[IT-SecNots] [SECURITY] [DSA 3645-1] chromium-browser security update

[Michael Gilbert <mgilbert AT debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3645-1                   security AT debian.org
https://www.debian.org/security/                          Michael Gilbert
August 09, 2016                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142
                 CVE-2016-5143 CVE-2016-5144

Several vulnerabilites have been discovered in the chromium web browser.

CVE-2016-5139

    GiWan Go discovered a use-after-free issue in the pdfium library.

CVE-2016-5140

    Ke Liu discovered a use-after-free issue in the pdfium library.

CVE-2016-5141

    Sergey Glazunov discovered a URL spoofing issue.

CVE-2016-5142

    Sergey Glazunov discovered a use-after-free issue.

CVE-2016-5143

    Gregory Panakkal discovered an issue in the developer tools.

CVE-2016-5144

    Gregory Panakkal discovered another issue in the developer tools.

CVE-2016-5146

    The chrome development team found and fixed various issues during
    internal auditing.

For the stable distribution (jessie), these problems have been fixed in
version 52.0.2743.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 52.0.2743.116-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJXqSxLAAoJELjWss0C1vRzZAMf/RlCz2hHRmB+2Ohkws4NYE1b
Vfmfwk/CC4huOIURfkGsxa0ybUOKL3/477xpZwBnpngDe3fxMaKpBM8Z2/MGbk10
r93KFtW+1ULgeN64FJPRsROkcmcQS1q+W+PXMmVUIt61FiThzg7RG6klNu5IKTU6
s9RgFGuXiD6gY4SuBw2jq/RHI2KxXSW61WmRMyr8GHpRevds+Y4EU3xOwce75CNc
XEIes0fU4FuI/tZrzI8NEwcvGF1Q2GyV6iMeOINXHcZd0et+IW0f0dWY6V/V46U5
Q34wVmBLFVUHj50zQCA6QulhvJO83exspskXHk3IPPUZdW9ruImhQ3OqWW6vhTlT
DJ3Gzv6TwEhsR3c+Nw4r1UtOCiD5TlCKiOmqf5CWeG7bYPaBGPCVaIxTQF7Qznpt
amRpUyUCry63+/jzyqRnVDM3YoR4E4wgvYWkFgnBOrm/Yhr68FL7Bbb4iIGFuaXV
KXpEDizxG0HxN/P68c1TsGQnO6rOck2LYZDh93c+RmS6j+Lx/m/1L8QUSnV9hPsW
mc/Mch09BgDEouU1HyHt/XupSoPc3ByuPY8PwqotH6c72r8zgALNR4eUK9K5bWM7
pFBquQT4AKkyqczGzkBxHOkR4fvgtRr9jzwNzgAz4SaAKw4/ApoybEza3LtERds5
41QjIx40Jq3Q7pmPcjpIQZ+Fmpir8e/8PptnZfuZVKC6VeO1qwBRrzstuDAO4uB3
pU56M3+L3yobHWb52XYZY3s1sukILKOvCazbDwl0Qcgpwq8a6Gzq1B/N5+rD+9MS
ipLxw6y6c2LL+0l6p/q9rl8BesQkF5EHdienW6p6VhkRhnT9RbKNtRDiYlD5i4G3
2k1oUkMCF7zfF+ft6bg/+E4pN4mYYm9T8RXklV47av8xIoXxz5z327kpKX4TZGqq
2f8EpbsvAVk8tO7JT0g/fCoR23KV28rDo8CdWIboa6WnaxqC3qEo382MmQsGtx1m
uQE3mDFJp9w1m7Bye3VYDIv+HA20mX7rXSxH8DeabRmk1OYZU9cIRWANW0ozsv5p
vJUdnCK5nk7gsE1Lpm3ERpu4UOcQBKM0XIKQ6GirmmBZBCDuglCdaKb6ox1vdqoF
DjbusiZvfC7sZDYKtLNvJR9fKHrQZf2WZlFYfBPmthjLzIEH/ZCmzVUEigSeFQUA
i8w4jBkCjxBLDNaUBX56o0B+jGAXywF2K5wnqjG7i8OBRC8LypRWyAA3s5z81V/G
thoYOQqk3RQO03w+f9OECmCQ+BGC4iRdvOvdqn5r5XZsUEpTI+cvelRr6S2RWLCx
zpUwPPRbr2ATf/XulSuYnQPGHt5haLcYeU+rKvSibOg6PJRNwDaGiZT934KoXRA=
=d+e+
-----END PGP SIGNATURE-----