-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3637-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert July 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox. CVE-2016-1707 xisigr discovered a URL spoofing issue. CVE-2016-1708 Adam Varsan discovered a use-after-free issue. CVE-2016-1709 ChenQin a buffer overflow issue in the sfntly library. CVE-2016-1710 Mariusz Mlynski discovered a same-origin bypass. CVE-2016-1711 Mariusz Mlynski discovered another same-origin bypass. CVE-2016-5127 cloudfuzzer discovered a use-after-free issue. CVE-2016-5128 A same-origin bypass issue was discovered in the v8 javascript library. CVE-2016-5129 Jeonghoon Shin discovered a memory corruption issue in the v8 javascript library. CVE-2016-5130 Widih Matar discovered a URL spoofing issue. CVE-2016-5131 Nick Wellnhofer discovered a use-after-free issue in the libxml2 library. CVE-2016-5132 Ben Kelly discovered a same-origin bypass. CVE-2016-5133 Patch Eudor discovered an issue in proxy authentication. CVE-2016-5134 Paul Stone discovered an information leak in the Proxy Auto-Config feature. CVE-2016-5135 ShenYeYinJiu discovered a way to bypass the Content Security Policy. CVE-2016-5136 Rob Wu discovered a use-after-free issue. CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS web side had been visited. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.82-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 52.0.2743.82-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJXnmiAAAoJELjWss0C1vRzfkEf/iAQmyjeea5CZznERzq8DZ19 1/kZRSeEnF+mksPDiAWweFPvuLMrNPbWWJuciG7b6dxhLOHPjzoob0+d7WD73A2V iAHoHSAUPFlOXImSw2lheamgDOoqlmlIb7FAKe6T9e+WasI8y6S+gbSsClO+L7/n WU9N1PtCK1A6sizapxv2HlKnBsYDRmVcgsl90poBk/oV+IQ7ztOdEejos+sg7XOP 9g4/vtisSwwwMMv61LyV00IYBfw+Inq/6IVDPB0PrLUMhI+Mn9mwZAIyAdLsJAow tfySYV2QSgv2MYr+ln04XcMt4uvWDxQ+HJkIY6mRxZG6D4ysmkllCdB9RYvoBY0a mLrldEcD0+78PlMJEtBZ67WJPHINZhQIuy9dLftBsmw9ZXAeX42t5ZzamXdeU6mL 5bDRxMTm28ZV6d7thH/HQ+jiZjE0xEIneeVPQMZSEKsUj8OdNyfX7zYus2Dagqjx u/5pZX+HkDujUCXHu8sGE0zOQCEK7fpsYTcSjNdllorBtbVEqQY2w47uSNR3aN2L ud67Yn9+BtnJhds9lHIlwuEkPBL4doZZmoeLn5o8/mQm6EnHYN9lu4HiAjVjzufK vQ9mZovxaJAx23cmeLrr3mZyoQ5bc2tKCHVaBlJrA71Th31evIVhNsAZ/h371g3Z jELZw4o390N0CkiUKGA25LRdPX6KhNi+xJ8VlmAQhvvb5QRyBDAQOvJ9a5309FhH YWhEmRqZf+i7bPUC0XhcpWyG6AeStDSdLHnleLCkKNYuAiBJBYSXyGlv+mD935Nk PVFGrPa7U6WpeuEWZoyEzVNVF4IhQZlOspnNloDZiQw277lKNKUjxvUERU0ElK4k C9KO7U6hVrU/ilW1KgkPjEA1j0kdIX6luUFuh5IPOtkk//WD6BnPZBLCHaRjYp4G aJXrNOiR2YOcmeqNfoA7q+rtXmXEKj9GNNp0HzgcTZhTEV7/JG+rnplEypADVgOB yCz5T4nmMMEFJPhDlEr5cH70lZDpZ+Oul8BKAJGsIwbDB9JSTyXMzwoDVD5BO4k8 AwtMdLoXRxxKkQ5f/TUBOiCu7JAmPNl773HFVBbqtA+j3727sXfoc3sffPwIz8yp AMjYheT4xB3VBzSR+SzW352fz/NmpcoJCcisiVZut70+XCCu+lJZbQ4B0OT04KHa 2rtVpoNf8aUaaXXSlZIjJ4Cl0nefQT5nflJjKb7XcBeXwWpWyT9X4TittKjdlPHT BNWgKs4iN1xuyqZBKrGf8Ldy2VmNjdTZKeCaDnzHsmvbpl+eeoez58Lp/3dpyZAQ T02HeL3JM+JRq6RK4KSnwt9LWRP9DnM3kX6mf0SwFzmmzyBU3l72nnN2jG9NBGA= =YNYq -----END PGP SIGNATURE-----