-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3456-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620 Several vulnerabilities were discovered in the chromium web browser. CVE-2015-6792 An issue was found in the handling of MIDI files. CVE-2016-1612 cloudfuzzer discovered a logic error related to receiver compatibility in the v8 javascript library. CVE-2016-1613 A use-after-free issue was discovered in the pdfium library. CVE-2016-1614 Christoph Diehl discovered an information leak in Webkit/Blink. CVE-2016-1615 Ron Masas discovered a way to spoof URLs. CVE-2016-1616 Luan Herrera discovered a way to spoof URLs. CVE-2016-1617 jenuis discovered a way to discover whether an HSTS web site had been visited. CVE-2016-1618 Aaron Toponce discovered the use of weak random number generator. CVE-2016-1619 Keve Nagy discovered an out-of-bounds-read issue in the pdfium library. CVE-2016-1620 The chrome 48 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.7.271.17. For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.82-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.82-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJWqL5AAAoJELjWss0C1vRzIIAf/AhRDnBaJlyd3Y8akhFRBH5n FBm4XT+vo4gSPIH/zMHeZFerLjNTSyl9sf9zr1Nk6U8D+U3QM0gLPb+Xvbgbx6Ub yEEGUu69VNh9Z5hpr6as7ISeDSbJZp4r4b9Ef08zNx5H6R5YNm6rhp1duC7SeKx3 6D3Zs3uxPeRLEHYX6NUOI5BhriJzu0SPY8h1Nk5V0lKJwgVEY1gpwshAjb7D2hPX MoKshsgn/TRbMotcxPsp7JckMJtJogelHnPH67jhD9UNGPdbAyAXvuHaEYS7Y1tC WFB8oNGilDEYHBuyuZMNMM4p8kIqGBgQjaYomD1GjdjkYJNqGeXO1j3BP+Fg+OSH q9J4xOTaHbc5F/7xZB74BbvF9JTSx4/eH0tAXzSCTKdqwxtOjpZXiuUnNehwGS2C 6qRwAQ5Ih/hlIgKZzfJXJ4ZUnM1OvQ9igPUeQKEoK76HycrVUSnqAopIjRrOxvPx nox3emuR10eXszV63aW20mIPwsqA3wfdxmPTIHJdq3Po/5SLfQus09IX//3IhjXq SHQgTu3xkz1u8nOKTHx2c2FvdfIoQNq8HP16CvVj02XqPvqeFg+ULifKBLB+5HZr 8CisZk9uTQhl8toysS2RGcxXRmV56JnoClh5IMTiQOx9Ox5b7BKNjWEzMlxvP9IE 9l2wRD5kR8YGghrRItspm794Y+mbp/PAImjwBjWVW58q54Nx5WqfvOkr5glJiBvk Dq3p6Si+RLdMYJx8RBLIgcWLp5yz/8WMmDeurlP4QY6VkLctVR6CWXHqTs/AQnJM +py+Yxfk09pJhUUd4OwRHTW7gxM3DYzhmdPBoHkV1oV1XVGtoX0C5I+9dYz323e/ EKvMBZ82n7Ithtyn8bcPD7KlS3HO96gJsDvmFuCvZTl0ycy4fbZCllRnwMT8PR6y JhvuQfyrLLUWJLEZo0k28t3QUY0L6qYQMastzOXl6nd898XLHBO5vvozR3aaFxbN TKnda7mz6zDrpcxOnkibBczMkVnICbKBCoR+mADogvqddknBbW4qSqmrkw9BJWNb slxCvTQV+0UknDh17RW2IC3X/4MFJem2+7UzKdL0H8i7kG7Sgjt2J2jji0ag6mtm 6Lue6gObeGvw5QyeOgRLxOOM2ALH2LP93OhOxs+cTrh1b/rssGif/PqNHsmq7ljy 0fbXbLxbsOy/41V55NMh4JeJfS5y6GETFZH8LeR/nu+VZJtrdZevzdM/l5LWCqzD vnN21bAkB/19Hl7KiSOPVrE6lV5u/I64mSPl0Ai0OwaAXNPKdXU7DMJfgf9lx94i m/4bpATokopLJ+NoTq6YIx0u5B7Ds/y7OEaKcABOf8pRies0l2sUTy3o3N8fjXo= =9hnu -----END PGP SIGNATURE-----
