—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3549-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
April 15, 2016 https://www.debian.org/security/faq
– ————————————————————————-

Package : chromium-browser
CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654
CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1651

An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1652

A cross-site scripting issue was discovered in extension bindings.

CVE-2016-1653

Choongwoo Han discovered an out-of-bounds write issue in the v8
javascript library.

CVE-2016-1654

Atte Kettunen discovered an uninitialized memory read condition.

CVE-2016-1655

Rob Wu discovered a use-after-free issue related to extensions.

CVE-2016-1657

Luan Herrera discovered a way to spoof URLs.

CVE-2016-1658

Antonio Sanso discovered an information leak related to extensions.

CVE-2016-1659

The chrome development team found and fixed various issues during
internal auditing.

For the stable distribution (jessie), these problems have been fixed in
version 50.0.2661.75-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 50.0.2661.75-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB
i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8
cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1
0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp
S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo
IMvWMdosn2vKkIKdGDMrN+mo/hqc67htPDHw/pcWzomJT5KnO8I79p1PvqVklO/i
BZdS5GPZgCjcQPTSWIOX0xkk5SnHlY+BiE8ZBaIydVC0K5sum+4JLBxZnXzkNO96
m15tQ4rS1wY9WPYV2/g8kHS3juwvBX1COj+BDqzQs/VKXQllv0Hj0rdQvq70O9uY
eXLu4Eh+k3R9vQ9WfX7dniumvCVtZcqaplkROse5MQ3j/ord1YmTMmsuPvZ3Vg9B
ODUinvCGBD7Hk/zKI2+YIzzHrZOAsMJyE0x696jNCzCJq6Pjg7MND4NH+PX9RIZ9
22NpX/GfplOnp6Kvi+ciijPnLjdo9d04AIoQEsE80efXANk68G9EtpQ6pwF3TDYd
OfaXGymljLio3ca73O0yGOdNzufQYJGd0/DHpHr4ED+RHt1IUtXQkE/N5DufmOxw
j3wKdDk41VJJ1klfix0KAniTFjbUW43kuqahuXnB1EEULgL2gj14YgxKTEjBf9JY
7zW6HmKZ+TfR9uu5XS9CRe/igkaBIFa9CljZ4JKL881NKN4rewXZjG4R715J8Ql4
AY0wfhwTBiiLqQy9P6p8SzItxm3gdgktyCYl0VkLpwaVnCeegV6zdHqb4k1ublks
q6aELszWe+W4OjPxeEW5lVUkFU55vxzUZ9OYe+oem8Bt6bBZpu3Q2SmsZmGnNKvQ
/58GXw76U2/fI12uh4MVREDxkdhI7oxELARYgWFFJ2RA70Z/Ju5j6w1j9Qpfap0q
64+a1Hk10P99yClJAJnjDqAx2ZHskYjKeqKFB7BGk6QkR7C2XSSDlIq73fytDIBp
Ih/9y1sEa8B5vtQK0PYeg22qLMKI7++r1ARKj9i6JhrIE3VqLWiA4DU4k8dE4EOr
ei/f5R7sJCQzs2qn3eOKTHaQizk+B9CCxmHxMbCNkydahnlJRPHPlh0dlBvS9Er7
3lmFfyxg8OdD7RPjcrcotvnzif2LqGhSd0Jit88zkGFEDA37VUbmRitorOgVYY2o
bNtCorDaCPjHHUy3PsAhGqla3pnmrJ+OAIyKdddXTqovrZZdUthGi/DghbU81dg=
=n5pX
—–END PGP SIGNATURE—–