-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4638-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
March 10, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926
                 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384
                 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388
                 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392
                 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
                 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400
                 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404
                 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408
                 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
                 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416
                 CVE-2020-6418 CVE-2020-6420

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-19880

    Richard Lorenz discovered an issue in the sqlite library.

CVE-2019-19923

    Richard Lorenz discovered an out-of-bounds read issue in the sqlite
    library.

CVE-2019-19925

    Richard Lorenz discovered an issue in the sqlite library.

CVE-2019-19926

    Richard Lorenz discovered an implementation error in the sqlite library.

CVE-2020-6381

    UK's National Cyber Security Centre discovered an integer overflow
 issue
    in the v8 javascript library.

CVE-2020-6382

    Soyeon Park and Wen Xu discovered a type error in the v8 javascript
    library.

CVE-2020-6383

    Sergei Glazunov discovered a type error in the v8 javascript library.

CVE-2020-6384

    David Manoucheri discovered a use-after-free issue in WebAudio.

CVE-2020-6385

    Sergei Glazunov discovered a policy enforcement error.

CVE-2020-6386

    Zhe Jin discovered a use-after-free issue in speech processing.

CVE-2020-6387

    Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
    implementation.

CVE-2020-6388

    Sergei Glazunov discovered an out-of-bounds read error in the WebRTC
    implementation.

CVE-2020-6389

    Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC
    implementation.

CVE-2020-6390

    Sergei Glazunov discovered an out-of-bounds read error.

CVE-2020-6391

    Michał Bentkowski discoverd that untrusted input was insufficiently
    validated.

CVE-2020-6392

    The Microsoft Edge Team discovered a policy enforcement error.

CVE-2020-6393

    Mark Amery discovered a policy enforcement error.

CVE-2020-6394

    Phil Freo discovered a policy enforcement error.

CVE-2020-6395

    Pierre Langlois discovered an out-of-bounds read error in the v8
    javascript library.

CVE-2020-6396

    William Luc Ritchie discovered an error in the skia library.

CVE-2020-6397

    Khalil Zhani discovered a user interface error.

CVE-2020-6398

    pdknsk discovered an uninitialized variable in the pdfium library.

CVE-2020-6399

    Luan Herrera discovered a policy enforcement error.

CVE-2020-6400

    Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing.

CVE-2020-6401

    Tzachy Horesh discovered that user input was insufficiently validated.

CVE-2020-6402

    Vladimir Metnew discovered a policy enforcement error.

CVE-2020-6403

    Khalil Zhani discovered a user interface error.

CVE-2020-6404

    kanchi discovered an error in Blink/Webkit.

CVE-2020-6405

    Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the
    sqlite library.

CVE-2020-6406

    Sergei Glazunov discovered a use-after-free issue.

CVE-2020-6407

    Sergei Glazunov discovered an out-of-bounds read error.

CVE-2020-6408

    Zhong Zhaochen discovered a policy enforcement error in Cross-Origin
    Resource Sharing.

CVE-2020-6409

    Divagar S and Bharathi V discovered an error in the omnibox
    implementation.

CVE-2020-6410

    evil1m0 discovered a policy enforcement error.

CVE-2020-6411

    Khalil Zhani discovered that user input was insufficiently validated.

CVE-2020-6412

    Zihan Zheng discovered that user input was insufficiently validated.

CVE-2020-6413

    Michał Bentkowski discovered an error in Blink/Webkit.

CVE-2020-6414

    Lijo A.T discovered a policy safe browsing policy enforcement error.

CVE-2020-6415

    Avihay Cohen discovered an implementation error in the v8 javascript
    library.

CVE-2020-6416

    Woojin Oh discovered that untrusted input was insufficiently validated.

CVE-2020-6418

    Clement Lecigne discovered a type error in the v8 javascript library.

CVE-2020-6420

    Taras Uzdenov discovered a policy enforcement error.

For the oldstable distribution (stretch), security support for chromium has
been discontinued.

For the stable distribution (buster), these problems have been fixed in
version 80.0.3987.132-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl5oNcAACgkQmD40ZYkU
ayh0Rh/+PrQfatkM3FrjJJww29+dsIOZ3S2MGR6mggmYcfN8VBIurnBoa/T48RpX
PH0JtNNXmGFXgByL877ykk9cgWeFgnTYlxc5RICKup2qlcZrXugqhN029AtjlMwl
Ynw2tbgyHEEh+aRg/tiMMMDYhDtQpnIpgKJ3L206F9KEpjxgnCAuLMbabwfgf4lX
+5ErU+4LEhWBESkUJCEJA/OFCFfsfBVaz+H564PgsIh1OG/Sm4QL0DoYma3iN+KQ
f/jFejdSFkiTNfZgRmcOU2dqvzf0qfY/iJWrma/RPiF8r5ta5Ew65qoodCxz1pB5
Q7A2c/4ckNYpe+RvafkHZ7TX13IHYOPTaG2lR/lCK0wyuTi1m6KceI6O9fR7mrii
pV9cnTFFYFV2i/Hjq59LFlVh3gfBU9fiO2cps/SVVpCkenxvD372S8NCijBWd3we
K1xmyhmR07zTircuY305T8Sj5qJ/Gb+V0uvhOPeBhkC1cTHUSf/oeU2r+L2fnl41
ctYUfXIfwG5aqr47Q5N+6WuxZMJW/eTHA765/5HhLysyXqw7/fUWrZDU6G6wS9Ij
2pxFzxl2NFHbAl7rBRyrOVfzIT6lAj5OJhqktwI5+8ZSqOO0c+ETkZekfMJXB/H9
+mX1FLAJtxpDKwpqNWt3ZW/vdWF2fnnHifE3BmrdvAv6aBklUWmRGJwBA8/8YTjD
noxg4JZG58GNonsU641iwP0YR4ncI2o0Qq7+plPzm+iG4iiLBsL6+zRe1hAaS38Q
TZioSM3QVsFPKcWQ9pn3xengFVGsMaDH/nAHUfxyD4y6VEvIfJGQsNm2CN9c9Sz1
2ZltQIwtKPe0N2iEA/edzIzINrAmg9g7JB9h2XAsSU+48NtkVZ8gk2nzu/oreRDR
EWe8PNPkHfWDQMv31TcXmqrZfS3RjmoOzlJxOk4iuYnhkhUpv2N/IuhOrVUg0e1v
kVZiRUpdJAh31dKEUNTlEkNH5aCWELhxlr6FJb1tLYqV8Cfg7rHxB9knTzdgz93d
MTsN2Ig6J+bDsBi8HclE0gYLwCbdGx08bFth7Tyd/WbdAlhaZaoMfZkTWXm9rl3e
ReLx4VEZh8fEAXnYU7EqPuWv2UiQBQYSD713+WCmSNCnM7uDkobCJ1CF961FcX7u
BtnFsjE5F1F7bE+FP9zOHXd3fhYCJHkKcg+BTNxYn9ORMYQhhfK0ms5awNT4CyFX
AeWQh5/szmJHowmgfgRmcVSkHNK02R984kvYnRd+oqJg6R+P8PSZWXTmS0X2RnU3
BdoniwUi2Qrtx++E5KtH+qFUEaKJTB5NYub87ZVGJ1wvsHxAQxCW1iOcrZ7KV+Ly
Cf9ugJha6dD2cjM09JPVBrHMzJVKbA==
=Ho61
-----END PGP SIGNATURE-----