File _patchinfo of Package patchinfo.6035

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.6035

<patchinfo incident="6035">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="1013236">VUL-0: chromium: December 2nd security release 55.0.2883.75</issue>
  <issue tracker="cve" id="2016-9651"></issue>
  <issue tracker="cve" id="2016-5208"></issue>
  <issue tracker="cve" id="2016-5207"></issue>
  <issue tracker="cve" id="2016-5206"></issue>
  <issue tracker="cve" id="2016-5205"></issue>
  <issue tracker="cve" id="2016-5204"></issue>
  <issue tracker="cve" id="2016-5209"></issue>
  <issue tracker="cve" id="2016-5203"></issue>
  <issue tracker="cve" id="2016-5210"></issue>
  <issue tracker="cve" id="2016-5212"></issue>
  <issue tracker="cve" id="2016-5211"></issue>
  <issue tracker="cve" id="2016-5213"></issue>
  <issue tracker="cve" id="2016-5214"></issue>
  <issue tracker="cve" id="2016-5216"></issue>
  <issue tracker="cve" id="2016-5215"></issue>
  <issue tracker="cve" id="2016-5217"></issue>
  <issue tracker="cve" id="2016-5218"></issue>
  <issue tracker="cve" id="2016-5219"></issue>
  <issue tracker="cve" id="2016-5221"></issue>
  <issue tracker="cve" id="2016-5220"></issue>
  <issue tracker="cve" id="2016-5222"></issue>
  <issue tracker="cve" id="2016-9650"></issue>
  <issue tracker="cve" id="2016-5223"></issue>
  <issue tracker="cve" id="2016-5226"></issue>
  <issue tracker="cve" id="2016-5225"></issue>
  <issue tracker="cve" id="2016-5224"></issue>
  <issue tracker="cve" id="2016-9652"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for Chromium</summary>
  <description>This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:

- CVE-2016-9651: Private property access in V8
- CVE-2016-5208: Universal XSS in Blink
- CVE-2016-5207: Universal XSS in Blink
- CVE-2016-5206: Same-origin bypass in PDFium
- CVE-2016-5205: Universal XSS in Blink
- CVE-2016-5204: Universal XSS in Blink
- CVE-2016-5209: Out of bounds write in Blink
- CVE-2016-5203: Use after free in PDFium
- CVE-2016-5210: Out of bounds write in PDFium
- CVE-2016-5212: Local file disclosure in DevTools
- CVE-2016-5211: Use after free in PDFium
- CVE-2016-5213: Use after free in V8
- CVE-2016-5214: File download protection bypass
- CVE-2016-5216: Use after free in PDFium
- CVE-2016-5215: Use after free in Webaudio
- CVE-2016-5217: Use of unvalidated data in PDFium
- CVE-2016-5218: Address spoofing in Omnibox
- CVE-2016-5219: Use after free in V8
- CVE-2016-5221: Integer overflow in ANGLE
- CVE-2016-5220: Local file access in PDFium
- CVE-2016-5222: Address spoofing in Omnibox
- CVE-2016-9650: CSP Referrer disclosure
- CVE-2016-5223: Integer overflow in PDFium
- CVE-2016-5226: Limited XSS in Blink
- CVE-2016-5225: CSP bypass in Blink
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives

The default bookmarks override was removed.

The following packaging changes are included:

- Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.
- Chromium now requires harfbuzz &gt;= 1.3.0</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.6035

Places