From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3486-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 21, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625
CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

It was discovered that a maliciously crafted extension could bypass
the Same Origin Policy.

CVE-2016-1623

Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

Jann Horn discovered a way to cause the Chrome Instant feature to
navigate to unintended destinations.

CVE-2016-1626

An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
along with a way to escape the chromium sandbox.

For the stable distribution (jessie), these problems have been fixed in
version 48.0.2564.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 48.0.2564.116-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJWyjGQAAoJELjWss0C1vRzCOggAIHfWmQnUTLoAnqKYxsfAnLN xRTduJLr2Fba1JcINXKiiRMcrEsYrWTiN+UdiMYtC0TSU933qKEEFvHnVl6FhZCH 9crXNFGknjpz7ql+OkKG6d4Snw1SuoOEziBtk53AaF7T49g4FwV7vzep16gnK4FS vzZJQDr9qyz1DeUMXC/Z1kJRRystU0waqV8G94Cv4X3xcB1zcTFQleQyyRrM3NcU fJkVi35CX7SNnwWrxAqHG0MZvFmDI07Uro/v+erSVxAF2+Pst0Gx6NkawmsPTNcY qMDnWSpCXLp0r4btFZIsCviH1dhvvf91wolTb9m1AkL7gp0j7KQZbjNqvlmYWNLj mpdcDbYwJq9vvJd8y/Xjri0nEHftemDXkEjqf/0cjfqJqsJakk4sADQZ6HEydJ0c +P5K4Xhz1Xef6+5oIFRJxoYl1kWrYDy3By74aiY++IKj/pkzff0wYNQFLHpj0FZ0 mBnOTYHsvB88afGklSyPdfUxChPQ80t+CXp0QdVGJQnS7EG7tLSC+D4Icootnf06 Gmx4WRTtRm4vN6xufY3/wqDyHJNJTAteqN9/sjXGOjs3WjeSpEy7EMHrvOPU73aH 6WTERHwTCkMRub9M39bOCxHIgkFAU0U27Kc1WwuFHnRsh6b44jfYZJjf0BUhC22F I4Ym+jtmMOt17KrvAlta+qBb6weF89U2Twaxx2MPCO4Z1g1smnTX1FYV3SuK8/+/ 5Sltbp9dXRPbnsPtWNdXkf0tlRbjBVz5L+lQF8GM4H4Y61xfcNY4EeCYWHMbBWk3 m6PR8jFViFdsh6woxASE5CYadSsqhYR+5r9FXsZsgmX2rPuv8QysauiWIXQA8AU5 y6YIZPk/JoL5D87BwUKwzE1SHfNBmr+pLxB21TIIsDOSfvwyk/VQgKWMK36tlc77 eXGFJ8ErCIXAzn9VTd27q5lnmbfwQMt/+i6bR09mIoFtFiJz0X0b9Pcw0AjiSkVm 6PsfqJf9b7O1HOEeqYdzGW5nKuWpC34EVo1iTbtxP8LzwaQMgM6J8SPTRmJianep FaeD3b4z16XehX/p2FGutoWDd/oxgl48TwpET40HKOab4ZNehRGJk7CEUtYH2Z9C 2gHOH1vOQSfrkxPCBcQvkbsjFbtL4ECJ5aktAg4GkXslAIE4ZyxQ9bNFZC5fM/rX /LoK/O26mHsZLJtdd3JMnqPTrNhYe9gOrdOcYnr73D5En9kyP0nNoUhQ6k4J8eOH C7iILgXfYhVjscNJ2L8IFEDnBe9naQM8Bh3pgZ2pWNU1PhjJDGiZbN4IN6LqaI/6 dPYLn5Ib0hQZM7gCn50uUnxFD10PqG7EYdZmuWrkNC2CzAO++UxSC2Du94/id6I=
=5OhE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)