-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue. CVE-2019-13727 @piochu discovered a policy enforcement error. CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library. CVE-2019-13729 Zhe Jin discovered a use-after-free issue. CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. CVE-2019-13737 Mark Amery discovered a policy enforcement error. CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. CVE-2019-13739 xisigr discovered a user interface error. CVE-2019-13740 Khalil Zhani discovered a user interface error. CVE-2019-13741 Michał Bentkowski discovered that user input could be incompletely validated. CVE-2019-13742 Khalil Zhani discovered a user interface error. CVE-2019-13743 Zhiyang Zeng discovered a user interface error. CVE-2019-13744 Prakash discovered a policy enforcement error. CVE-2019-13745 Luan Herrera discovered a policy enforcement error. CVE-2019-13746 David Erceg discovered a policy enforcement error. CVE-2019-13747 Ivan Popelyshev and André Bonatti discovered an uninitialized value. CVE-2019-13748 David Erceg discovered a policy enforcement error. CVE-2019-13749 Khalil Zhani discovered a user interface error. CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13754 Cody Crews discovered a policy enforcement error. CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. CVE-2019-13756 Khalil Zhani discovered a user interface error. CVE-2019-13757 Khalil Zhani discovered a user interface error. CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. CVE-2019-13759 Wenxu Wu discovered a user interface error. CVE-2019-13761 Khalil Zhani discovered a user interface error. CVE-2019-13762 csanuragjain discovered a policy enforecement error. CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6377 Zhe Jin discovered a use-after-free issue. CVE-2020-6378 Antti Levomäki and Christian Jalio discovered a use-after-free issue. CVE-2020-6379 Guang Gong discovered a use-after-free issue. CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 79.0.3945.130-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4llMsACgkQmD40ZYkU ayg88R/5AeaSNr9uALF6AJWnrBebYbLQWcXp+Fnyjn5FTWfESBNXfbN45hOi4zv7 dmGyowgxvo97Ai++3bu5mqQ/9xaHC2LmUNzxLsrnQqAUV9r4ZZcsCVU6nMJzM19Q +vDOYSvYEQ6geN0Es0ylB8dTPPIh+TP9UDgdjNw+BRN9vvdKKmNIT4NsgTFQVbVJ +fEPptfHMGpg0LUEIUQtUkQcvab+mEBWeRoKdDGNm4gpt1et0APv2tVZMP84cc5M JNn1Tq0oqdurf9xeMDgg7gx3MI5LIo7ua98BY8t3Y2a5dgLk8xv0PcmSGRqOprlG VreRNDM7MnJyrcQmDnObyfg2/fJ37VDUA45ROaevOAGjO+2cADrPuS5KfstVV/bc iwpQ4zIomH4qvDtOJL6CGeao7F9WTlr2ChQ/ftQTKwAkfi35+BNeQVEisd0iDeRT 6bP6OP4kuzPmffNyZvfaGwwGqTd364fEAyHljRNPUxX4x3LPnwLyELizAjuUHKBr ZdrQcBUU4mN229Dp/jotFBVpWuZbxdXlbIdmPOhYkjBQKUUL+7uWvUGrYICU6TJe nQGUEdDzycuiciE1HeLaZywf6TFXU8LMwePO//m+TiqaLg9S6vHaP8PJz4M61Vik rlv59kaH5H0HA5S0gnFM6GEPdSWwLkpgSqcpPwHvDHW2WUEKBwQzuwj2LoLv20VD neUCizOVpltBOiUTulkV1kTK4mgNcfhOqRE9ReXjTE9hdQ5ITKkYj8+O4k2URB8u hdsEWy4m8q1/uy1w6Y9iAW8NaYmIK7U+pFX7D/d1j+R3Wsv5whZQQQ4iGX57UUgk 7lwHTbCwFEp1g5I6UEqD8xtJeqr7m3lYk66R7Cdez1qV1JAMgK13c8nTu9w9IiAa ShjQ4PRAu5dlNeWecsobZs6h3e3Js0g0bCg0QwfbMgK1qE/OrZZ6J4A6ilLPzlcX poNP4hAnAzN22Q/18/T9Bm6t9IVcR1qmt8F/D3iEW0xXb2Pr9VA9kwKmUvxr1E9t 2J65Yh1gz/okYaHONMDAK5bOkqohsV+p1geJkyywqTP8aTK+hzdZ4jRnOGQDddAO IAhADjGLDPuGeOnBX/otTmcNA883OOh/U9j/LA51m/3IchzfrtuAb8Y7EsYauAaw +ZdGaFuL0d5AgtS0CHkvHdtzAJcde7oyHAkiRH6O0Bnr+vvDkedneV0ubuz0p06Q E1ShBBvgRjQ3ZsRJhY57goxWTLHwpgAVz1QJNfU3GiDuPQnXsWwBRpLxhLhEIHl0 eCrqE23BYBCibajwf+mS7SES1Oa/zuQz3WSmnpAvwJh7Y1j2jDoHdd+sDCdN+GLs GotIlVoZiFMd/ykx1yM/EE0ukZw/fg== =a1dW -----END PGP SIGNATURE-----