-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3549-1 security@debian.org https://www.debian.org/security/ Michael Gilbert April 15, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write issue in the v8 javascript library. CVE-2016-1654 Atte Kettunen discovered an uninitialized memory read condition. CVE-2016-1655 Rob Wu discovered a use-after-free issue related to extensions. CVE-2016-1657 Luan Herrera discovered a way to spoof URLs. CVE-2016-1658 Antonio Sanso discovered an information leak related to extensions. CVE-2016-1659 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 50.0.2661.75-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 50.0.2661.75-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8 cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1 0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo IMvWMdosn2vKkIKdGDMrN+mo/hqc67htPDHw/pcWzomJT5KnO8I79p1PvqVklO/i BZdS5GPZgCjcQPTSWIOX0xkk5SnHlY+BiE8ZBaIydVC0K5sum+4JLBxZnXzkNO96 m15tQ4rS1wY9WPYV2/g8kHS3juwvBX1COj+BDqzQs/VKXQllv0Hj0rdQvq70O9uY eXLu4Eh+k3R9vQ9WfX7dniumvCVtZcqaplkROse5MQ3j/ord1YmTMmsuPvZ3Vg9B ODUinvCGBD7Hk/zKI2+YIzzHrZOAsMJyE0x696jNCzCJq6Pjg7MND4NH+PX9RIZ9 22NpX/GfplOnp6Kvi+ciijPnLjdo9d04AIoQEsE80efXANk68G9EtpQ6pwF3TDYd OfaXGymljLio3ca73O0yGOdNzufQYJGd0/DHpHr4ED+RHt1IUtXQkE/N5DufmOxw j3wKdDk41VJJ1klfix0KAniTFjbUW43kuqahuXnB1EEULgL2gj14YgxKTEjBf9JY 7zW6HmKZ+TfR9uu5XS9CRe/igkaBIFa9CljZ4JKL881NKN4rewXZjG4R715J8Ql4 AY0wfhwTBiiLqQy9P6p8SzItxm3gdgktyCYl0VkLpwaVnCeegV6zdHqb4k1ublks q6aELszWe+W4OjPxeEW5lVUkFU55vxzUZ9OYe+oem8Bt6bBZpu3Q2SmsZmGnNKvQ /58GXw76U2/fI12uh4MVREDxkdhI7oxELARYgWFFJ2RA70Z/Ju5j6w1j9Qpfap0q 64+a1Hk10P99yClJAJnjDqAx2ZHskYjKeqKFB7BGk6QkR7C2XSSDlIq73fytDIBp Ih/9y1sEa8B5vtQK0PYeg22qLMKI7++r1ARKj9i6JhrIE3VqLWiA4DU4k8dE4EOr ei/f5R7sJCQzs2qn3eOKTHaQizk+B9CCxmHxMbCNkydahnlJRPHPlh0dlBvS9Er7 3lmFfyxg8OdD7RPjcrcotvnzif2LqGhSd0Jit88zkGFEDA37VUbmRitorOgVYY2o bNtCorDaCPjHHUy3PsAhGqla3pnmrJ+OAIyKdddXTqovrZZdUthGi/DghbU81dg= =n5pX -----END PGP SIGNATURE-----