-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4421-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert March 31, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5787 Zhe Jin discovered a use-after-free issue. CVE-2019-5788 Mark Brand discovered a use-after-free issue in the in the FileAPI implementation. CVE-2019-5789 Mark Brand discovered a use-after-free issue in the in the WebMIDI implementation. CVE-2019-5790 Dimitri Fourny discovered a buffer overflow issue in the v8 javascript library. CVE-2019-5791 Choongwoo Han discovered a type confusion issue in the v8 javascript library. CVE-2019-5792 pdknsk discovered an integer overflow issue in the pdfium library. CVE-2019-5793 Jun Kokatsu discovered a permissions issue in the Extensions implementation. CVE-2019-5794 Juno Im of Theori discovered a user interface spoofing issue. CVE-2019-5795 pdknsk discovered an integer overflow issue in the pdfium library. CVE-2019-5796 Mark Brand discovered a race condition in the Extensions implementation. CVE-2019-5797 Mark Brand discovered a race condition in the DOMStorage implementation. CVE-2019-5798 Tran Tien Hung disoceved an out-of-bounds read issue in the skia library. CVE-2019-5799 sohalt discovered a way to bypass the Content Security Policy. CVE-2019-5800 Jun Kokatsu discovered a way to bypass the Content Security Policy. CVE-2019-5802 Ronni Skansing discovered a user interface spoofing issue. CVE-2019-5803 Andrew Comminos discovered a way to bypass the Content Security Policy. For the stable distribution (stretch), these problems have been fixed in version 73.0.3683.75-1~deb9u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlyhFtQACgkQuNayzQLW 9HObTx//fcUdPrGy1LSyubHBOocVFnh0BDaljGywbCWCEThuXDoCJM24d41+tscd MH3/Ule85bBm5c7wJiURgWXvNjUUeWvAafnCkXiwGvzpx6/U3DDnp1Af/CTMBT8k 6QTmhuzEqFt5Nf3UCXrfdR8I4ZZiwdE+7znS1P/3IPxjSyT9AOTcbOJzGm94Ig+I t0Lvvcb8dcA0h9ETsvau5lXoLpsLkEzl8rGZlaof1uWZIbyEm+xxC6QcteooTsZd oo30EgYeAlBsndkapzbVhQZD/SgmNvgIspMXrFP6rA5rNuFAJi5W92eApr5EKpLY O5mISCYY5naCUhE/QDWPoaUyFiOV0D5mycIuieYLBFT0LjU41xjSuuh1M3KV49Er fBeENaC1D9pehKQOH5aoa0ug0uzxyjzhOuBFQp/lMsuYlIWzD+HCo7EyPXFK13j+ 2pIoUKqi8/CymSD8qj/LPmcFWKMNuR47CHUb2FVvQeyrAzRKAPJeB616xetYFSEW 23zzLdt09DhGitRhzGpSNj08Ata/uTcHfWgZdYPEeKNituVa0PrFvZ1V3Ki6WeeY ulMoeW/GWTcfhcpauv84BXpy0oPFXCDYxYRgdxBtVtBbc35JZ39aJvmrdOOUIlff mPaadmoe2Jp0GQZY24gmb2AX4y7bRD+gR1jvISsXr0749N+GvRmZBgiP7LfodCp4 chlw4GKtyhE8ZwdihPwt7q/7DNV/vfhiEmysdhkYq6NSicYlVBZ39qjv0e3pBXOm bksuk/yRGvdPxQWdJ2OWuQY9DFxaLJduhNg6JLftMdCYSNtY6J8q/N5qm1oAGEqV Pf3MB72OePHGL6aOyYeOI46q2il881gFp8HDeQYVpVQh14/YFAvXf8l77jb+7701 ZERMSzHkadybixmQW9VK0cEgXV9qrO+VwSQ+wz7c6UClTskPKT/+cVIfr4sfpIBh AQ2u8TAIt2gxFbJv+T8y1gvGQaglR93W+WVYocBnw6MdBV5xdecnrj6KwzeGB7f0 /1T7c1Fv2+xE3OZRiQdXM1CFwh4YtjYsJwB4inYArR8ud9b/RQ2j1AFzX+pqzRjS SIdY/AHcMV1gOvtJ8rUrl2WleIaX+GYblskZLqxx0lwpJ0Q+i9lSeRBD1oeHcHXm cLOrbzKeYeIm7tAWQgV29Rg1Elm4gjQTjFWT49TmZ+FVjTjrupkNsskYfkqe/Xzt geEUj0uAyz3lotRSUL/x5cIsKqAybTREUMjN9NHUuOQTvshUv1ltP92p3QENfhlg OtS+ICE2LzR1DfpgvC40ZbM1Vb+ydy9aOrCG9+O968vBIzHO5J8zgvANnzevy8Ml oVASke41lHKH0wFa2CMi1c/UNAJL0g== =DdTh -----END PGP SIGNATURE-----