Commit d555f150 authored by Michael Gilbert's avatar Michael Gilbert

release 69.0.3497.81-1~deb9u1

parent 34d8c7b3
chromium-browser (69.0.3497.81-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka
- CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer
- CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin
- CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand
- CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand
- CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun
Kokatsu
- CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun
Kokatsu
- CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila
- CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar
Nikolic
- CVE-2018-16077: Content security policy bypass in Blink. Reported by
Manuel Caballero
- CVE-2018-16078: Credit card information leak in Autofill. Reported by
Cailan Sacks
- CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus
Vervier and Michele Orrù
- CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani
- CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn
- CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair
- CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-16084: User confirmation bypass in external protocol handling.
Reported by Jun Kokatsu
- CVE-2018-16085: Use after free in Memory Instrumentation. Reported by
Roman Kuksin
* Replace files from chromium-common on upgrade (closes: #904798).
* Fix build failure on arm64 caused by binutils in stretch (closes: #904796).
-- Michael Gilbert <mgilbert@debian.org> Sun, 12 Aug 2018 01:10:32 +0000
chromium-browser (68.0.3440.75-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
......
......@@ -24,3 +24,6 @@ third_party/freetype/BUILD.gn
third_party/fontconfig/BUILD.gn
build/config/freetype/freetype.gni
third_party/yasm/run_yasm.py
tools/gn/base/numerics/safe_math_arm_impl.h
tools/gn/base/numerics/safe_conversions_arm_impl.h
......@@ -110,6 +110,10 @@ Conflicts:
libnettle4,
libsecret-1-0 (<< 0.18),
libgl1-mesa-swx11,
Breaks:
chromium-common (<< ${binary:Version}),
Replaces:
chromium-common (<< ${binary:Version}),
Description: web browser
Web browser that aims to build a safer, faster, and more stable internet
browsing experience.
......
......@@ -6,6 +6,10 @@ export DH_VERBOSE=1
# enable all build hardening flags
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
# needed to avoid build system choosing clang as the compiler
export CC=gcc
export CXX=g++
# build with gcc instead of clang
defines=is_clang=false clang_use_chrome_plugins=false
......@@ -46,6 +50,7 @@ defines+=is_debug=false \
treat_warnings_as_errors=false \
remove_webcore_debug_symbols=true \
optimize_webui=false \
enable_swiftshader=false \
enable_nacl=false \
enable_nacl_nonsfi=false \
enable_google_now=false \
......@@ -99,6 +104,7 @@ override_dh_auto_configure:
mkdir -p base/third_party/libevent
./debian/scripts/unbundle
# build gn
cp base/numerics/safe_conversions_arm_impl.h base/numerics/safe_math_arm_impl.h tools/gn/base/numerics
./tools/gn/bootstrap/bootstrap.py -s $(njobs)
# configure
./out/Release/gn gen out/Release --args="$(defines)"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment