This is a request to sync a new source package from Debian, independently of the chromium-browser source, which only exists in Ubuntu and not in Debian. I don't think the chromium-browser source works here, it has to remain as it is after 20.04 LTS for the transition to the chromium snap to fully happen.
** Package changed: chromium-browser (Ubuntu) => ubuntu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1855594 Title: Sync chromium 78.0.3904.108-1 (universe) from Debian unstable (main) Status in Ubuntu: New Bug description: Please sync chromium 78.0.3904.108-1 (universe) from Debian unstable (main) Now that the other chromium-browser source package in Ubuntu is just a transitional dummy package to the chromium snap, I guess we can now sync the Debian chromium package. This gives the community a chance to maintain a deb chromium package in Ubuntu independent from the snap one. All changelog entries: chromium (78.0.3904.108-1) unstable; urgency=medium * New upstream security release. - CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li - CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li * Disable vaapi on armhf (closes: #944627). -- Michael Gilbert <[email protected]> Wed, 20 Nov 2019 23:46:06 +0000 chromium (78.0.3904.97-1) unstable; urgency=medium * New upstream security release. * Enable vaapi (closes: #940074). * Fix crash during profile manager shutdown. * Drop libglewmx-dev build dependency (closes: #941050). -- Michael Gilbert <[email protected]> Sat, 09 Nov 2019 03:33:52 +0000 chromium (78.0.3904.87-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin - CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee - CVE-2019-5875: URL bar spoof. Reported by Khalil Zhani - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo Kim - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu - CVE-2019-13662: CSP bypass. Reported by David Erceg - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell - CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu - CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani - CVE-2019-13668: Global window leak via console. Reported by David Erceg - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr - CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu - CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing - CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo Tiszka - CVE-2019-13691: Omnibox spoof. Reported by David Erceg - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg - CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois and Edward Torkington - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen - CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod - CVE-2019-13711: Cross-context information leak. Reported by David Erceg - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu - CVE-2019-13715: Address bar spoofing. Reported by xisigr - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman - CVE-2019-13717: Notification obscured. Reported by xisigr - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin * Drop support for building with gcc 6 and gtk 2. -- Michael Gilbert <[email protected]> Sat, 02 Nov 2019 22:30:42 +0000 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1855594/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
