-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3985-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert September 28, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : chromium-browser CVE ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. CVE-2017-5113 A buffer overflow issue was discovered in the skia library. CVE-2017-5114 Ke Liu discovered a memory issue in the pdfium library. CVE-2017-5115 Marco Giovannini discovered a type confusion issue in the v8 javascript library. CVE-2017-5116 Guang Gong discovered a type confusion issue in the v8 javascript library. CVE-2017-5117 Tobias Klein discovered an uninitialized value in the skia library. CVE-2017-5118 WenXu Wu discovered a way to bypass the Content Security Policy. CVE-2017-5119 Another uninitialized value was discovered in the skia library. CVE-2017-5120 Xiaoyin Liu discovered a way downgrade HTTPS connections during redirection. CVE-2017-5121 Jordan Rabet discovered an out-of-bounds memory access in the v8 javascript library. CVE-2017-5122 Choongwoo Han discovered an out-of-bounds memory access in the v8 javascript library. For the stable distribution (stretch), these problems have been fixed in version 61.0.3163.100-1~deb9u1. For the testing distribution (buster), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 61.0.3163.100-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlnM7E0ACgkQuNayzQLW 9HPaQB/7BLQfY2DRCMoj0/WVxKCuR3DCjZasEeh6RRzPWUYMsvECBoQ+oeSdN6uW aZX4XYGY1OkE4cmKYoQCOp7wMQ7KD6hIWLvNTR9gC9KMmpxekiqrWTmhDzSCR6on /pYlguy0vCjtWfsGBMz9Tjba72lOGpMvW6Bbo9EvywN+pNeLNoKwkHFucCTwlSNH X/fLOZTxdFFHlSPq7fxFgvQQq/y1PcaPxWiJvw62ds+AFV6O03OdR4/vJBI4d8OY cwJRbZi0T91ary50MNuGZgLtA5PaCXBfBfXsx0MXTvMcpmNw6auKjUr2AEwKcB0L fs4iFErXjxciz2Lf3VoepJhPjeRL35R/rkxKXV+71uXZRlpMYqXd8mZdnZZ+cSEZ DoqJKSmr/PrwI6KSwiP1Gn2oWoxkjEV2T3lIAW/IdwX26rh0ruNjskPhZQbLmhlR 9OAW7UsMxnTzOxVV2BNghi7aQlyeq2pVFkakMQ2fMt0e+6YmdEH7I0CzOGXncCSK c5VocSHvZfwaCw0FeqYLocHz4s1o9SR8qhcI6HiCV1PCRfAe5It5P90PTcTNJMP3 5D+efQ/cxU7u7IXep8mE8fDin8v1kYRcMCgxB7VKHQaPY8uJlCqH89RKf9NgggNe 8rAAlPUhkDq1gLzG1oWDFcFRtFuxRwIK+htQixcxNQuIDguxWFwL0lEUvdFe8wBp B/896t2MM6kCkwmf4xXGDFk5DrPVMtUh6283CypZSjhcMs02l+SUBY2e/67xeKYE KDcj+7D7yBsv7mddDisYx8jF34wiSBP8kE8MJuC39IdrLLTEgsbWDMs0e3E2oi24 1kZqgCKZqaZHm2Wc/+V8q/bubeaFGuQHsl4JOjnkuefg7wTrniDs73x/jduo3RRW 24FMVCdw18JJNNoSifT7Vj36oqr9Ei7yWjKPCyu0880R3Rf2P0Cu+JkCnpf0/yci jur+d3Cs6ij1mAXVuIY0BoJtOlaljs/epFGyVfcPN255QXX1FDEG++2u4ovfxxmP 6bGCfczqnUtjxgVdHAJvbvLDBSgSLr3AWCTAN4P9fI99zUWgFHSi4cz/+JtlmRMn 6S0w4r0YJsK0tCKL6hzt2PhnDrDt8sJyDOczxA5a15zq9GgQdpFQW7bHv8EEj2Wk tV3F4uHAqLKEgW4aEBaiIXvSDJlxy/FXeeVZXfl/V+by3BrNnmmy4CHJZcYZqh4g NpEgXY6e67+S9zbQ/YqK4TL0lh6YWRt8KRxGRVDdev+k/IGQTmB7GgpyMyphVC57 AmN+vOD0uhV0UsLSzHl0vECoC9y5ko+JmZKW6JaDDsI1ql/MxOU9Q6rrMfbduRNp ZHMd4PsWBQUvvLR6Wd3m/GWQc5EkZg== =+/ji -----END PGP SIGNATURE-----