJ0ulOjGtpBuICxX7NDuqd2btn803W3bubuzRkvI61aVcm8TinLwaR45Z 5GMewIpivvaF09tRBjRCSV3Qnq7BJNdYYWq/w4y/vTN77Qrfo47YMorphT+BdWQw 3X7jaRccIikpVQEfvaqbKMRVYt4aKGkeso56lNCoLmegDbDrS2kkHc3ei8Nx1RB5 yhlNh3KJC7rDG5Xvp84Su/gzHcHcW65IHwYLrOxYHceThe1UD90jDCmdg4GubBPh ut7ShBkOFM0cxThl4L9hD9M/ROTIHjVZo+36twaa6WGVyEkHNfhD9hHH5fOIdnp7 hsQOmo6c+KoYs7/jkpUKlTy301XRBCid8i4jB0Ohw/CdOf3IrmJ7X1M2nycjAsD9 Fc5TDp6Rrhm7222gIFwzcu0Rmy5uTndn2inClKNUhb/hj4/u7IwBHdUsgULERt5w 7JDK87sPCjlIxp/fredrwOsZpBb+XeRlXhzW6SuWpJuaxc9TKElHILmeqeMnjej1 vWMoWA1wvtWIdTg7V3e/Y38EugYSyx1Jj1GtuYjUhe+sqpiGWaTC3lrqPCdV0A84 9CCKS51ewqLwB1RJrUbaxc5g0dmULkUFGuwgb5WT63Dp9AZIB2O8B3RpqkdIzyXP caFNz/ydPSH4vXCHckoTyJ04CzylX8HkTgPmvLshGJTs74U1hCEfOOWT+2tLiHo= =Uz0N -END PGP SIGNATURE-
[SECURITY] [DSA 2797-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2797-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627 CVE-2013-6628 CVE-2013-6629 CVE-2013-6630 CVE-2013-6631 CVE-2013-6632 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. CVE-2013-6622 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement. CVE-2013-6623 miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG implementation. CVE-2013-6624 Jon Butler discovered a use-after-free issue in id attribute strings. CVE-2013-6625 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit DOM implementation. CVE-2013-6626 Chamal de Silva discovered an address bar spoofing issue. CVE-2013-6627 skylined discovered an out-of-bounds read in the HTTP stream parser. CVE-2013-6628 Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris discovered that a different (unverified) certificate could be used after successful TLS renegotiation with a valid certificate. CVE-2013-6629 Michal Zalewski discovered an uninitialized memory read in the libjpeg and libjpeg-turbo libraries. CVE-2013-6630 Michal Zalewski discovered another uninitialized memory read in the libjpeg and libjpeg-turbo libraries. CVE-2013-6631 Patrik Höglund discovered a use-free issue in the libjingle library. CVE-2013-6632 Pinkie Pie discovered multiple memory corruption issues. For the stable distribution (wheezy), these problems have been fixed in version 31.0.1650.57-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.0.1650.57-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSiChzAAoJELjWss0C1vRzU4Qf/RvGDovXCQzKN1JKFWr+VDhu OfwJAd5DZUd/EAe8ZgfTrmivl6gTYYLI6ulRcyhlQyDXuQcg7+pz33/97Q/At77f nm6jfo1eZQN674NZ+H5lL3ZcVmnxubXGa0Ro+Q5QghS6lcvQ3G684j+t8wnyAu9s IYcwxgjVlIUvHMa6j4jep6x/hL3UWEnWNGBx6FtL9vR+832BRU9L9ngZsy7BLsKy gAn2XvU2R1GUkPfwG0gu0dXSHG0DTYeDSGdcAblFgnDUgcZLr1VXfNqRv3y47LVS npL/a4HWqqFBbEsa4Pho1zepADs5RRgnOple90xIsCIcmq+YZ/AvDP0N+AFOY4FV 0NNOWOwfsVhcSengrJmsc6+W5RX1VtDVzhrtkQYD+dEgVj2HLdRKzju7qLMj2sJz nzzVGMcZ8Gz3CnR31mEioeE9fj8DzRXPMf+6oyqpfzttprGg6F3s7elVEFjKfRbf crxjm1Rok9g4vGNFEfNPFEqzFvjgzd7zkT6Xrd2HPqOSrnWjAWOxhdaBQmtuUmYt QqkJWLUREWwqXLYE6PMSmLO6dAO1z8DU25R37TdD3aa5U2qzabAxwsUCQ2iLt9W8 /xY8RTdR/L28wa0zC1xEWdObdgAj5+B8ZAw8sbENlVytLV8o4GlfDaX7PaC8YYAn 0/N+CjDWS2QEnQgBuL8pNpbFc1cyEpLqmboE4k5Vg4hAjUsAvE+KimTv/pdmfEwU D9qzA37NM17hfU7KOMBtYLJ5pQLS5JnyHVDwy8iCQUP72HS8dvc4nvrW6feTE7w3 jseUvtwG2MLdp/lUXDzGw8Vr60wXmAMFU298jOb8d38YajzMdSbkihNDq1OWCZ+v lvFBjfOlxZtR+xIYJjrfe41oAD84Dk7j31o9o4OHelCP0Ur7o49PlFWkaRegMeyL /F82W1oyKNKaoiAGenlRBJFwmqKlC4uebkYL2juRuRcTd0D4tNKmlFK04LlGkTMG RzfO20owjh2e4CQYbf96zXod0MurhbzdBIzEEQDhxSAQJHFmzO9zKa0opsVteXNU egcxdp7xTk744q9uyb9mJOyswer6YyYiRxT9I5Je3+DCJcQVnoZZICV4cqZ020hj yNJjepdJgNg48fg5HwpVJYx7BFdmU4DFga0zcr22r0oCw0Ywnbnq9ePvjX2ZUsfM QVXeh6oGz8u2+9su5uDvba+r3gEg+pxhMFp1Ce4gvBISdzvydpPERN5mqA5QVGSE +B1NwTdf9UzJ/CbA4seh03Kq+CYxmnNzekTIa6kTX49xkuroV/bAkU4UuZqdYORE m7onNL073yMBpS4jfPgq0zEFIohseX0m8+Cdd1maCV819HeopjTaajY94DL2Hrk= =jrjN -END PGP SIGNATURE-
[SECURITY] [DSA 2798-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2798-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 17, 2013 http://www.debian.org/security/faq - - Package: curl Vulnerability : unchecked ssl certificate host name Problem type : remote Debian-specific: no CVE ID : CVE-2013-4545 Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. The default configuration for the curl package is not affected by this issue since CURLOPT_SSLVERIFYPEER is enabled by default. For the oldstable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze5. For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy5. For the testing (jessie) and unstable (sid) distributions, this problem has been fixed in version 7.33.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSiQsLAAoJELjWss0C1vRzQGIgALaZ2hMss994mMwamhfBl4qA OU9sxfNCQyJ58GZ+77BYgHxDAnsbBCuD6agfmWADePmo+HUghUkorDrlqyZCaZvH lwnlJUadnwYphTx4qV0S2eSP2h9nf2gOCSA15sX5vPZqtEPLwhTiHqHKMKpWu0W3 Lxx1WqP8n/ZWc4eZ2+cYdLsGrYyqU5xuB7oFbWb4pzTirJrlzEl/dx+26hEYOYB7 6gEBDRXFq1TmbLXNUxaTFDiK97rZ45dFPKkU1M0gDJw0IVOOzRN8k9zy0ol5efRP nHGozCQsigrRHxeqHCpEjBcitnVza14A1X3f4JEs2/g9rkMl6yBZJHVARJZjhrK+ Jryd+2bI5Ta+OVJqPc9wQXMI4Qg9dpv0wFmf3JBUXkNdCBHxoFkKaUZ/CA7rDln7 DAI71oVDMln5GKBTsR8HbXaTWSq0joBe2vpsk0EA9zSBjLmPx0o9pnagbfSs7OIC D0POv0ndtl7bazzF5mXEZ/9GRO5jLLfSvOcDFiTYURGUl1UhIjGD7CAKH/CL8OLF hKN8RErebomruGZxzfA94DwsmFp41/QhMI93/3tZAa8CfqogAgIzC8+sqeunQDZD aVuF6w6ZVOr4p1h67pQq1gq0QgOSxCDRcukoNcC7pr4V48GjLZhN4XwCZRsAF+ey Wy3iPsNgWPYHrqTqDYx9qosYeWkbUWc8YaqrVCIZDzEsOscrABhEkChJDb3Liptw BHnU+L10SUaX4sVQT2GjeAR9CC4/AmZ2ZE09G5dDFH+p1YuSWeprAQZUzTVgPKk3 /An5jXNSR1lv3nGxulCHovEB3vQnsgg4Ne6gTVD9Jkb+L8zBPZs51nEHdbKdYX52 SB43OhJG3idwvnKhy1AEEzsNBBbUcPYaRFTYhC4XEr7aoqky2GM9bCtoDwX0j48l voGAnpjXkSrZhmLNFUrReDvtPPrsWaWR4QGXeQ+5v+Hl8shnbDLmbYyHvt+UDkjI JW/cyBlVbIIG5NXajQt/fo8Mjh65PhJ77nLuk3JWlWKP/Li5fpK230Rvkl6KQD6x lEefVVbpHnvAlJ0Y+KWHTBcmJoSQk1SmgyXvp+EjSKZeDYD3U5UzrPKlIwy4HLaK mca1leHii8OGOdysuL+wbeSAFy2NzjC9GtJBPeKhxq5/gjo/rGIvI+4grMvitPUQ CVDCsCoxDcSnmkW6tWJvoIUyeZgHDDdYJ6g8JuWGbrx6xJgnXeLIHKrkzYDsYBx5 P0hs1l9thof02cZXJ2ehWNwEvBvOldKU6gSsB7/xK5H8Pen0QNWeaKFbKBn9++Bz DvlZM7Rp/Nm3cfYojuc8oeydPPyO5TwIpgXcJe6n3xbTQM2FlJ01/5PHTnf+mSo= =6NFF -END PGP SIGNATURE-
[SECURITY] [DSA 2795-1] lighttpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2795-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq - - Package: lighttpd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560 Debian Bug : 729453 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI (Server Name Indication) is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was used to discover privilege escalation issues due to missing checks around lighttpd's setuid, setgid, and setgroups calls. Those are now appropriately checked. CVE-2013-4560 The clang static analyzer was used to discover a use-after-free issue when the FAM stat cache engine is enabled, which is now fixed. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.4. For the stable distribution (wheezy), these problems have been fixed in version 1.4.31-4+deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version lighttpd_1.4.33-1+nmu1. We recommend that you upgrade your lighttpd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSgxenAAoJELjWss0C1vRzHPsgALdWQO7rsEWwjjP8fbQxsnTb 7iNsBV66hCZ6W2xlSo8rVysE1QDqAptwwX3Xq0JHteM9edFlSUTyR8ir6P7Y1ISY RnBJBj3b52m+Ni/9itsiCsO+nxTwy7YI9E/mFX4/fqHBsBZ/bm/cLOcdE9pnBTyx GHMR4i1IsvrBNH0hcfnAWf2mlvX24Mvu2ViLJsPN9pjJIVtmuMFAh1LLfKvwJ104 cBAMocie4KW7UtWTt6/cdXd306Sd4UbR/X5QVenvBLeFqoTStftXf91SvNjKzfO4 up23uZ+CADam0mGoqDf5YnvUeCNjvKIDgHUFKMWcQ3lJgX1vOwkUP5+3WDHUI5Y+ EFGYzf2/k2XL7cHykFXjHgIYrbpRHSru6attY2cC8dqMkPB6bkqXkErC3bZL67TX 7Gfdm/ruVpjE3JUrxGbA9nfXYr2L2lysouTgkuP7BDB4gPYRQvmVNIaj9QXbQ66D s89PfkkHM1jqBM7+mhzanBcntf4c0buB2FwWZV9tKBel2Q0fxOTCpn1seerJzWwR WF7Ivl234rqm8AQil/KOFfx5LEd2hnfLEm04na9ujy6dzHEIP5jQ5qlckJYWj6br 0bF5UnQu1I+A8z67NFdBdWgyzar0XNXkgGALPM1/59OquVKuWbqUrsZvxxv288ku FXuNnzkCs8eXGGJIl5CKABfTh7AfOXMd9dCYyDw6sA7ZlTjW/tebjrFGbyUqv5Ny ZA6aweTymAzXLZ7md7hHHYDuVMLJQuLRel3DPlbThhrxa8sMsn7r51CnMS9WDxnY mwX1xpWdykttmWad6cv4K3sr73+N5SDQfaxES/Q0QVUvWjsmFYEF7aibcobaiRoO 1lpZe1ThsCokR7l/o+Ja2X+sSC6mA8M+SJ83u8sfFC/Z40r3+l0sV8W7a8dQNXdt s3mGMZsFpBqcvbHNmqL11eziNekuB7W+Tngk/5cJQ07f149JtvW7yJs7X64nSmER p9smvZWC0CwKuWw8U6YwvIwcZgfGjfzUlcgMmD0n+jNtymVXbDDWyxBKuGXc1JMJ 6SFw59/0YgidhP8SVvQ+a2BcgO7c+Ks7uz2dcuSPvsU8CCn1XLDzApcWNzkuUjsz 7oYf10AkJ770BeMg7OzmZV1lHP3JXTZeM13ae9Y+14nq0ykY4hPGcEJN15K7Esnk 1uNrI8cmAK+5IkgsjEkUidF7xvsfrMX/Fu3f0uMXZCOl+Rest5yHzncqe3V/CfG6 OpLsHr+unMRZ107p8xSmV/CpzWuuR9rRNdH9Cle7omjF066nP/J8KskS5zWTJoPw zmJuow5+H2uiffE+Q29u6WgCNOEp2XXrgXNLxH6RXJiSIHk//3vwrw+tPRe8D+M= =cCF1 -END PGP SIGNATURE-
[SECURITY] [DSA 2785-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2785-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert October 26, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2906 CVE-2013-2907 CVE-2013-2908 CVE-2013-2909 CVE-2013-2910 CVE-2013-2911 CVE-2013-2912 CVE-2013-2913 CVE-2013-2915 CVE-2013-2916 CVE-2013-2917 CVE-2013-2918 CVE-2013-2919 CVE-2013-2920 CVE-2013-2921 CVE-2013-2922 CVE-2013-2923 CVE-2013-2924 CVE-2013-2925 CVE-2013-2926 CVE-2013-2927 CVE-2013-2928 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. CVE-2013-2908 Chamal de Silva discovered an address bar spoofing issue. CVE-2013-2909 Atte Kuttenen of OUSPG discovered a use-after-free issue in inline-block. CVE-2013-2910 Byoungyoung Lee of the Georgia Tech Information Security Center discovered a use-after-free issue in Web Audio. CVE-2013-2911 Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT handling. CVE-2013-2912 Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a use-after-free issue in the Pepper Plug-in API. CVE-2013-2913 cloudfuzzer discovered a use-after-free issue in Blink's XML document parsing. CVE-2013-2915 Wander Groeneveld discovered an address bar spoofing issue. CVE-2013-2916 Masato Kinugawa discovered an address bar spoofing issue. CVE-2013-2917 Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read issue in Web Audio. CVE-2013-2918 Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM implementation. CVE-2013-2919 Adam Haile of Concrete Data discovered a memory corruption issue in the V8 javascript library. CVE-2013-2920 Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL host resolving. CVE-2013-2921 Byoungyoung Lee and Tielei Wang discovered a use-after-free issue in resource loading. CVE-2013-2922 Jon Butler discovered a use-after-free issue in Blink's HTML template element implementation. CVE-2013-2924 A use-after-free issue was discovered in the International Components for Unicode (ICU) library. CVE-2013-2925 Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation. CVE-2013-2926 cloudfuzzer discovered a use-after-free issue in the list indenting implementation. CVE-2013-2927 cloudfuzzer discovered a use-after-free issue in the HTML form submission implementation. CVE-2013-2923 and CVE-2013-2928 The chrome 30 development team found various issues from internal fuzzing, audits, and other studies. For the stable distribution (wheezy), these problems have been fixed in version 30.0.1599.101-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 30.0.1599.101-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSWwMrAAoJELjWss0C1vRzix8f/3u/oOLmR1/70gZliS/mbGYh MKCxR0BgS85CENIYujIlW1k+urYEnfjZkpDqzh41ExpgCos6NcncNtoP3apz2UDX 6g/qh/cbUC7eXUfXW/Z2/XFam9RtNoa9helhpuZ5RvyZ+A836CkEzCwigFOpgOMJ e/sPjgxwSpz3nlYR3VPG6dRMSOx0jFeickNZTHPm3DmuhmF3dvnKWKlmTvJ1LtC9 /GFHmdGckoVEVNMHD5v8FAlCwoRNAZ/WK/7h4Ro9/mc8Z9qJYB/7dUveiIAO73Qj JiOxI1hHjcCtsm3lUBmKe5/WDcTWeLz5IRTLfOMrxp0zZfYp858y2/tDDnqeNFn2 EVaKMsOZytVpF4ercGoszruDiKdnX8Uq6Ng44SssQf37FNDUOo9nrBghLyWnl8Kz 07MxAHzz4N8uy2UyjVTmzIYSP0s9ccRH6KgPxTfbWBdyb8Q/inKEU/7/XbBHKZSm Cqfh5jqIMcIuupg8wT20up4FvtcWSHrw2JmZxEQEsBn/wbNF+b67VNniUDFWgua7 LUmCmhJeZv+Zhjc4cHVliI5cGP03m4C/25dUplR9rofZ8VEG0vkPj6J3nyaEnCiS NY6Z3AfmntvRS50Vbrl+6v0BLjSjXeWPt2nRneQ+bEaCM8PX7wIPYBCczVxzzZrH 6nw7ngqrOCmwiuz0+2O777wmanWCAFimpaVwGNBqNxdfcywk16unIA+YU2AbHLeq anevGnQBbjyi9joO9gN67CCIBBVqmZ93DQHIUyjPNpuixtz9gzkunVdt9r+8OM3l Nom/ttW6foZ9NlLbg5tbYHtTrpZ/t8ng6it4AHmGM/QqGQmXZdYanNZ03ok3IFE7 lJNKGZb/TgwQms3dd3hXheOx8D3p8MclSyo81iaF5KAhsZ6bRVHM/u8hKtFZ8FIL nF3ppA0Y/HUZS1W9UweOJT0Vlxt8PNHn8YTHEhYUXX/HX5uDIdVVS4XSWCTxVYlu +qYYjDs7zs53hq1n1cSuhMYrqn30h275p1e3roCCDYDwg3
[SECURITY] [DSA 2786-1] icu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2786-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert October 27, 2013 http://www.debian.org/security/faq - - Package: icu Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-0900 CVE-2013-2924 Debian Bug : 702346 726477 The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library. For the oldstable distribution (squeeze), these problems have been fixed in version 4.4.1-8+squeeze2. For the stable distribution (wheezy), which is only affected by CVE-2013-2924, this problem has been fixed in version 4.8.1.1-12+deb7u1. For the testing distribution (jessie), which is only affected by CVE-2013-2924, this problem will be fixed soon. For the unstable distribution (sid), which is only affected by CVE-2013-2924, this problem has been fixed in version 4.8.1.1-13+nmu1. We recommend that you upgrade your icu packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSbYO5AAoJELjWss0C1vRzCO0f/2f0LJGu/BNl9fTFUAcG75j+ MmY927JqeOgQxbglH5CK/Rj8m+FCKE9D9Ak8ac4odA3R6AlIja4sQWHuiXJFTxP8 ZEJSmfrSS/dcolts3rBRxQOomQcIy6HrcXllmSn5q6GHjOkyykjRXGkVlfpcU98X hBrCu4dzgzgIglUC61Esmfd3qiw7R7ZVik+obKniRTgDkxX+piAaTsQpGGKoRoA2 NDwbHil2iIcpQ7o/HYrhxTPLDzgrN0/wsSJpCEYVlIp+WwSk3ZZOqB8/P+lL7lpx xDhq9HVxyicQsisrNZMSU7lq5GEtHzN5krVEfCCmbjLsosuJWwu7vgS2Dbpm91Z+ AtpTjBSwj1r85+lKy5vsYbETrX6N9EAWV8Pav+NbBzLGCofWdVlFw3aQM49I7geq ADuV00toYV/XLeEWd/Foz5FuxHU9TKX/gkMkNkqpGCcXQ58PMnKOJMRV6SEB8Sem sipq9CIbxi60dKQCgn+TkvRfULHNAhlzR4V0MG8Xr4ev26pvWQgoWDAA/kVg6AUr 64Cb+t5mHWllj93/+C34sAnRosNUJBRBTwuW4azL5fczh1YW4FiJ8SZPh8mOG+iA VoYrQhv/+tUdb5cYtog4QXMLLV0Ai6SM5OioGdZSLSLaMw2Y4mdD3S4WiPZmOZEY ITihdQzTX1VlqO8nYpE/zTcb9z4CIaFyoENLUe0G6F6aNGYcRsS0ZdX+IFY/KsBC s2eHaVnF1Vv2CWmi9ml9svunnf4szCbJ8VBsoMhahsfTntuo6pbeVj66I3CUGYuY Buc6Eoygzsl4MeD0fmYOMEAmMLvcA0Ehp/PJxyXFd/dJoV46cNuWz7HaqNH/5qa6 hDjhUb1SnmuFbh7FuLhr6EhujJiSy9SNVfMGojnThpH2sEFa66PAW+gXi3BkfwV7 jFU52Mc0fIL+ZHsvkWEXuz7Ha5NfCYmG50p9esyKMlAPXJ7EVwfBy02Dqzvyyy1n g+wAtLtvo7oicjTDsuJ7sGuQGzJaME0zt26Q0OVHA+lJnh/KzcWO2LFoYk/Fpv3N sjGwi/ge7hJiqcXvzbYGRgTlb6E0z/1e85DePrkha/a8zUCdJFDm8SqRfssqvdE5 QKnM63XvoDdIjO958yQa614D1UQ4f4ey0/iKdXa/NwbackMgPKBCllzkU/B5tVc/ LDeIGK5d355nWCBLt2AZ+V7N+taaKHdjmtpPStdT65QRKuXt2xIIJzJ4jWBc+p0F Vnh9lqBJDmHd6R3zTQKas25rCQyoB1Lfv74ANouAK1prgfdeEzVawmE+W1h6l6P1 OVAj7tjOrNq0xEli+B2iFMJG/6Q7VC8siCBQdHZYqWfMS21QIQj11PEcQHP7HFA= =WhFc -END PGP SIGNATURE-
[SECURITY] [DSA 2779-1] libxml2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2779-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert October 13, 2013 http://www.debian.org/security/faq - - Package: libxml2 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-2877 Debian Bug : 715531 Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze8. For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+nmu2. For the testing (jessie) and unstable (sid) distributions (jessie), this problem has been fixed in version 2.9.1+dfsg1-1. We recommend that you upgrade your libxml2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSWwvIAAoJELjWss0C1vRzHfgf/jxTl96u6ggDXOG/6c4L3/Nn F4I060Lh10lSv+nIEVIxlyCLr+hb/AxqOqPancpLcYxFjphCb9voMnhhxO3MdeWe YOqzeprIXmMkHcy6MFVqwRRXFaF7KFkCfdDu6Xl8r+UQSMlmmg6WApbHZtKosXf3 B8dVwwbfUN/p/Es6BfMCuqxnOEDB+hGOTvxA8Dwj5QnR6gzPEOWzYT/faJKjpTAk z4Ta02FWbslAJYcTxbjyeHsm4z3FVv6ciNFrTExxHBEpSMlBlkkaSqXRO2DHQL4o lbEpvWUu09sjyB7xbVyd6kvytxH+b83NTolUwTxgtZsa7H1admPhVUNtePlBxcYE 3jst61d8UI5mBBpfRKtwaJrA2lA2BeV+vINH/ykNTINv9saVznQ1INRVOdSM0+nO +c89D93tMfBiQWZRvjcWL8wsAQls7AxfMwmUG5ZpIrCyIOEIc7zPRCLhCBO1wX5V kazp4bokjztLhmXXEmLKEOlfp3/aHuSwHeUTigQmZ27MSADcnlIb7Bjcv/zVYUeU A3OPT6PX8GZz+D4FH7A/PP5cs1VKhiPvB5tmuYGsIAKTiQG5Yp9uevGF93TayBhq z823CY39409bdeuvEjtkRzbQiqd2MqRJl1Ms+qrXYVO4AkSuYkT+1UcJPQhim6S1 ICedG1yWy9J3ki4A3iiXhjjnR7UqV4v0ZJbbTH8O4p0ojAaliGwaHMRK/YkdmP6r 1Do8IcJmLHAJfMd2y//HOnYcCliP3EfEJMmTWeUOPd8AlWK5vCWYJ5FOwlW8ID/I BEu4V00O9gtrECeUpKOxz5gT4uqEF5jkVZCZ12HUY3mQ9JcRxQtFSgD6T29QFKk3 CWW1wvVj0pd9CWKvrSSwX88TuNz9vigGUrunrER5CNVrO3ffqqRZo/lCHRPOSSMe Z2A1Xn3zWti55chO1dk4bk8PJISk2/7lKo2h99Ag+JyDZV2VVLoKLeUa7aj2NdJb +cUTCRioFytO3CrFjeHACtXq58SJjojbXiOq+oSMci16ufMKGKbY37bpjQJdyTiD jGsOJzYqS/uCgBil9AZeAAkTBZf101WJ9i9+NnXVSSrghbJzwEEsiMWq5Hnfbs+/ llKBm6rsQUwUXdXFVXeFUcAdVzXjqS0IdMtRrjv6/r925SSI484Zo+itlDMvUZ9/ UXLgzWz7bvcUAkZCb18aUpzWBl3LNixT33/kMV7CZU3ymsZEqB2SvbPKuxW+CyYN qe/MqeBsgHvCmohOgHLeluMPdPZ6NgOK+JI1m201VCGAJ5TusatS2wX9O+nyawj4 Ukhmd4TjW2dSUPjXBLYLYL73+me1M4NuYCChH03gkKYufk2AKDm5ZxvD82GRbNU= =5dBL -END PGP SIGNATURE-
[SECURITY] [DSA 2741-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2741-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert August 25, 2013http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 The chrome 29 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-2900 Krystian Bigaj discovered a file handling path sanitization issue. CVE-2013-2901 Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer. CVE-2013-2902 cloudfuzzer discovered a use-after-free issue in XSLT. CVE-2013-2903 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement. CVE-2013-2904 cloudfuzzer discovered a use-after-free issue in XML document parsing. CVE-2013-2905 Christian Jaeger discovered an information leak due to insufficient file permissions. For the stable distribution (wheezy), these problems have been fixed in version 29.0.1547.57-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 29.0.1547.57-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) iQQcBAEBCgAGBQJSGm5GAAoJELjWss0C1vRzPeQf/RRCxx42uQSyFbV5PPEZgrcw /pD1tgiM3RIPEQhPlzG6tAXEAV8F44bOeT1XUjUAW5+tfDd+nTrv9kKVQbq5Bt21 zBKBSv5ukZ00pesctK1c1Xmeyg1MkujhC7IOId9yGV1CVXUox0Me8J+FOCBWLtUg KccHpeh/DkK2/S23Avjc4WysjlPyMWB3aulxZ1BhY2MqOgL1IstlpoDIZB5KO7s3 AiTRdwSH0YXMmjLkvyx8Kdy+rGr2bixameEJp0CO68XWRXd5TF9E/JBgyNi7yW9V XiPmnjsO39ZXVRAZ5zOkLjC9ZCh9zcYoPEFOl4ZazF+XA8bs0eZtwgLCIFAJbA66 8lT4dGYuXEWPIClNS9UJOO+OoNemYfHFHfJ6zjolijNopsotaFSLLf09JB6aEdBh D0ag8WZCgQr945wfr4FfrfZ5YJ9m1duUZvhnkJRoQHfPL0EaDEfMkfOTSmIGg/ku XcWRTgVu/uvqnyz2132j1NHNuScWFVV7YDB2UY/UtfjX0f+3h2xC2DFmOnIuOIBh 4C95GlCXDcAWaxVxByzJMKQaYGuPdc+nbnA2IpAUc+Ge7dXu/MVx8QQgQHqwmNd+ 8bfCuwSZz7VrMRflJ1of4fxZB71RGbxvWSYFf64KmHCYY6bwLKCWJ3s4WSBQTpdt 1q6IqhNvKqAqdHam1w4BmJ6yyAPJ+U/JKZZLzat1d/AE4D6p01lS9GfY4ewNyQhf fQYuNwwzWZScYgtXmOD29QfAagzL3JhxGoc3eKbnwfp7z5DbaUxnj8NSxyRCO1qg oTyOmialp+7u8rF9es6TaG8ddEklN3hZ5is92qWcydXhBrLakbGMDHu0uVZai1pe sM3BiogPOwks3gIyLyH5q4+tsEU9hxSZgymLYnlz4lkyFs8Dpd/ZhYX52btcVneG xIx9GnmwpYKQAV6g0mwHaL+0IXj5RfrKCMpmqHCzDWGxZ7lFilmRKIJmyrI02LN0 eQ6HUreYyphev8yZa69OSJwUnWy88WSxX2PH/oKy+tP9XoYLwQoJjCikI21CrJj8 ydaV6wjVA474HAwTQSF9zbllLdDwfswGSJ29Qzx80Pgf7MUZuDCYVWvqMNtJ44cp 2Hyxc3d8KjPERRda62VQnVPMwhs1kEnEwWSCK8SDpI21bY0756m6GKUVLw0dBf54 mmhwPoU/cVRyHeataY1gkkDl5gAB4VE14GxipNv/ge0AJGIF2YsC6ZP2SaVMkB2x /gBEBer1gggyTwNKb2gkalyXjXVHns1CFQKSlcEm93W3ychtVVykObRt3+cmZCUU xOZMWWsUnwzbessCPz3B44sK+4MM9GDqAfQsvBoaU5AnYiLDBKh5KtStENoH5/0= =ABUv -END PGP SIGNATURE-
[SECURITY] [DSA 2724-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2724-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert July 17, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2853 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869 CVE-2013-2870 CVE-2013-2871 CVE-2013-2873 CVE-2013-2875 CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879 CVE-2013-2880 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline). CVE-2013-2867 Chrome does not properly prevent pop-under windows. CVE-2013-2868 common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. CVE-2013-2869 Denial of service (out-of-bounds read) via a crafted JPEG2000 image. CVE-2013-2870 Use-after-free vulnerability in network sockets. CVE-2013-2871 Use-after-free vulnerability in input handling. CVE-2013-2873 Use-after-free vulnerability in resource loading. CVE-2013-2875 Out-of-bounds read in SVG file handling. CVE-2013-2876 Chrome does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits. CVE-2013-2877 Out-of-bounds read in XML file handling. CVE-2013-2878 Out-of-bounds read in text handling. CVE-2013-2879 The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked. CVE-2013-2880 The chrome 28 development team found various issues from internal fuzzing, audits, and other studies. For the stable distribution (wheezy), these problems have been fixed in version 28.0.1500.71-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 28.0.1500.71-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCgAGBQJR5z1ZAAoJELjWss0C1vRzXNcgALd1S9ITVHdzvjtnyZ9j2o8c WThFzzbsuq5NQdmvd05rgVE9DM4gZqw+iDDraeDPkNwG6u5v3DsjwQubRBCcsRT8 cPMVuV2hromqAmd5ghqbWQ4w4/I73JDJbrnGszJPL/SCKx7/6XYFl6HOgr3rNUxz FCODDsahUPo/BJ39QImC2nLqaI0B+81CTMzna0oMRDXrAsHHo74U8o8Uf5W6W5ux Lnxdw/mB+Ebh+2X73K4+xCHzzC5UEH7YR2VH2Ljex4D9SWdKUEk16Wb7qDXUuZ5D Y30WQ7NRmZWfzrAHi510+I4gVyBY6F1n5wlb81jUcm6fk/Mgo17fe1DSaXn2TQf5 ikFvRaXVS+fT/RIhteyTJsGmIudFOmTt38vzH5sjMc3NV8o5EORA8GtE4q22ewiI wyFYN4wFQgp684XHntcALnEOXGVM2Q9W+bfdqvKWQFYustzNjoHIlj0bEV1e+Ifg 2jhvE1hu5xj/UoIfUniqd1XwIx/bPMdk6Z8Ltb0D1cyHJ48H6VdAI2JQY7a3Xusq 1Aqk9DyIFdp+iR5FT+Ume03ucpwbnSx5qJxdGqb7tbmeNShY9xgyWZhRimrVt44c hA+wqHXIBeK5Rq4+0RCfWTlTje61ZlGFzmxUVIBweFWXzHHMBDSIzMv944O6tQQx oNHl2GinPZKs3H7ETIagV64qnB/829spKbktnBRJ4PMyOHMzVLs8r/ohL1VJMbKr 0rdnv/YHS+dMiFHI9L8S+oY/F7kkUVh+t3UvEXvMNhb9Y4xuT3jRzh89yT9btMTb NABbqp0ADY5gVMqM8W5zfYklyD/kf+iyU233JArS6j3YZxJsZGfsUycmq118vygJ WItOsInHTEsa53oCwMM9wrk96lFO44HqZ2ssyWK+Oi9CN8vihr10dirnk8hhXQrs nwQiqxRUhPdVSrCYUM19k78lfPcR3fXzydiC9gPp3jD/7XxG7PWEfz4I8zVG1IFt j/3BeWE6nJoK+G95ZrNeUdBSBdIM2JUjcFdsUJCAy+HWdOhJnRu6/CZsRjvND/H3 AATuIMBkfjj0sHeYN6MeUaaeVo3+QH3tJ+EbSiY2X8LIb97dTCa/lV0CZnA6ZpQw IAPcfCajfPSQ0RmmwNm4bm+a+oRwalDnbjkOEWDIJmo74jpefgyDqYUVKKO8HVF0 uBsB7kvJwg6MyR6QMRj+6Ema0j5cbuXx8AVQtU2pGEqFTHTYL0DkYdojevegFqwM giaO8ILAcR6C0BI8IrWSMde49piy4n8GHnAUhkVU5waJTiU5vTAv9yORkfFQEpfb ZRIebEJdbxXbiyVdTVI/zmEf36kxLGUNge8sPreeQv8lGTkMxWNrPEeaDFSWk1s= =gQNK -END PGP SIGNATURE-
[SECURITY] [DSA 2719-1] poppler security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-2719-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert July 10, 2013 http://www.debian.org/security/faq - - Package: poppler Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-1788 CVE-2013-1790 Debian Bug : 702071 Multiple vulnerabilities were discovered in the poppler PDF rendering library. CVE-2013-1788 Multiple invalid memory access issues, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. CVE-2013-1790 An uninitialized memory issue, which could potentially lead to arbitrary code execution if the user were tricked into opening a malformed PDF document. For the oldstable distribution (squeeze), these problems have been fixed in version 0.12.4-1.2+squeeze3. For the stable (wheezy), testing (jessie), and unstable (sid) distributions, these problems have been fixed in version 0.18.4-6. We recommend that you upgrade your poppler packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQQcBAEBCAAGBQJR3goFAAoJELjWss0C1vRzoKgf/R+OofgadYk3a//DkMkzsV5N nr+AffqAVZWkesDiq/HplDY4OSIPsmHyxDcVqJTbnp11Tcv4dDI8IqbYakAA/+C6 SBClk00Nnel2ut/eCU4Sn7T5PIgbhedfrGZDs0sf9uQZmxbyzo9jhuTDnmPxk9aL qsTV4Druu8VcicNGHhUwPuCtZ5veHAEvvZs+cmAuPnzq4Ckh7l6Gf0cFu/SmJtXE 2eKkAtRUJwyTn9q9JffjnSmlNzt4Qg4+B7Itej1bn6QurPf116spPUxaBlQ0zOid Ae7xHILIl7MglqKrJjh+sNBulzwHWDddmcxDi0kXvpzRrdccPvOyIRYTK55kkzTQ jRaAT8AnN7M3H6OZu0IFhAY3AGQGl/44VdAaF8/K8V4nMgFINOBl0VtDyKojf2Y4 YbrVX3RbBFmAQS25f9Z/eXa8zRv9z9VJ+0CAgdoJ9t2hoqc/gCp5jE6HIZI0r0IW qM/JjvTmJ3EjpKIiR8nu418X2Ep0NoiBOIyh6FCgvTUm2N8v4FGMUIXWwvg295Y9 tOGkSqL1nyv81q5jzjZDGx2pJyDgdbati0j1k99vnC0dQIJCnRl6TsNKeQU4ck43 4i3tXs2nxspdLK2Ln+GySmn0tXf1vjQ0c22wTpwz0JxTbOgx0RUjshwG9p1vSz9W 5m0V17a/vr/99e2W3Mr9oJumT8CFitymBocZ3wBEE66k0efPxIFlSbrLoDs/FEYr uxbNZp6ntWnqxhFRiZ6QVxAvQV/ucedC0mo7FH5jJ2jT0+UTKFy/TFE73x9jnrbU 0IVDiSc0kcGFWdQ2icVnA1uaK0hKVT0fAziZMKeKyq6megN/T+/JmALXh/+BmZq5 CO5o6t66uTUzuzpg2aJSSiFZzgi0VhS4LmuVgvA8lN4l15E/a3zTDRdDN/c3Fs+m dRFu5Z+Mt+PmCFrop8HP2CG8SIhLfcb5XF6xBLq6Ux61cBkxb965jqHGG5n5F46r aDzm4hRHr1IKeaJyRGptcR/1IqnSYMfJ38Yj4QhgdIoeCSv5tmA9QlUoyb6L0Qry oKK5oIetqjSSgoERMF308WIkgpKo4pXbisCIbOkxQFjdBwb0ky22NqPfkPMtPEyH DdFxBgqm0ChD7BW1APYhDdvOxY3StucrhSzmB0SpICQM8qyVw6/UQUXzTPEsNnuQ u1y0otoNEnGtV51+M+ysSInm1RpLVvw525R2ERK6rY/00Y5UjRic/Nwg04nq209+ gF4L2LS6y5iS6m7qxR1FrXL+xZuoaayF2sxEg6scF8Yi8BHof7T7mjOTO42AwfBR A8Sa9gugKfjIJfxJeuxUd8SkwvwKErHG9QTMz0qbAAmYV0oBc/g9QtF+CiO6OBQ= =VmMP -END PGP SIGNATURE-
[SECURITY] [DSA 2698-1] tiff security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2698-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert June 18, 2013 http://www.debian.org/security/faq - - Package: tiff Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-1960 CVE-2013-1961 Debian Bug : 706674 706675 Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tp_process_jpeg_strip function in the tiff2pdf tool. This could potentially lead to a crash or arbitrary code execution. CVE-2013-1961 Emmanuel Bouillon discovered many stack-based buffer overflows in the tiff tools. These issues could potentially lead to a crash or arbitrary code execution. For the oldstable distribution (squeeze), these problems have been fixed in version 3.9.4-5+squeeze9. For the stable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4.0.2-6+nmu1. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHAtbAACgkQXm3vHE4uyloDOACgozJ0lFhXdu7Ef6NVI2OhKVzU bdYAmweZ9zSg0QfyDtpcV7ncCvKSveaW =mHsg -END PGP SIGNATURE-
[SECURITY] [DSA 2701-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2701-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 29, 2013 http://www.debian.org/security/faq - - Package: krb5 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2002-2443 Debian Bug : 708267 It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition. For the oldstable distribution (squeeze), this problem has been fixed in version 1.8.3+dfsg-4squeeze7. For the stable distribution (wheezy), this problem has been fixed in version 1.10.1+dfsg-5+deb7u1. For the testing distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.10.1+dfsg-6. We recommend that you upgrade your krb5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRq7cMAAoJEL97/wQC1SS+XokH/32tha0CmciAxPGHrbMg2sdq sETbeDWKmClD9FLBBh4q6F69L6rA2mvBpuB01bL56UTvBHMOqHzIfyKYyhSDJ8N9 iU4FYQe3y2YHDyYhtMmckvsfPZeqQuxbBr9+zrEwZmi3zGzyTRMNeyfNpVdUo5SQ YpNcw3ycia3wIsuVrdp74TSUowAgojvvCVxU9F6JuiXc7SNbu7/PiPXt3d4Y9agq S/7D2IgLotNAclGP+Qwrvu4OEoZrGZ6wKMA5Elzh/YSW+LWQNTKRWAZu5S7KIkOb 4+4sNfaDoRaVmo6cY+VoQcDxxwabkyQVhtk9NZdwqhIm/wZAdw9pIb+UgH5b47s= =uI9w -END PGP SIGNATURE-
[SECURITY] [DSA 2695-1] chromium-browser security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2695-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert May 29, 2013 http://www.debian.org/security/faq - - Package: chromium-browser Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2013-2837 CVE-2013-2838 CVE-2013-2839 CVE-2013-2840 CVE-2013-2841 CVE-2013-2842 CVE-2013-2843 CVE-2013-2844 CVE-2013-2845 CVE-2013-2846 CVE-2013-2847 CVE-2013-2848 CVE-2013-2849 Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. CVE-2013-2837 Use-after-free vulnerability in the SVG implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2838 Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2839 Chromium before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-2840 Use-after-free vulnerability in the media loader in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. CVE-2013-2841 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. CVE-2013-2842 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. CVE-2013-2843 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. CVE-2013-2844 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Chromium before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. CVE-2013-2845 The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2846 Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. CVE-2013-2847 Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2013-2848 The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. CVE-2013-2849 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. For the oldstable distribution (squeeze), the security support window for chromium has ended. Users of chromium on oldstable are very highly encouraged to upgrade to the current stable Debian release (wheezy). Chromium security support for wheezy will last until the next stable release (jessie), which is expected to happen sometime in 2015. For the stable distribution (wheezy), these problems have been fixed in version 27.0.1453.93-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 27.0.1453.93-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list
[SECURITY] [DSA 2642-1] sudo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2642-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert March 09, 2013 http://www.debian.org/security/faq - - Package: sudo Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2013-1775 CVE-2013-1776 Debian Bug : 701838 701839 Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 January 1970]. CVE-2013-1776 Ryan Castellucci and James Ogden discovered aspects of an issue that would allow session id hijacking from another authorized tty. For the stable distribution (squeeze), these problems have been fixed in version 1.7.4p4-2.squeeze.4. For the testing (wheezy) and unstable (sid) distributions, these problems have been fixed in version 1.8.5p2-1+nmu1. We recommend that you upgrade your sudo packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJROvQlAAoJEFb2GnlAHawEXIcH/0cASxNsRL3Y9on8brvEnpah 0B9qQ1NY9pzEQLzdQjQ/rJpzb/wK46Cx3aI6XpTxy9AbDNiQPgjxujbcQDtNNWQU OYsQl0O77qhPs42v2TAGEnNoVtrsdiWNSIAwV4YOz3H/gc/Q8z3awpsvx8DjT+Q3 mO23mQ1ukHivwfPam5l4FegCGM4sZhZjetiRb9zjVKtpDvZpD1SEUfGU+sb/CZ8s 622vJ7zGBGF1tbeY2ff2JPG7t7QWXx4KDNLup9yA4CqZzUYZEX6k8j7ATS8VvZQk XhSiWDldVYgeO/uZlO1jRSZLB0XCJLp9UEqNxBxwKyjPVl5kIORzC1hljpJKeHY= =Czjn -END PGP SIGNATURE-
[SECURITY] [DSA 2629-1] openjpeg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2629-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert February 25, 2013 http://www.debian.org/security/faq - - Package: openjpeg Vulnerability : several issues Problem type : local (remote) Debian-specific: no CVE ID : CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 Debian Bug : 672455 681075 685970 CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images. For the stable distribution (squeeze), these problems have been fixed in version 1.3+dfsg-4+squeeze1. For the testing (wheezy) and unstable (sid) distributions, these problems have been fixed in version 1.3+dfsg-4.6. We recommend that you upgrade your openjpeg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlErtgkACgkQXm3vHE4uylo31gCgytYXqkTSxBvm0P3Odrzi8H5Z vEYAmwYgy02si53Cu26cnGNTNxZM8bgr =TxAK -END PGP SIGNATURE-
