—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-3486-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
February 21, 2016 https://www.debian.org/security/faq
– ————————————————————————-
Package : chromium-browser
CVE ID : CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625
CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2016-1622
It was discovered that a maliciously crafted extension could bypass
the Same Origin Policy.
CVE-2016-1623
Mariusz Mlynski discovered a way to bypass the Same Origin Policy.
CVE-2016-1624
lukezli discovered a buffer overflow issue in the Brotli library.
CVE-2016-1625
Jann Horn discovered a way to cause the Chrome Instant feature to
navigate to unintended destinations.
CVE-2016-1626
An out-of-bounds read issue was discovered in the openjpeg library.
CVE-2016-1627
It was discovered that the Developer Tools did not validate URLs.
CVE-2016-1628
An out-of-bounds read issue was discovered in the pdfium library.
CVE-2016-1629
A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
along with a way to escape the chromium sandbox.
For the stable distribution (jessie), these problems have been fixed in
version 48.0.2564.116-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 48.0.2564.116-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQQcBAEBCgAGBQJWyjGQAAoJELjWss0C1vRzCOggAIHfWmQnUTLoAnqKYxsfAnLN
xRTduJLr2Fba1JcINXKiiRMcrEsYrWTiN+UdiMYtC0TSU933qKEEFvHnVl6FhZCH
9crXNFGknjpz7ql+OkKG6d4Snw1SuoOEziBtk53AaF7T49g4FwV7vzep16gnK4FS
vzZJQDr9qyz1DeUMXC/Z1kJRRystU0waqV8G94Cv4X3xcB1zcTFQleQyyRrM3NcU
fJkVi35CX7SNnwWrxAqHG0MZvFmDI07Uro/v+erSVxAF2+Pst0Gx6NkawmsPTNcY
qMDnWSpCXLp0r4btFZIsCviH1dhvvf91wolTb9m1AkL7gp0j7KQZbjNqvlmYWNLj
mpdcDbYwJq9vvJd8y/Xjri0nEHftemDXkEjqf/0cjfqJqsJakk4sADQZ6HEydJ0c
+P5K4Xhz1Xef6+5oIFRJxoYl1kWrYDy3By74aiY++IKj/pkzff0wYNQFLHpj0FZ0
mBnOTYHsvB88afGklSyPdfUxChPQ80t+CXp0QdVGJQnS7EG7tLSC+D4Icootnf06
Gmx4WRTtRm4vN6xufY3/wqDyHJNJTAteqN9/sjXGOjs3WjeSpEy7EMHrvOPU73aH
6WTERHwTCkMRub9M39bOCxHIgkFAU0U27Kc1WwuFHnRsh6b44jfYZJjf0BUhC22F
I4Ym+jtmMOt17KrvAlta+qBb6weF89U2Twaxx2MPCO4Z1g1smnTX1FYV3SuK8/+/
5Sltbp9dXRPbnsPtWNdXkf0tlRbjBVz5L+lQF8GM4H4Y61xfcNY4EeCYWHMbBWk3
m6PR8jFViFdsh6woxASE5CYadSsqhYR+5r9FXsZsgmX2rPuv8QysauiWIXQA8AU5
y6YIZPk/JoL5D87BwUKwzE1SHfNBmr+pLxB21TIIsDOSfvwyk/VQgKWMK36tlc77
eXGFJ8ErCIXAzn9VTd27q5lnmbfwQMt/+i6bR09mIoFtFiJz0X0b9Pcw0AjiSkVm
6PsfqJf9b7O1HOEeqYdzGW5nKuWpC34EVo1iTbtxP8LzwaQMgM6J8SPTRmJianep
FaeD3b4z16XehX/p2FGutoWDd/oxgl48TwpET40HKOab4ZNehRGJk7CEUtYH2Z9C
2gHOH1vOQSfrkxPCBcQvkbsjFbtL4ECJ5aktAg4GkXslAIE4ZyxQ9bNFZC5fM/rX
/LoK/O26mHsZLJtdd3JMnqPTrNhYe9gOrdOcYnr73D5En9kyP0nNoUhQ6k4J8eOH
C7iILgXfYhVjscNJ2L8IFEDnBe9naQM8Bh3pgZ2pWNU1PhjJDGiZbN4IN6LqaI/6
dPYLn5Ib0hQZM7gCn50uUnxFD10PqG7EYdZmuWrkNC2CzAO++UxSC2Du94/id6I=
=5OhE
—–END PGP SIGNATURE—–