Debian Linux Security Advisory 3549-1 - Several vulnerabilities have been discovered in the chromium web browser.
78be013d33903d3148ba3f1b8de4567e0e7e3695de26eaeb437da123767a9de4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3549-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
April 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654
CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2016-1651
An out-of-bounds read issue was discovered in the pdfium library.
CVE-2016-1652
A cross-site scripting issue was discovered in extension bindings.
CVE-2016-1653
Choongwoo Han discovered an out-of-bounds write issue in the v8
javascript library.
CVE-2016-1654
Atte Kettunen discovered an uninitialized memory read condition.
CVE-2016-1655
Rob Wu discovered a use-after-free issue related to extensions.
CVE-2016-1657
Luan Herrera discovered a way to spoof URLs.
CVE-2016-1658
Antonio Sanso discovered an information leak related to extensions.
CVE-2016-1659
The chrome development team found and fixed various issues during
internal auditing.
For the stable distribution (jessie), these problems have been fixed in
version 50.0.2661.75-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 50.0.2661.75-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB
i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8
cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1
0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp
S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo
IMvWMdosn2vKkIKdGDMrN+mo/hqc67htPDHw/pcWzomJT5KnO8I79p1PvqVklO/i
BZdS5GPZgCjcQPTSWIOX0xkk5SnHlY+BiE8ZBaIydVC0K5sum+4JLBxZnXzkNO96
m15tQ4rS1wY9WPYV2/g8kHS3juwvBX1COj+BDqzQs/VKXQllv0Hj0rdQvq70O9uY
eXLu4Eh+k3R9vQ9WfX7dniumvCVtZcqaplkROse5MQ3j/ord1YmTMmsuPvZ3Vg9B
ODUinvCGBD7Hk/zKI2+YIzzHrZOAsMJyE0x696jNCzCJq6Pjg7MND4NH+PX9RIZ9
22NpX/GfplOnp6Kvi+ciijPnLjdo9d04AIoQEsE80efXANk68G9EtpQ6pwF3TDYd
OfaXGymljLio3ca73O0yGOdNzufQYJGd0/DHpHr4ED+RHt1IUtXQkE/N5DufmOxw
j3wKdDk41VJJ1klfix0KAniTFjbUW43kuqahuXnB1EEULgL2gj14YgxKTEjBf9JY
7zW6HmKZ+TfR9uu5XS9CRe/igkaBIFa9CljZ4JKL881NKN4rewXZjG4R715J8Ql4
AY0wfhwTBiiLqQy9P6p8SzItxm3gdgktyCYl0VkLpwaVnCeegV6zdHqb4k1ublks
q6aELszWe+W4OjPxeEW5lVUkFU55vxzUZ9OYe+oem8Bt6bBZpu3Q2SmsZmGnNKvQ
/58GXw76U2/fI12uh4MVREDxkdhI7oxELARYgWFFJ2RA70Z/Ju5j6w1j9Qpfap0q
64+a1Hk10P99yClJAJnjDqAx2ZHskYjKeqKFB7BGk6QkR7C2XSSDlIq73fytDIBp
Ih/9y1sEa8B5vtQK0PYeg22qLMKI7++r1ARKj9i6JhrIE3VqLWiA4DU4k8dE4EOr
ei/f5R7sJCQzs2qn3eOKTHaQizk+B9CCxmHxMbCNkydahnlJRPHPlh0dlBvS9Er7
3lmFfyxg8OdD7RPjcrcotvnzif2LqGhSd0Jit88zkGFEDA37VUbmRitorOgVYY2o
bNtCorDaCPjHHUy3PsAhGqla3pnmrJ+OAIyKdddXTqovrZZdUthGi/DghbU81dg=
=n5pX
-----END PGP SIGNATURE-----