Comment 9 for bug 1772448

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 68.0.3440.75-0ubuntu1

---------------
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 68.0.3440.75
    - CVE-2018-6153: Stack buffer overflow in Skia.
    - CVE-2018-6154: Heap buffer overflow in WebGL.
    - CVE-2018-6155: Use after free in WebRTC.
    - CVE-2018-6156: Heap buffer overflow in WebRTC.
    - CVE-2018-6157: Type confusion in WebRTC.
    - CVE-2018-6158: Use after free in Blink.
    - CVE-2018-6159: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6160: URL spoof in Chrome on iOS.
    - CVE-2018-6161: Same origin policy bypass in WebAudio.
    - CVE-2018-6162: Heap buffer overflow in WebGL.
    - CVE-2018-6163: URL spoof in Omnibox.
    - CVE-2018-6164: Same origin policy bypass in ServiceWorker.
    - CVE-2018-6165: URL spoof in Omnibox.
    - CVE-2018-6166: URL spoof in Omnibox.
    - CVE-2018-6167: URL spoof in Omnibox.
    - CVE-2018-6168: CORS bypass in Blink.
    - CVE-2018-6169: Permissions bypass in extension installation.
    - CVE-2018-6170: Type confusion in PDFium.
    - CVE-2018-6171: Use after free in WebBluetooth.
    - CVE-2018-6172: URL spoof in Omnibox.
    - CVE-2018-6173: URL spoof in Omnibox.
    - CVE-2018-6174: Integer overflow in SwiftShader.
    - CVE-2018-6175: URL spoof in Omnibox.
    - CVE-2018-6176: Local user privilege escalation in Extensions.
    - CVE-2018-6177: Cross origin information leak in Blink.
    - CVE-2018-6178: UI spoof in Extensions.
    - CVE-2018-6179: Local file information leak in Extensions.
    - CVE-2018-6044: Request privilege escalation in Extensions.
    - CVE-2018-4117: Cross origin information leak in Blink.
  * debian/rules:
    - remove enable_webrtc build flag
    - make ninja less verbose to reduce build log size
  * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
    (LP: #1772448)
  * debian/patches/add-missing-base-namespace.patch: added
  * debian/patches/chromium_useragent.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/enable-chromecast-by-default.patch: refreshed
  * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
  * debian/patches/fix-extra-arflags.patch: updated
  * debian/patches/fix-ffmpeg-ia32-build.patch: updated
  * debian/patches/last-commit-position: refreshed
  * debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
  * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/touch-v35: refreshed
  * debian/known_gn_gen_args-*: remove enable_webrtc build flag

 -- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 09:22:28 +0200