Your message dated Mon, 18 Feb 2019 22:09:36 -0500
with message-id
<CANTw=MOqCjyjsw+DMdOPJN0_GUtHRc0=7u+4+kojurbtt-l...@mail.gmail.com>
and subject line Re: Bug#921521: chromium-browser: CVE/Security fixes missing
in stable-sec
has caused the Debian Bug report #921521,
regarding chromium-browser: CVE/Security fixes missing in stable-sec
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
921521: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921521
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 71.0.3578.80-1~deb9u1
Severity: serious
The stable-sec package is stuck with version 71.0.3578.80 and is
missing security updates for several CVEs. Take for example the list
from 72.0.3626.81
- Stack buffer overflow in Skia. Reported by Ivan Fratric
- Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand
- CVE-2018-17481: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported
by Klzgrad
- CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay
Bosamiya
- CVE-2019-5756: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis
- CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin
- CVE-2019-5759: Use after free in HTML select elements. Reported by Almog
Benin
- CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin
- CVE-2019-5762: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
Reported by Guang Gong
- CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin
- CVE-2019-5765: Insufficient policy enforcement in the browser. Reported
by Sergey Toshin
- CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by
David Erceg
- CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu,
Yifan Zhang, Luyi Xing, and Xiaojing Liao
- CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by
Rob Wu
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
Reported by Guy Eshel
- CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt
- CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou
- CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by
Yongke Wang
- CVE-2019-5774: Insufficient validation of untrusted input in
SafeBrowsing. Reported by Junghwan Kang and Juno Im
- CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by
Lnyas Zhang
- CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by
Khalil Zhani
- CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported
by David Erceg
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
Reported by David Erceg
- CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas
Hegenberg
- CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao
- CVE-2019-5783: Insufficient validation of untrusted input in DevTools.
Reported by Shintaro Kobori
--- End Message ---
--- Begin Message ---
version: 72.0.3626.96-1~deb9u1
On Wed, Feb 6, 2019 at 8:03 AM Charlemagne Lasse wrote:
> The stable-sec package is stuck with version 71.0.3578.80 and is
> missing security updates for several CVEs.
Security update has just been released.
Best wishes,
Mike
--- End Message ---
