Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4606-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertJanuary 20, 2020 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380Several vulnerabilities have been discovered in the chromium web browser.CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation.CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue.CVE-2019-13727 @piochu discovered a policy enforcement error.CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library.CVE-2019-13729 Zhe Jin discovered a use-after-free issue.CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library.CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation.CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library.CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library.CVE-2019-13736 An integer overflow issue was discovered in the pdfium library.CVE-2019-13737 Mark Amery discovered a policy enforcement error.CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error.CVE-2019-13739 xisigr discovered a user interface error.CVE-2019-13740 Khalil Zhani discovered a user interface error.CVE-2019-13741 Michał Bentkowski discovered that user input could be incompletely validated.CVE-2019-13742 Khalil Zhani discovered a user interface error.CVE-2019-13743 Zhiyang Zeng discovered a user interface error.CVE-2019-13744 Prakash discovered a policy enforcement error.CVE-2019-13745 Luan Herrera discovered a policy enforcement error.CVE-2019-13746 David Erceg discovered a policy enforcement error.CVE-2019-13747 Ivan Popelyshev and André Bonatti discovered an uninitialized value.CVE-2019-13748 David Erceg discovered a policy enforcement error.CVE-2019-13749 Khalil Zhani discovered a user interface error.CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library.CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library.CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library.CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library.CVE-2019-13754 Cody Crews discovered a policy enforcement error.CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error.CVE-2019-13756 Khalil Zhani discovered a user interface error.CVE-2019-13757 Khalil Zhani discovered a user interface error.CVE-2019-13758 Khalil Zhani discovered a policy enforecement error.CVE-2019-13759 Wenxu Wu discovered a user interface error.CVE-2019-13761 Khalil Zhani discovered a user interface error.CVE-2019-13762 csanuragjain discovered a policy enforecement error.CVE-2019-13763 weiwangpp93 discovered a policy enforecement error.CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library.CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue.CVE-2020-6377 Zhe Jin discovered a use-after-free issue.CVE-2020-6378 Antti Levomäki and Christian Jalio discovered a use-after-free issue.CVE-2020-6379 Guang Gong discovered a use-after-free issue.CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages.For the oldstable distribution (stretch), security support for chromium hasbeen discontinued.For the stable distribution (buster), these problems have been fixed inversion 79.0.3945.130-1~deb10u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4llMsACgkQmD40ZYkUayg88R/5AeaSNr9uALF6AJWnrBebYbLQWcXp+Fnyjn5FTWfESBNXfbN45hOi4zv7dmGyowgxvo97Ai++3bu5mqQ/9xaHC2LmUNzxLsrnQqAUV9r4ZZcsCVU6nMJzM19Q+vDOYSvYEQ6geN0Es0ylB8dTPPIh+TP9UDgdjNw+BRN9vvdKKmNIT4NsgTFQVbVJ+fEPptfHMGpg0LUEIUQtUkQcvab+mEBWeRoKdDGNm4gpt1et0APv2tVZMP84cc5MJNn1Tq0oqdurf9xeMDgg7gx3MI5LIo7ua98BY8t3Y2a5dgLk8xv0PcmSGRqOprlGVreRNDM7MnJyrcQmDnObyfg2/fJ37VDUA45ROaevOAGjO+2cADrPuS5KfstVV/bciwpQ4zIomH4qvDtOJL6CGeao7F9WTlr2ChQ/ftQTKwAkfi35+BNeQVEisd0iDeRT6bP6OP4kuzPmffNyZvfaGwwGqTd364fEAyHljRNPUxX4x3LPnwLyELizAjuUHKBrZdrQcBUU4mN229Dp/jotFBVpWuZbxdXlbIdmPOhYkjBQKUUL+7uWvUGrYICU6TJenQGUEdDzycuiciE1HeLaZywf6TFXU8LMwePO//m+TiqaLg9S6vHaP8PJz4M61Vikrlv59kaH5H0HA5S0gnFM6GEPdSWwLkpgSqcpPwHvDHW2WUEKBwQzuwj2LoLv20VDneUCizOVpltBOiUTulkV1kTK4mgNcfhOqRE9ReXjTE9hdQ5ITKkYj8+O4k2URB8uhdsEWy4m8q1/uy1w6Y9iAW8NaYmIK7U+pFX7D/d1j+R3Wsv5whZQQQ4iGX57UUgk7lwHTbCwFEp1g5I6UEqD8xtJeqr7m3lYk66R7Cdez1qV1JAMgK13c8nTu9w9IiAaShjQ4PRAu5dlNeWecsobZs6h3e3Js0g0bCg0QwfbMgK1qE/OrZZ6J4A6ilLPzlcXpoNP4hAnAzN22Q/18/T9Bm6t9IVcR1qmt8F/D3iEW0xXb2Pr9VA9kwKmUvxr1E9t2J65Yh1gz/okYaHONMDAK5bOkqohsV+p1geJkyywqTP8aTK+hzdZ4jRnOGQDddAOIAhADjGLDPuGeOnBX/otTmcNA883OOh/U9j/LA51m/3IchzfrtuAb8Y7EsYauAaw+ZdGaFuL0d5AgtS0CHkvHdtzAJcde7oyHAkiRH6O0Bnr+vvDkedneV0ubuz0p06QE1ShBBvgRjQ3ZsRJhY57goxWTLHwpgAVz1QJNfU3GiDuPQnXsWwBRpLxhLhEIHl0eCrqE23BYBCibajwf+mS7SES1Oa/zuQz3WSmnpAvwJh7Y1j2jDoHdd+sDCdN+GLsGotIlVoZiFMd/ykx1yM/EE0ukZw/fg===a1dW-----END PGP SIGNATURE-----