-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3351-1 security@debian.org https://www.debian.org/security/ Michael Gilbert September 03, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-2015-1295 A use-after-free issue was discovered in the printing component. CVE-2015-1296 zcorpan discovered a character spoofing issue. CVE-2015-1297 Alexander Kashev discovered a permission scoping error. CVE-2015-1298 Rob Wu discovered an error validating the URL of extensions. CVE-2015-1299 taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library. CVE-2015-1300 cgvwzq discovered an information disclosure issue in the Blink/WebKit library. CVE-2015-1301 The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29. For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~deb8u1. For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes. For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJV6MUMAAoJELjWss0C1vRzV80gALAwbzKMcieds/gjOr0M0+jW dexDtkPuVNQ5x58TQt3h8rqd/St/aDtApjuJqovOcGRyFRA4whhiEtoLtccjsb8C 2xBQycbddkq1DVXvjYxSbWBsE+Cv1HM6BSKfKU+y3wrPJJT/GLithJPa1TXW3U0B aRdkwvESSooHl4TXfL6hf38pv3IDwBtOOTMa51w9PPi5gG5Xfw3AftN0LKr6GZID yTTYw18rweMThPbESFt3IDXPJcKH9lap02qtrqB1cdf1lEsHrKFizTuUdtD6p+yC uY7knmzNN8uXRZ3wWn7LXcJCgdoiifSYAKiT0c6gmmnWBjLHuXeNPXgTfO8l4nlg Y6Fb0hjIBhqrO3y09ME1jsZLn4VxtNklm8Ioq1sF2RXWLJW7KM5bZSoID72gy2LW W8fJrslMRWd86MY34aVlkifT4pta07vpCripNjYjKPUgzbIrvRZ1y7PT34oiBdtz pvSNrbng7Y3cAisKhiNA+mHurH+bLxw8GOyUdL9ZpRaiGF9hcJR8Nntps3oHuF6g RDAMxKEeP3Z0vNP8iqlSiudLW85P3/aRCj+qQaQXfy91cOwuU22YsnZ9/GxmRRli KxwpT0JqKAW7fnUny81+lFSUN2zGpBxWquZMl9PDRCYvlSAV8OTuPly7p14gXjrh c1bn7aXlbS4AHZfCLllNHynt4qLAddCGObKqbhR5CafzHmQMVilv5rNBR7sDn7Ql C9EqTquZ1niYPp9NfNmveuRknemIZPWZPWuP1D798vDKZcYkQ7kFeZJUFFPF27mc MiV4wdXJUSYyHDc7ZhzwUXjm7EKvU2wUR9M3/K1gd83Nq/h7+bv3TP0pnLiYSGOv LAo3i4r9qEU3ETzTg0inAJQtob4XmsN0zYlrLSHRuPuaMLXQdzn7RWWQXBo0nA6s r11ppkqZjnryniY9KEsLLwZzTfpepwbRPyMpzR+KvdzEuvYdHVFn52Rid/UOfLA/ iXYehrZgXeTcDyHhVTuzIA5PxorQazFOHpHjlICpFv1qMXizutu4P8935kENC5N+ QZH5ArnQrTyAJ2JcIdx4NNEbR6c8fx7jENiJA+1PulxoO0ctJfXtUpTBXWFezbcS KDPZdswAYhnzIHjF6HIdSkAaI/tSFQPuZwd6rdFzA2um0gJUr3Gq+63h0dwQUdMu PGyRvdpS3Q/hag0O2vOLOcJPzEgF8ykjDMGLvwhh/xO0uax/beJAP+gV4WcBwGzu BaYiyc2PaXkzFEDebGnr3lAi5hLD37e2PXQRsJar9VHrV2Xxne16hJZTJJ479sBL DMuebEqvgS4wu/PnnpCbcIrKXT1UgkSL36WGm0axv9yh4Yc+O/hS5tEmTIe5eK4= =mOrm -----END PGP SIGNATURE-----