1
PublicDateAtUSN: 2016-01-22
2
Candidate: CVE-2016-1617
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617
6
http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html
7
https://usn.ubuntu.com/usn/usn-2877-1
9
The CSPSource::schemeMatches function in
10
WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy
11
(CSP) implementation in Blink, as used in Google Chrome before
12
48.0.2564.82, does not apply http policies to https URLs and does not apply
13
ws policies to wss URLs, which makes it easier for remote attackers to
14
determine whether a specific HSTS web site has been visited by reading a
23
Patches_chromium-browser:
24
upstream_chromium-browser: released (48.0.2564.82)
25
precise_chromium-browser: ignored
26
trusty_chromium-browser: released (48.0.2564.82-0ubuntu0.14.04.1.1108)
27
vivid_chromium-browser: released (48.0.2564.82-0ubuntu0.15.04.1.1193)
28
vivid/stable-phone-overlay_chromium-browser: DNE
29
vivid/ubuntu-core_chromium-browser: DNE
30
wily_chromium-browser: released (48.0.2564.82-0ubuntu0.15.10.1.1219)
31
devel_chromium-browser: released (48.0.2564.82-0ubuntu1.1222)
34
upstream_oxide-qt: released (1.12.5)
36
trusty_oxide-qt: released (1.12.5-0ubuntu0.14.04.1)
37
vivid_oxide-qt: released (1.12.5-0ubuntu0.15.04.1)
38
vivid/stable-phone-overlay_oxide-qt: released (1.12.5-0ubuntu0.15.04.1~overlay1)
39
vivid/ubuntu-core_oxide-qt: DNE
40
wily_oxide-qt: released (1.12.5-0ubuntu0.15.10.1)
41
devel_oxide-qt: released (1.12.5-0ubuntu1)