1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4606-1] chromium security update (1/2)

    From Michael Gilbert@1:229/2 to All on Mon Jan 20 13:00:02 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium
    CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728
    CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
    CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738
    CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742
    CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746
    CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-1375
    0
    CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754
    CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758
    CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763
    CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378
    CVE-2020-6379 CVE-2020-6380

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2019-13725

    Gengming Liu and Jianyu Chen discovered a use-after-free issue in the
    bluetooth implementation.

    CVE-2019-13726

    Sergei Lazunov discovered a buffer overflow issue.

    CVE-2019-13727

    @piochu discovered a policy enforcement error.

    CVE-2019-13728

    Rong Jian and Guang Gong discovered an out-of-bounds write error in the
    v8 javascript library.

    CVE-2019-13729

    Zhe Jin discovered a use-after-free issue.

    CVE-2019-13730

    Soyeon Park and Wen Xu discovered the use of a wrong type in the v8
    javascript library.

    CVE-2019-13732

    Sergei Glazunov discovered a use-after-free issue in the WebAudio
    implementation.

    CVE-2019-13734

    Wenxiang Qian discovered an out-of-bounds write issue in the sqlite
    library.

    CVE-2019-13735

    Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the
    v8 javascript library.

    CVE-2019-13736

    An integer overflow issue was discovered in the pdfium library.

    CVE-2019-13737

    Mark Amery discovered a policy enforcement error.

    CVE-2019-13738

    Johnathan Norman and Daniel Clark discovered a policy enforcement error.

    CVE-2019-13739

    xisigr discovered a user interface error.

    CVE-2019-13740

    Khalil Zhani discovered a user interface error.

    CVE-2019-13741

    Michał Bentkowski discovered that user input could be incompletely
    validated.

    CVE-2019-13742

    Khalil Zhani discovered a user interface error.

    CVE-2019-13743

    Zhiyang Zeng discovered a user interface error.

    CVE-2019-13744

    Prakash discovered a policy enforcement error.

    CVE-2019-13745

    Luan Herrera discovered a policy enforcement error.

    CVE-2019-13746

    David Erceg discovered a policy enforcement error.

    CVE-2019-13747

    Ivan Popelyshev and André Bonatti discovered an uninitialized value.

    CVE-2019-13748

    David Erceg discovered a policy enforcement error.

    CVE-2019-13749

    Khalil Zhani discovered a user interface error.

    CVE-2019-13750

    Wenxiang Qian discovered insufficient validation of data in the sqlite
    library.

    CVE-2019-13751

    Wenxiang Qian discovered an uninitialized value in the sqlite library.

    CVE-2019-13752

    Wenxiang Qian discovered an out-of-bounds read issue in the sqlite
    library.

    CVE-2019-13753

    Wenxiang Qian discovered an out-of-bounds read issue in the sqlite
    library.

    CVE-2019-13754

    Cody Crews discovered a policy enforcement error.

    CVE-2019-13755

    Masato Kinugawa discovered a policy enforcement error.

    CVE-2019-13756

    Khalil Zhani discovered a user interface error.

    CVE-2019-13757

    Khalil Zhani discovered a user interface error.

    CVE-2019-13758

    Khalil Zhani discovered a policy enforecement error.

    CVE-2019-13759

    Wenxu Wu discovered a user interface error.

    CVE-2019-13761

    Khalil Zhani discovered a user interface error.

    CVE-2019-13762

    csanuragjain discovered a policy enforecement error.

    CVE-2019-13763

    weiwangpp93 discovered a policy enforecement error.

    CVE-2019-13764

    Soyeon Park and Wen Xu discovered the use of a wrong type in the v8
    javascript library.

    CVE-2019-13767

    Sergei Glazunov discovered a use-after-free issue.

    CVE-2020-6377

    Zhe Jin discovered a use-after-free issue.

    CVE-2020-6378

    Antti Levomäki and Christian Jalio discovered a use-after-free issue.


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)