From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3456-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 27, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614
CVE-2016-1615 CVE-2016-1616 CVE-2016-1617 CVE-2016-1618
CVE-2016-1619 CVE-2016-1620

Several vulnerabilities were discovered in the chromium web browser.

CVE-2015-6792

An issue was found in the handling of MIDI files.

CVE-2016-1612

cloudfuzzer discovered a logic error related to receiver
compatibility in the v8 javascript library.

CVE-2016-1613

A use-after-free issue was discovered in the pdfium library.

CVE-2016-1614

Christoph Diehl discovered an information leak in Webkit/Blink.

CVE-2016-1615

Ron Masas discovered a way to spoof URLs.

CVE-2016-1616

Luan Herrera discovered a way to spoof URLs.

CVE-2016-1617

jenuis discovered a way to discover whether an HSTS web site had
been visited.

CVE-2016-1618

Aaron Toponce discovered the use of weak random number generator.

CVE-2016-1619

Keve Nagy discovered an out-of-bounds-read issue in the pdfium library.

CVE-2016-1620

The chrome 48 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the v8 javascript library, version 4.7.271.17.

For the stable distribution (jessie), these problems have been fixed in
version 48.0.2564.82-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 48.0.2564.82-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJWqL5AAAoJELjWss0C1vRzIIAf/AhRDnBaJlyd3Y8akhFRBH5n FBm4XT+vo4gSPIH/zMHeZFerLjNTSyl9sf9zr1Nk6U8D+U3QM0gLPb+Xvbgbx6Ub yEEGUu69VNh9Z5hpr6as7ISeDSbJZp4r4b9Ef08zNx5H6R5YNm6rhp1duC7SeKx3 6D3Zs3uxPeRLEHYX6NUOI5BhriJzu0SPY8h1Nk5V0lKJwgVEY1gpwshAjb7D2hPX MoKshsgn/TRbMotcxPsp7JckMJtJogelHnPH67jhD9UNGPdbAyAXvuHaEYS7Y1tC WFB8oNGilDEYHBuyuZMNMM4p8kIqGBgQjaYomD1GjdjkYJNqGeXO1j3BP+Fg+OSH q9J4xOTaHbc5F/7xZB74BbvF9JTSx4/eH0tAXzSCTKdqwxtOjpZXiuUnNehwGS2C 6qRwAQ5Ih/hlIgKZzfJXJ4ZUnM1OvQ9igPUeQKEoK76HycrVUSnqAopIjRrOxvPx nox3emuR10eXszV63aW20mIPwsqA3wfdxmPTIHJdq3Po/5SLfQus09IX//3IhjXq SHQgTu3xkz1u8nOKTHx2c2FvdfIoQNq8HP16CvVj02XqPvqeFg+ULifKBLB+5HZr 8CisZk9uTQhl8toysS2RGcxXRmV56JnoClh5IMTiQOx9Ox5b7BKNjWEzMlxvP9IE 9l2wRD5kR8YGghrRItspm794Y+mbp/PAImjwBjWVW58q54Nx5WqfvOkr5glJiBvk Dq3p6Si+RLdMYJx8RBLIgcWLp5yz/8WMmDeurlP4QY6VkLctVR6CWXHqTs/AQnJM +py+Yxfk09pJhUUd4OwRHTW7gxM3DYzhmdPBoHkV1oV1XVGtoX0C5I+9dYz323e/ EKvMBZ82n7Ithtyn8bcPD7KlS3HO96gJsDvmFuCvZTl0ycy4fbZCllRnwMT8PR6y JhvuQfyrLLUWJLEZo0k28t3QUY0L6qYQMastzOXl6nd898XLHBO5vvozR3aaFxbN TKnda7mz6zDrpcxOnkibBczMkVnICbKBCoR+mADogvqddknBbW4qSqmrkw9BJWNb slxCvTQV+0UknDh17RW2IC3X/4MFJem2+7UzKdL0H8i7kG7Sgjt2J2jji0ag6mtm 6Lue6gObeGvw5QyeOgRLxOOM2ALH2LP93OhOxs+cTrh1b/rssGif/PqNHsmq7ljy 0fbXbLxbsOy/41V55NMh4JeJfS5y6GETFZH8LeR/nu+VZJtrdZevzdM/l5LWCqzD vnN21bAkB/19Hl7KiSOPVrE6lV5u/I64mSPl0Ai0OwaAXNPKdXU7DMJfgf9lx94i m/4bpATokopLJ+NoTq6YIx0u5B7Ds/y7OEaKcABOf8pRies0l2sUTy3o3N8fjXo=
=9hnu
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)