-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2741-1 security@debian.org http://www.debian.org/security/ Michael Gilbert August 25, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 The chrome 29 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-2900 Krystian Bigaj discovered a file handling path sanitization issue. CVE-2013-2901 Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer. CVE-2013-2902 cloudfuzzer discovered a use-after-free issue in XSLT. CVE-2013-2903 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement. CVE-2013-2904 cloudfuzzer discovered a use-after-free issue in XML document parsing. CVE-2013-2905 Christian Jaeger discovered an information leak due to insufficient file permissions. For the stable distribution (wheezy), these problems have been fixed in version 29.0.1547.57-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 29.0.1547.57-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQQcBAEBCgAGBQJSGm5GAAoJELjWss0C1vRzPeQf/RRCxx42uQSyFbV5PPEZgrcw /pD1tgiM3RIPEQhPlzG6tAXEAV8F44bOeT1XUjUAW5+tfDd+nTrv9kKVQbq5Bt21 zBKBSv5ukZ00pesctK1c1Xmeyg1MkujhC7IOId9yGV1CVXUox0Me8J+FOCBWLtUg KccHpeh/DkK2/S23Avjc4WysjlPyMWB3aulxZ1BhY2MqOgL1IstlpoDIZB5KO7s3 AiTRdwSH0YXMmjLkvyx8Kdy+rGr2bixameEJp0CO68XWRXd5TF9E/JBgyNi7yW9V XiPmnjsO39ZXVRAZ5zOkLjC9ZCh9zcYoPEFOl4ZazF+XA8bs0eZtwgLCIFAJbA66 8lT4dGYuXEWPIClNS9UJOO+OoNemYfHFHfJ6zjolijNopsotaFSLLf09JB6aEdBh D0ag8WZCgQr945wfr4FfrfZ5YJ9m1duUZvhnkJRoQHfPL0EaDEfMkfOTSmIGg/ku XcWRTgVu/uvqnyz2132j1NHNuScWFVV7YDB2UY/UtfjX0f+3h2xC2DFmOnIuOIBh 4C95GlCXDcAWaxVxByzJMKQaYGuPdc+nbnA2IpAUc+Ge7dXu/MVx8QQgQHqwmNd+ 8bfCuwSZz7VrMRflJ1of4fxZB71RGbxvWSYFf64KmHCYY6bwLKCWJ3s4WSBQTpdt 1q6IqhNvKqAqdHam1w4BmJ6yyAPJ+U/JKZZLzat1d/AE4D6p01lS9GfY4ewNyQhf fQYuNwwzWZScYgtXmOD29QfAagzL3JhxGoc3eKbnwfp7z5DbaUxnj8NSxyRCO1qg oTyOmialp+7u8rF9es6TaG8ddEklN3hZ5is92qWcydXhBrLakbGMDHu0uVZai1pe sM3BiogPOwks3gIyLyH5q4+tsEU9hxSZgymLYnlz4lkyFs8Dpd/ZhYX52btcVneG xIx9GnmwpYKQAV6g0mwHaL+0IXj5RfrKCMpmqHCzDWGxZ7lFilmRKIJmyrI02LN0 eQ6HUreYyphev8yZa69OSJwUnWy88WSxX2PH/oKy+tP9XoYLwQoJjCikI21CrJj8 ydaV6wjVA474HAwTQSF9zbllLdDwfswGSJ29Qzx80Pgf7MUZuDCYVWvqMNtJ44cp 2Hyxc3d8KjPERRda62VQnVPMwhs1kEnEwWSCK8SDpI21bY0756m6GKUVLw0dBf54 mmhwPoU/cVRyHeataY1gkkDl5gAB4VE14GxipNv/ge0AJGIF2YsC6ZP2SaVMkB2x /gBEBer1gggyTwNKb2gkalyXjXVHns1CFQKSlcEm93W3ychtVVykObRt3+cmZCUU xOZMWWsUnwzbessCPz3B44sK+4MM9GDqAfQsvBoaU5AnYiLDBKh5KtStENoH5/0= =ABUv -----END PGP SIGNATURE-----