-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5783 CVE-2019-5784 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. CVE-2019-5755 Jay Bosamiya discovered an implementation error in the v8 javascript library. CVE-2019-5756 A use-after-free issue was discovered in the pdfium library. CVE-2019-5757 Alexandru Pitis discovered a type confusion error in the SVG image format implementation. CVE-2019-5758 Zhe Jin discovered a use-after-free issue in blink/webkit. CVE-2019-5759 Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements. CVE-2019-5760 Zhe Jin discovered a use-after-free issue in the WebRTC implementation. CVE-2019-5762 A use-after-free issue was discovered in the pdfium library. CVE-2019-5763 Guang Gon discovered an input validation error in the v8 javascript library. CVE-2019-5764 Eyal Itkin discovered a use-after-free issue in the WebRTC implementation. CVE-2019-5765 Sergey Toshin discovered a policy enforcement error. CVE-2019-5766 David Erceg discovered a policy enforcement error. CVE-2019-5767 Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface. CVE-2019-5768 Rob Wu discovered a policy enforcement error in the developer tools. CVE-2019-5769 Guy Eshel discovered an input validation error in blink/webkit. CVE-2019-5770 hemidallt discovered a buffer overflow issue in the WebGL implementation. CVE-2019-5772 Zhen Zhou discovered a use-after-free issue in the pdfium library. CVE-2019-5773 Yongke Wong discovered an input validation error in the IndexDB implementation. CVE-2019-5774 Jnghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation. CVE-2019-5775 evil1m0 discovered a policy enforcement error. CVE-2019-5776 Lnyas Zhang discovered a policy enforcement error. CVE-2019-5777 Khalil Zhani discovered a policy enforcement error. CVE-2019-5778 David Erceg discovered a policy enforcement error in the Extensions implementation. CVE-2019-5779 David Erceg discovered a policy enforcement error in the ServiceWorker implementation. CVE-2019-5780 Andreas Hegenberg discovered a policy enforcement error. CVE-2019-5781 evil1m0 discovered a policy enforcement error. CVE-2019-5782 Qixun Zhao discovered an implementation error in the v8 javascript library. CVE-2019-5783 Shintaro Kobori discovered an input validation error in the developer tools. CVE-2019-5784 Lucas Pinheiro discovered an implementation error in the v8 javascript library. For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlxrbrQACgkQuNayzQLW 9HNIgSAAsHumjm9w9vEeKVTHul1sou7vCptw36hqj5ueIxnGRPJNdFEAttzXqbyo 2qaNYcJ1iBt362k12iqECOq8pF9JA61WK26OL+kb6vWohT6X1uyK8aJ5EN8cGElB 8vXzT5ce7uDfNwucQsZIlKuzD/aLDdIwW8cDJlNLEpA4tBpQOWqV22dTVXdcu6sK 9aUTqpOPGaGbAIHZyAAHNbOPIX99Bx51fcVZTZPqoKQrCPYAgXnLPc/TH4vYQ5lg TqBRPxPc3xRie5QzOTT4BlqRFelvUy1+JDwTRkAMZkxnNEEgj438wtuUxSIQM1o2 Q5HnIYg7GCc2xUlrqSMuwBBiWP7LUYO80TIOClBE45XVMMrMJZ6tHxQy+40I4DAM 9q5mIjGZVhnMVd/x8SuPlD6LS/vcH152r6psThlPJ1gqZyoah2gJEBIShKYSVEft mOcUOaZ8UF+xAiJBjGoAueQQHGPN8/pIvwu69BtdqciH3mx1iasKU/UrxHy7AVMJ ag1QJ7iynVL5Ang9oeW/AoetbUFuylZSFf6RE94unCVjfbuk6GwlE0PaKi13MHy+ WRDS4+66MHpIYAgXpoeL1/v2MvZ+XC0WJ5KNtowLBvptB/aUK5cpG3zPt1Kwlmoh XfphFnsgUHVtBvgTlSJhAqBJcD0qawbV8hEq2mLurjFcLV5Mu5jbIN+3oBIufW57 fsb/K2fJbfbODbHjqXqy6bCdZHTuDKsIgKo6oB7sqSE1foMC9ZH4LHSy8dEzFWeT hm2iajjmWViyrIBKMv6mpDWO49eH/xQyJO8GHWZ/OFCEVzzJdzhsJWOtp7kBxzDo 5a/LY4wJqp4BsJsaummUbXlqmcXSqlJMTR7t9pLDR3vo4WPWQf2FzIHEjOcivIFP QjnMVT9KRMLH2O+Te43kUkfQM490S70N26FGyBHB8EZhzRUNhMSgBksWLEy2xPqM /9Xt1Pqy7RA1Q9jM83uKTvuYvts7LnPEuHFwd3jEHvB1CcMqCtO8WTVIR/ZxDRTs suxMnphsNQXTKd159gmHzyCY3X+TGZAQTtSAluLV44ODrWhQPhYJ3E4Aa3XD3zkj uMUycnbaS49I6LpnxlVWeSGVPEUhA/nTt6eo2PkVE4CWwmDnAK7F2NlptGcfmq7R CX+PPA8AeB9Ohl0G0IT12zyAeVZbgv4SoGRN741XrIuiwJ9+S2futIpiS7az0UEF 7C4bMqeuypXPe0qden7EnSqqj+YtHh8yY3plprMFw99DzR6s1GITaXapxEkobtHe nb7HlqFrsFs7xet1X5wMfVqQ45G7nL7ULuNDvKGVgC9md+GuYfumnlGjyJfKic1s GWhNeBf1JXd++/su5CgcwnHqrooCTg== =iYBG -----END PGP SIGNATURE-----
