This bug was fixed in the package chromium-browser -
68.0.3440.75-0ubuntu1
---------------
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <[email protected]> Wed, 25 Jul 2018
09:22:28 +0200
** Changed in: chromium-browser (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-4117
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6044
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6153
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6154
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6155
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6156
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6157
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6158
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6159
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6160
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6161
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6162
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6163
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6164
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6165
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6166
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6167
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6169
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6170
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6171
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6172
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6173
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6174
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6175
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6176
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6177
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6178
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6179
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772448
Title:
launcher script runs Python 2 despite checking for /usr/bin/python3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1772448/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
