-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 16 Nov 2013 23:15:30 +0000 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium chromium-dbg chromium-l10n chromium-inspector Architecture: i386 Version: 31.0.1650.57-1~deb7u1 Distribution: wheezy-security Urgency: high Maintainer: amd64 / i386 Build Daemon (brahms) Changed-By: Michael Gilbert Description: chromium - Google's open source chromium web browser chromium-browser - Chromium browser - transitional dummy package chromium-browser-dbg - chromium-browser debug symbols transitional dummy package chromium-browser-inspector - page inspector for the chromium-browser - transitional dummy pack chromium-browser-l10n - chromium-browser language packages - transitional dummy package chromium-dbg - Debugging symbols for the chromium web browser chromium-inspector - page inspector for the chromium browser chromium-l10n - chromium-browser language packages Changes: chromium-browser (31.0.1650.57-1~deb7u1) stable-security; urgency=high . * New upstream stable release: - Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler. - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project. - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie. Checksums-Sha1: c1bc545ed24aed885fdcb5c7427888abfe198570 47768244 chromium_31.0.1650.57-1~deb7u1_i386.deb 00499d859d0ded8ab10607256318443422198ac9 487975328 chromium-dbg_31.0.1650.57-1~deb7u1_i386.deb Checksums-Sha256: 7d09ad600695765aad0c61a35e614126c8b610cd77ab534f9d1b48d065015da0 47768244 chromium_31.0.1650.57-1~deb7u1_i386.deb 2ef9c39750fbaf6118e5c17ce45700ebce4b8750b74b49035fdd2b8d1961e78f 487975328 chromium-dbg_31.0.1650.57-1~deb7u1_i386.deb Files: eb734623558b0529044de5c45c7bde13 47768244 web optional chromium_31.0.1650.57-1~deb7u1_i386.deb 99bf95f45932fa6f53717b1ae39832ed 487975328 debug extra chromium-dbg_31.0.1650.57-1~deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSiJEkAAoJEK1hQZE4PeNyfCsQAKxwhM/MaxLrr7QFK6YiK1c3 7VSK45OAPOzLY7Wlot26gOBrUZTWSR8jk2d04M/zrQvguCBHZfg4o0dU69pLvR3g C0t6kydgwLZ75P9iY80prIAdL1ZlMcuolXBijB0ipyN7HbwfMkCmoZqCr3CkFuAp lS41VoaRZdtFhPBbQPcvmvGEUIJKT3mz3S5k31vWT+Agbf7tVHqzAz2dRyOoySrE 6Uc4qNp3Ilo2eTQkKnBEZAKcE8Odo8gbINi2ydj73tlGmKcz5XLw34lsOVY1Q/wg bGt8Cnaxfkt+rD1gJ1UHmuTkGDzyVJVLc7hxy3WZiIE4ZNqtVi1ag/j9yb/0gK3q BkuzR1mQ4wF4vDwJOt3cORVtbJl50IZYbwnUpX+1fNp0zjbCt0/NxjbH8ICNo//9 GWnCPZ4hhDxZ/GLx82YKnhct8TZYhSTkcG9OUdj1xLBlFEE2tfAQMt+V+zCU0fJH 0ds+Xm5evGmpRb29rPzB3B8xL525re/Ze9rQX1GQfuDzboVkG9TUBWXTI2ECRPAH gRmmpJogF2CFLngS73OQblWrSOgywSOtFWTyUHQtqYNGzf25EAvns4p5S+yZNVxq hiYpUeQIgqu1+89qqsvHI1jUWyGBzFZvE1j4YlTLU6Oq+vvO/de3u8b80nrcArmZ WGvd6pZjuzrwnxZi1lPQ =yAq7 -----END PGP SIGNATURE-----