'Re: [SECURITY] [DSA 3645-1] chromium-browser security update'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: [SECURITY] [DSA 3645-1] chromium-browser security update
From:       Mike Moore <emmceemoore () gmail ! com>
Date:       2016-08-09 17:55:02
Message-ID: CAOMGSNTxf3mtkKxHoo9ARZzc8ymOhuRY0F-XPZZQ==byFa2uTA () mail ! gmail ! com
[Download RAW message or body]

unsubscribe

On Mon, Aug 8, 2016 at 7:05 PM, Michael Gilbert <mgilbert@debian.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - ------------------------------------------------------------
> -------------
> Debian Security Advisory DSA-3645-1                   security@debian.org
> https://www.debian.org/security/                          Michael Gilbert
> August 09, 2016                       https://www.debian.org/security/faq
> - ------------------------------------------------------------
> -------------
>
> Package        : chromium-browser
> CVE ID         : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142
>                  CVE-2016-5143 CVE-2016-5144
>
> Several vulnerabilites have been discovered in the chromium web browser.
>
> CVE-2016-5139
>
>     GiWan Go discovered a use-after-free issue in the pdfium library.
>
> CVE-2016-5140
>
>     Ke Liu discovered a use-after-free issue in the pdfium library.
>
> CVE-2016-5141
>
>     Sergey Glazunov discovered a URL spoofing issue.
>
> CVE-2016-5142
>
>     Sergey Glazunov discovered a use-after-free issue.
>
> CVE-2016-5143
>
>     Gregory Panakkal discovered an issue in the developer tools.
>
> CVE-2016-5144
>
>     Gregory Panakkal discovered another issue in the developer tools.
>
> CVE-2016-5146
>
>     The chrome development team found and fixed various issues during
>     internal auditing.
>
> For the stable distribution (jessie), these problems have been fixed in
> version 52.0.2743.116-1~deb8u1.
>
> For the testing distribution (stretch), these problems will be fixed soon.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 52.0.2743.116-1.
>
> We recommend that you upgrade your chromium-browser packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQQcBAEBCgAGBQJXqSxLAAoJELjWss0C1vRzZAMf/RlCz2hHRmB+2Ohkws4NYE1b
> Vfmfwk/CC4huOIURfkGsxa0ybUOKL3/477xpZwBnpngDe3fxMaKpBM8Z2/MGbk10
> r93KFtW+1ULgeN64FJPRsROkcmcQS1q+W+PXMmVUIt61FiThzg7RG6klNu5IKTU6
> s9RgFGuXiD6gY4SuBw2jq/RHI2KxXSW61WmRMyr8GHpRevds+Y4EU3xOwce75CNc
> XEIes0fU4FuI/tZrzI8NEwcvGF1Q2GyV6iMeOINXHcZd0et+IW0f0dWY6V/V46U5
> Q34wVmBLFVUHj50zQCA6QulhvJO83exspskXHk3IPPUZdW9ruImhQ3OqWW6vhTlT
> DJ3Gzv6TwEhsR3c+Nw4r1UtOCiD5TlCKiOmqf5CWeG7bYPaBGPCVaIxTQF7Qznpt
> amRpUyUCry63+/jzyqRnVDM3YoR4E4wgvYWkFgnBOrm/Yhr68FL7Bbb4iIGFuaXV
> KXpEDizxG0HxN/P68c1TsGQnO6rOck2LYZDh93c+RmS6j+Lx/m/1L8QUSnV9hPsW
> mc/Mch09BgDEouU1HyHt/XupSoPc3ByuPY8PwqotH6c72r8zgALNR4eUK9K5bWM7
> pFBquQT4AKkyqczGzkBxHOkR4fvgtRr9jzwNzgAz4SaAKw4/ApoybEza3LtERds5
> 41QjIx40Jq3Q7pmPcjpIQZ+Fmpir8e/8PptnZfuZVKC6VeO1qwBRrzstuDAO4uB3
> pU56M3+L3yobHWb52XYZY3s1sukILKOvCazbDwl0Qcgpwq8a6Gzq1B/N5+rD+9MS
> ipLxw6y6c2LL+0l6p/q9rl8BesQkF5EHdienW6p6VhkRhnT9RbKNtRDiYlD5i4G3
> 2k1oUkMCF7zfF+ft6bg/+E4pN4mYYm9T8RXklV47av8xIoXxz5z327kpKX4TZGqq
> 2f8EpbsvAVk8tO7JT0g/fCoR23KV28rDo8CdWIboa6WnaxqC3qEo382MmQsGtx1m
> uQE3mDFJp9w1m7Bye3VYDIv+HA20mX7rXSxH8DeabRmk1OYZU9cIRWANW0ozsv5p
> vJUdnCK5nk7gsE1Lpm3ERpu4UOcQBKM0XIKQ6GirmmBZBCDuglCdaKb6ox1vdqoF
> DjbusiZvfC7sZDYKtLNvJR9fKHrQZf2WZlFYfBPmthjLzIEH/ZCmzVUEigSeFQUA
> i8w4jBkCjxBLDNaUBX56o0B+jGAXywF2K5wnqjG7i8OBRC8LypRWyAA3s5z81V/G
> thoYOQqk3RQO03w+f9OECmCQ+BGC4iRdvOvdqn5r5XZsUEpTI+cvelRr6S2RWLCx
> zpUwPPRbr2ATf/XulSuYnQPGHt5haLcYeU+rKvSibOg6PJRNwDaGiZT934KoXRA=
> =d+e+
> -----END PGP SIGNATURE-----
>
>

[Attachment #3 (text/html)]

<div dir="ltr">unsubscribe<br></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Mon, Aug 8, 2016 at 7:05 PM, Michael Gilbert <span \
dir="ltr">&lt;<a href="mailto:mgilbert@debian.org" \
target="_blank">mgilbert@debian.org</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
                solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
- ------------------------------<wbr>------------------------------<wbr>-------------<br>
 Debian Security Advisory DSA-3645-1                             <a \
href="mailto:security@debian.org">security@debian.org</a><br> <a \
href="https://www.debian.org/security/" rel="noreferrer" \
target="_blank">https://www.debian.org/<wbr>security/</a>                             \
Michael Gilbert<br> August 09, 2016                                   <a \
href="https://www.debian.org/security/faq" rel="noreferrer" \
                target="_blank">https://www.debian.org/<wbr>security/faq</a><br>
- ------------------------------<wbr>------------------------------<wbr>-------------<br>
 <br>
Package            : chromium-browser<br>
CVE ID              : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142<br>
                          CVE-2016-5143 CVE-2016-5144<br>
<br>
Several vulnerabilites have been discovered in the chromium web browser.<br>
<br>
CVE-2016-5139<br>
<br>
      GiWan Go discovered a use-after-free issue in the pdfium library.<br>
<br>
CVE-2016-5140<br>
<br>
      Ke Liu discovered a use-after-free issue in the pdfium library.<br>
<br>
CVE-2016-5141<br>
<br>
      Sergey Glazunov discovered a URL spoofing issue.<br>
<br>
CVE-2016-5142<br>
<br>
      Sergey Glazunov discovered a use-after-free issue.<br>
<br>
CVE-2016-5143<br>
<br>
      Gregory Panakkal discovered an issue in the developer tools.<br>
<br>
CVE-2016-5144<br>
<br>
      Gregory Panakkal discovered another issue in the developer tools.<br>
<br>
CVE-2016-5146<br>
<br>
      The chrome development team found and fixed various issues during<br>
      internal auditing.<br>
<br>
For the stable distribution (jessie), these problems have been fixed in<br>
version 52.0.2743.116-1~deb8u1.<br>
<br>
For the testing distribution (stretch), these problems will be fixed soon.<br>
<br>
For the unstable distribution (sid), these problems have been fixed in<br>
version 52.0.2743.116-1.<br>
<br>
We recommend that you upgrade your chromium-browser packages.<br>
<br>
Further information about Debian Security Advisories, how to apply<br>
these updates to your system and frequently asked questions can be<br>
found at: <a href="https://www.debian.org/security/" rel="noreferrer" \
target="_blank">https://www.debian.org/<wbr>security/</a><br> <br>
Mailing list: <a href="mailto:debian-security-announce@lists.debian.org">debian-security-announce@<wbr>lists.debian.org</a><br>
                
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iQQcBAEBCgAGBQJXqSxLAAoJELjWss<wbr>0C1vRzZAMf/RlCz2hHRmB+<wbr>2Ohkws4NYE1b<br>
Vfmfwk/<wbr>CC4huOIURfkGsxa0ybUOKL3/<wbr>477xpZwBnpngDe3fxMaKpBM8Z2/<wbr>MGbk10<br>
r93KFtW+<wbr>1ULgeN64FJPRsROkcmcQS1q+W+<wbr>PXMmVUIt61FiThzg7RG6klNu5IKTU6<br>
s9RgFGuXiD6gY4SuBw2jq/<wbr>RHI2KxXSW61WmRMyr8GHpRevds+<wbr>Y4EU3xOwce75CNc<br>
XEIes0fU4FuI/<wbr>tZrzI8NEwcvGF1Q2GyV6iMeOINXHcZ<wbr>d0et+IW0f0dWY6V/V46U5<br>
Q34wVmBLFVUHj50zQCA6QulhvJO83e<wbr>xspskXHk3IPPUZdW9ruImhQ3OqWW6v<wbr>hTlT<br>
DJ3Gzv6TwEhsR3c+<wbr>Nw4r1UtOCiD5TlCKiOmqf5CWeG7bYP<wbr>aBGPCVaIxTQF7Qznpt<br>
amRpUyUCry63+/<wbr>jzyqRnVDM3YoR4E4wgvYWkFgnBOrm/<wbr>Yhr68FL7Bbb4iIGFuaXV<br>
KXpEDizxG0HxN/<wbr>P68c1TsGQnO6rOck2LYZDh93c+<wbr>RmS6j+Lx/m/1L8QUSnV9hPsW<br>
mc/Mch09BgDEouU1HyHt/<wbr>XupSoPc3ByuPY8PwqotH6c72r8zgAL<wbr>NR4eUK9K5bWM7<br>
pFBquQT4AKkyqczGzkBxHOkR4fvgtR<wbr>r9jzwNzgAz4SaAKw4/<wbr>ApoybEza3LtERds5<br>
41QjIx40Jq3Q7pmPcjpIQZ+<wbr>Fmpir8e/<wbr>8PptnZfuZVKC6VeO1qwBRrzstuDAO4<wbr>uB3<br>
pU56M3+<wbr>L3yobHWb52XYZY3s1sukILKOvCazbD<wbr>wl0Qcgpwq8a6Gzq1B/N5+rD+9MS<br>
ipLxw6y6c2LL+0l6p/<wbr>q9rl8BesQkF5EHdienW6p6VhkRhnT9<wbr>RbKNtRDiYlD5i4G3<br>
2k1oUkMCF7zfF+ft6bg/+<wbr>E4pN4mYYm9T8RXklV47av8xIoXxz5z<wbr>327kpKX4TZGqq<br>
2f8EpbsvAVk8tO7JT0g/<wbr>fCoR23KV28rDo8CdWIboa6WnaxqC3q<wbr>Eo382MmQsGtx1m<br>
uQE3mDFJp9w1m7Bye3VYDIv+<wbr>HA20mX7rXSxH8DeabRmk1OYZU9cIRW<wbr>ANW0ozsv5p<br>
vJUdnCK5nk7gsE1Lpm3ERpu4UOcQBK<wbr>M0XIKQ6GirmmBZBCDuglCdaKb6ox1v<wbr>dqoF<br>
DjbusiZvfC7sZDYKtLNvJR9fKHrQZf<wbr>2WZlFYfBPmthjLzIEH/<wbr>ZCmzVUEigSeFQUA<br>
i8w4jBkCjxBLDNaUBX56o0B+<wbr>jGAXywF2K5wnqjG7i8OBRC8LypRWyA<wbr>A3s5z81V/G<br>
thoYOQqk3RQO03w+f9OECmCQ+<wbr>BGC4iRdvOvdqn5r5XZsUEpTI+<wbr>cvelRr6S2RWLCx<br>
zpUwPPRbr2ATf/<wbr>XulSuYnQPGHt5haLcYeU+<wbr>rKvSibOg6PJRNwDaGiZT934KoXRA=<br>
=d+e+<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote></div><br></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic