The security vulnerability updates include chromium-browser and expat security updates.


Vulnerability Overview

DSA-3531-1 chromium-browser -- security update

Security database information:

  • CVE-2016-1646 : An out-of-bounds read issue was discovered in the v8 library.
  • CVE-2016-1647: A use-after-free issue was discovered.
  • CVE-2016-1648: A use-after-free issue was discovered in the handling of extensions.
  • CVE-2016-1649: lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library.
  • CVE-2016-1650: The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33.


DSA-3318-1 expat -- security update

Security database information:

  • CVE-2015-1283: Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.


Fixing Status

The problems of chromium-browser have been fixed in version 49.0.2623.108-1; and the problem of expat has been fixed in version 2.1.0-7.

Please update to the latest version of deepin to get these patches.


Leave a Reply