Comment 3 for bug 1673276

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 57.0.2987.98-0ubuntu0.16.04.1276

chromium-browser (57.0.2987.98-0ubuntu0.16.04.1276) xenial-security; urgency=medium

  * Upstream release: 57.0.2987.98.
    - CVE-2017-5030: Memory corruption in V8.
    - CVE-2017-5031: Use after free in ANGLE.
    - CVE-2017-5032: Out of bounds write in PDFium.
    - CVE-2017-5029: Integer overflow in libxslt.
    - CVE-2017-5034: Use after free in PDFium.
    - CVE-2017-5035: Incorrect security UI in Omnibox.
    - CVE-2017-5036: Use after free in PDFium.
    - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
    - CVE-2017-5039: Use after free in PDFium.
    - CVE-2017-5040: Information disclosure in V8.
    - CVE-2017-5041: Address spoofing in Omnibox.
    - CVE-2017-5033: Bypass of Content Security Policy in Blink.
    - CVE-2017-5042: Incorrect handling of cookies in Cast.
    - CVE-2017-5038: Use after free in GuestView.
    - CVE-2017-5043: Use after free in GuestView.
    - CVE-2017-5044: Heap overflow in Skia.
    - CVE-2017-5045: Information disclosure in XSS Auditor.
    - CVE-2017-5046: Information disclosure in Blink.
  * debian/patches/arm64-support no longer needed
  * debian/patches/stdatomic: Support gcc48.
  * debian/patches/snapshot-library-link: Add missing libsnapshot link
  * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
  * debian/control: Drop binary arch "any" and explicitly list four.
  * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
  * debian/rules: Fix armhf float ABI and remove unnecessary envvars.
    (LP: #1673276)

 -- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400