-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3645-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143 CVE-2016-5144 Several vulnerabilites have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue. CVE-2016-5142 Sergey Glazunov discovered a use-after-free issue. CVE-2016-5143 Gregory Panakkal discovered an issue in the developer tools. CVE-2016-5144 Gregory Panakkal discovered another issue in the developer tools. CVE-2016-5146 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.116-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 52.0.2743.116-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJXqSxLAAoJELjWss0C1vRzZAMf/RlCz2hHRmB+2Ohkws4NYE1b Vfmfwk/CC4huOIURfkGsxa0ybUOKL3/477xpZwBnpngDe3fxMaKpBM8Z2/MGbk10 r93KFtW+1ULgeN64FJPRsROkcmcQS1q+W+PXMmVUIt61FiThzg7RG6klNu5IKTU6 s9RgFGuXiD6gY4SuBw2jq/RHI2KxXSW61WmRMyr8GHpRevds+Y4EU3xOwce75CNc XEIes0fU4FuI/tZrzI8NEwcvGF1Q2GyV6iMeOINXHcZd0et+IW0f0dWY6V/V46U5 Q34wVmBLFVUHj50zQCA6QulhvJO83exspskXHk3IPPUZdW9ruImhQ3OqWW6vhTlT DJ3Gzv6TwEhsR3c+Nw4r1UtOCiD5TlCKiOmqf5CWeG7bYPaBGPCVaIxTQF7Qznpt amRpUyUCry63+/jzyqRnVDM3YoR4E4wgvYWkFgnBOrm/Yhr68FL7Bbb4iIGFuaXV KXpEDizxG0HxN/P68c1TsGQnO6rOck2LYZDh93c+RmS6j+Lx/m/1L8QUSnV9hPsW mc/Mch09BgDEouU1HyHt/XupSoPc3ByuPY8PwqotH6c72r8zgALNR4eUK9K5bWM7 pFBquQT4AKkyqczGzkBxHOkR4fvgtRr9jzwNzgAz4SaAKw4/ApoybEza3LtERds5 41QjIx40Jq3Q7pmPcjpIQZ+Fmpir8e/8PptnZfuZVKC6VeO1qwBRrzstuDAO4uB3 pU56M3+L3yobHWb52XYZY3s1sukILKOvCazbDwl0Qcgpwq8a6Gzq1B/N5+rD+9MS ipLxw6y6c2LL+0l6p/q9rl8BesQkF5EHdienW6p6VhkRhnT9RbKNtRDiYlD5i4G3 2k1oUkMCF7zfF+ft6bg/+E4pN4mYYm9T8RXklV47av8xIoXxz5z327kpKX4TZGqq 2f8EpbsvAVk8tO7JT0g/fCoR23KV28rDo8CdWIboa6WnaxqC3qEo382MmQsGtx1m uQE3mDFJp9w1m7Bye3VYDIv+HA20mX7rXSxH8DeabRmk1OYZU9cIRWANW0ozsv5p vJUdnCK5nk7gsE1Lpm3ERpu4UOcQBKM0XIKQ6GirmmBZBCDuglCdaKb6ox1vdqoF DjbusiZvfC7sZDYKtLNvJR9fKHrQZf2WZlFYfBPmthjLzIEH/ZCmzVUEigSeFQUA i8w4jBkCjxBLDNaUBX56o0B+jGAXywF2K5wnqjG7i8OBRC8LypRWyAA3s5z81V/G thoYOQqk3RQO03w+f9OECmCQ+BGC4iRdvOvdqn5r5XZsUEpTI+cvelRr6S2RWLCx zpUwPPRbr2ATf/XulSuYnQPGHt5haLcYeU+rKvSibOg6PJRNwDaGiZT934KoXRA= =d+e+ -----END PGP SIGNATURE-----
