-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4645-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
March 22, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425
                 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429
                 CVE-2020-6449

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-20503

   Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp
   library.

CVE-2020-6422

    David Manouchehri discovered a use-after-free issue in the WebGL
    implementation.

CVE-2020-6424

    Sergei Glazunov discovered a use-after-free issue.

CVE-2020-6425

    Sergei Glazunov discovered a policy enforcement error related to
    extensions.

CVE-2020-6426

    Avihay Cohen discovered an implementation error in the v8 javascript
    library.

CVE-2020-6427

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

CVE-2020-6428

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

CVE-2020-6429

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

CVE-2020-6449

    Man Yue Mo discovered a use-after-free issue in the audio implementation.

For the oldstable distribution (stretch), security support for chromium has
been discontinued.

For the stable distribution (buster), these problems have been fixed in
version 80.0.3987.149-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl54E4IACgkQmD40ZYkU
ayiRMh//bTOibqPJBCxe0AqDuKGNi4xZ9E0fImuxB9Zi+oE+nEZPB5TxQm5id2aT
19Mqq2MNc1+Z2Ac0yn/j7kTTQ/fJ55olg57SWZ4H9k9ArI/jXZzqRPbzgHZg5wWs
ssB7eabIotkXWYM76ANLjSlXSpPx34Hjo0SUMSL5emh2V42QM/4RmCIEIeIMh2q6
jf2xkhYFqcAuK9p5wWChTIZEwM1aEiKtbW24t9J6/h7I6rwiglRhtb3LCgcsga7e
LkiNQLLiJmSIdJ1GkV4ly7NlBr2c8CQnx82PFj1atNJoEqEBaZEPIGhr2Wyen4K2
dwAmZ0T35ONwXpkxk71MxRRbJFDEDX6gWEKpkCU29LV9LMKpcVK826nhdwP0W8Ss
4zJMqQx0yiUSYGTYMxY7uELc278iXaNuHgy8OWP4uNMZ4pqjPzyvBOlRAAd0Lvhg
nU53dsaoInJW/MywLhJQ0UKIxrn0a6HrezhsNIENbIe+0MBlbNRDl1GtKyjE5rsS
DYUxqHUKlYuk4OinO0Xc0DabncFVuLWoiN5XptyBy51+ALh7PtnB+sTwzM98XICb
fp2vEIIcfk5WMqArhLoN5GNJHLurWl3heYqHdAB8K5V8G2fvW4ZFylUqeyRgNhze
FlQD21iwPChYTVtf1sLrhYq7L0QmvVaoG5bIBZe+laOyPeMGI7MP5UUhgf1J9kPl
OSUxu7OLv2asUD/rKxepIY9w7kI6l+TwtTO+s+uCkWKs+Gw0aDzwLbhNh1dpF+q7
ZNMqd8yqaodITNEI9ULpwhpFvABtYkB5DgttSA2gs2+fXjU7LnGavCDvWLb08ywa
vRhu6lTGnpfzVyOf5G4tCgnpNgdnKi7FO0nu2mlT8igVAXrVPQWAST25i1zUJjfX
GL0LZGATZvgNeRhIftbEd8ti2PsePwza699DDLqnoq3Ac3VXoKeX59M3UzIDHkuM
Hc8DuP9P6cd6+FtrYEzGcH+bqeKL29c8ucY6R1HkPkzifSXqkfTfRZE04Atqly+j
CdL0FWSl9SXJ8lI5oDp7M2FxuS6KDA0ynrM29ZEgg76FWYDaxQcohmqPu+uMvbPq
/miJM1HitgptmQuV9ThUpX0YsC8QoUTwZMk+uKbTmxoNQVzpaGrQaiBKD/RwZ4EN
AFqP/Fx+mSwBm2ExGPOz4HFichkNLYX5GZWHC33unecVSHP9QD75ciggnvDtSmea
tLA/Lpu9BjAuosa0YOIaK1Y+P9fOvL3jiAIVAbCOFOxoL0dsBPTxd6TJlVJVabeh
+edgot6YUfpc2JKLLrvDTZYKM4WBTbk50N6dhUDuWbQJ0j7n9NMqtsaHOl8x6yp7
TgA2OpXk0ntGnDTFDFHIuF8dpCS0jw==
=F7t7
-----END PGP SIGNATURE-----