Commit d62664ae authored by Michael Gilbert's avatar Michael Gilbert

release 67.0.3396.87-1~deb9u1

parent 359d98d4
chromium-browser (67.0.3396.87-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2018-6123: Use after free in Blink. Reported by Looben Yang
- CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong
- CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico
- CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang
- CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported
by Natalie Silvanovich
- CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald
E. Crane
- CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane
- CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong
- CVE-2018-6137: Leak of visited status of page in Blink. Reported by
Michael Smith
- CVE-2018-6138: Overly permissive policy in Extensions. Reported by
François Lajeunesse-Robert
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang
- CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo
Han
- CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong
- CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk
- CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato
Kinugawa
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views. Reported by Michail Pishchagin
- CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał
Bentkowski
- CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and
Jundong Xie
* The widevine adaptor package is now empty, it is no longer required to
use the widevine content decryption module.
-- Michael Gilbert <mgilbert@debian.org> Fri, 29 Jun 2018 23:47:08 +0000
chromium-browser (66.0.3359.117-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
......
out/Release/libwidevinecdmadapter.so usr/lib/chromium
......@@ -28,8 +28,7 @@ ifeq (arm64,$(DEB_HOST_ARCH))
defines+=host_cpu=\"arm64\"
endif
ifeq (armhf,$(DEB_HOST_ARCH))
defines+=host_cpu=\"arm\" \
arm_use_neon=false
defines+=host_cpu=\"arm\" arm_use_neon=false symbol_level=0
endif
# disabled features
......@@ -44,6 +43,7 @@ defines+=is_debug=false \
use_system_harfbuzz=false \
rtc_libvpx_build_vp9=false \
treat_warnings_as_errors=false \
remove_webcore_debug_symbols=true \
optimize_webui=false \
enable_nacl=false \
enable_nacl_nonsfi=false \
......@@ -60,7 +60,12 @@ defines+=use_gio=true \
use_pulseaudio=true \
link_pulseaudio=true \
enable_widevine=true \
use_libjpeg_turbo=true \
use_system_libjpeg=true \
use_system_freetype=true \
concurrent_links=1 \
use_jumbo_build=true \
jumbo_file_merge_limit=16 \
proprietary_codecs=true \
ffmpeg_branding=\"Chrome\" \
fieldtrial_testing_like_official_build=true \
......@@ -131,8 +136,6 @@ override_dh_fixperms:
dh_fixperms --exclude chrome-sandbox
override_dh_strip:
# skip dbgsym package for widevine to prevent duplication of the src package
dh_strip -pchromium-widevine --no-automatic-dbgsym
# this line can be removed once stretch is released
dh_strip --remaining-packages --ddeb-migration='chromium-dbg (<< 47.0.2526.80-4~)'
......
......@@ -23,7 +23,7 @@ def strip(path):
else:
os.remove(removal)
keepers = ('openh264','harfbuzz-ng')
keepers = ('openh264','harfbuzz-ng','libjpeg')
for lib,rule in replace_gn_files.REPLACEMENTS.items():
if lib not in keepers:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment