Accepted chromium 100.0.4896.60-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium 100.0.4896.60-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 16 Jun 2022 06:47:20 +0000
Message-id: <[🔎] E1o1jHk-0007oZ-4s@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Apr 2022 23:22:56 -0400
Source: chromium
Architecture: source
Version: 100.0.4896.60-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (100.0.4896.60-1~deb11u1) bullseye-security; urgency=high
 .
   * Fix debian/watch to find the correct upstream version.
   * Ensure xz uses all available cpu cores when preparing orig.tar.gz
   * Switch to bundled ICU, since Debian's ICU is 2 years old at this point
     and upstream depends on a bunch of new API in ICU 69.1.
   * debian/copyright:
     - ensure all *.dlls are dropped from source.
     - Stop dropping '*fuzz' directories. It was too aggressive, resulting
       in build errors for perfectly fine BSD-3-clause and similar code.
     - Instead, drop '*corpus' and '*corpora' directories. Some of it is
       fine (lots generated by oss-fuzz with .dict files provided), but
       not all of it is and it's easier to just drop it.
     - Drop an esbuild binary.
     - The full upstream tarball includes additional stuff we don't want,
       so drop *.jar, tools/win, and some other stuff in third_party/.
   * debian/rules:
     - Disabling & deleting swiftshader now also needs to add
       dawn_use_swiftshader=false.
     - Switch from -lite upstream tarball to the full tarball in order to
       include ICU sources.
   * debian/patches:
     - upstream/libdrm.patch - drop, merged upstream.
     - debianization/manpage.patch - drop a small chunk merged upstream.
     - system/icu.patch - drop now that we're bundling ICU.
     - bullseye/icu-types.patch - drop now that we're bundling ICU.
     - system/convertutf.patch - update build for bundled ICU path.
     - fixes/closure.patch - drop now that we're no longer using lite tarball.
     - disable/driver-chrome-path.patch - refresh for BUILDFLAG() macro.
     - system/jsoncpp.patch - refresh for unrelated ios change.
     - disable/catapult.patch - refresh due to moving around of .pak files.
     - upstream/rvo-workaround.patch - added to fix FTBFS w/ clang-11. Pulled
       from upstream git.
   * New upstream stable release.
     - CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani
     - CVE-2022-1127: Use after free in QR Code Generator.
       Reported by anonymous
     - CVE-2022-1128: Inappropriate implementation in Web Share API.
       Reported by Abdel Adim (@smaury92) Oisfi of Shielder
     - CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
       Reported by Irvan Kurniawan (sourc7)
     - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
       Reported by Sergey Toshin of Oversecurity Inc.
     - CVE-2022-1131: Use after free in Cast UI. Reported by
       Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
       Reported by Andr.Ess
     - CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous
     - CVE-2022-1134: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab
     - CVE-2022-1135: Use after free in Shopping Cart.
       Reported by Wei Yuan of MoyunSec VLab
     - CVE-2022-1136: Use after free in Tab Strip . Reported by Krace
     - CVE-2022-1137: Inappropriate implementation in Extensions.
       Reported by Thomas Orlita
     - CVE-2022-1138: Inappropriate implementation in Web Cursor.
       Reported by Alesandro Ortiz
     - CVE-2022-1139: Inappropriate implementation in Background Fetch API.
       Reported by Maurice Dauer
     - CVE-2022-1141: Use after free in File Manager.
       Reported by raven at KunLun lab
     - CVE-2022-1142: Heap buffer overflow in WebUI.
       Reported by Leecraso and Guang Gong of 360 Alpha Lab
     - CVE-2022-1143: Heap buffer overflow in WebUI.
       Reported by Leecraso and Guang Gong of 360 Alpha Lab
     - CVE-2022-1144: Use after free in WebUI.
       Reported by Leecraso and Guang Gong of 360 Alpha Lab
     - CVE-2022-1145: Use after free in Extensions.
       Reported by Yakun Zhang of Baidu Security
     - CVE-2022-1146: Inappropriate implementation in Resource Timing.
       Reported by Sohom Datta
Checksums-Sha1:
 d6706927251405b47991cd1383dc2a4565c2355d 3689 chromium_100.0.4896.60-1~deb11u1.dsc
 93757e1dc5f4cc5593b3c09b656c59a7ca3276f6 586200052 chromium_100.0.4896.60.orig.tar.xz
 e8eb889ef7d82b5834bde24c101ab93826508bb0 210952 chromium_100.0.4896.60-1~deb11u1.debian.tar.xz
 f807167c20e9ed560353594c014263753d3177da 20464 chromium_100.0.4896.60-1~deb11u1_source.buildinfo
Checksums-Sha256:
 797c243fc25025aafd82c03258458063452ad9669a90d5e37f941170b67585b0 3689 chromium_100.0.4896.60-1~deb11u1.dsc
 358bfbcdd4acb3f345cd001be3e34dc231c0e29b0658b09b63d5bbf914b420d6 586200052 chromium_100.0.4896.60.orig.tar.xz
 3378c3eb48e366ff83c26311ff7cc73155f12c4095e4ec958595404dc7b17693 210952 chromium_100.0.4896.60-1~deb11u1.debian.tar.xz
 4cde42337868a4897b7f3e166c78413c75b1b8a48d8dbdf1d1c6fbb8fb6d18d5 20464 chromium_100.0.4896.60-1~deb11u1_source.buildinfo
Files:
 d180b0b30be0142beffac44acec42f57 3689 web optional chromium_100.0.4896.60-1~deb11u1.dsc
 c45fd4f7cff66fcbb761f26095204d29 586200052 web optional chromium_100.0.4896.60.orig.tar.xz
 0ea5b8362d8cb0e1b92a5a389321de4d 210952 web optional chromium_100.0.4896.60-1~deb11u1.debian.tar.xz
 75e815e95d059a4b2c5f754b85405f5d 20464 web optional chromium_100.0.4896.60-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmJIkIgUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeG9A/+OfD52KiNBqWNTyruQCRMkJUjFApp
4b4m5US/S+Wjsnj3KvicdFuDSciqvje1C+meFvEl1npVoCVdk9DzPTwln+5hLzpp
QIrZy0b0sUaU9iJ4Ummx7xhW04w/mDKmOqE5Ieg1I90rwi7mOT6rLdvLZVui+Amh
IahTjWV5yKinOnV9S2YKWmWDsvw+iKcxQG3I6K3INDxr6C0YTUD2te2h1C0GxzcQ
bndrwOZ1xxN4h4mbX62hV3IcrJS7z0dnW2mB2ooSh7CJa5NdYHqxkxxqQ24SUUsO
IFbih5nu4YsQftzUjFQFAV9ZT3NTw3YdBluD9/YRYRJS/4cU2oFjS62mB8svHMdl
xEfdcb4rELPQyMx/YpCRUFjEh+QegyuDzvvLBHTE3Nmu8ltCjmZZhpwq1FAN3j0k
if1kHk7XxLd8xpnRrKT/uJCYCccH32tyQItEvtfRRlTIue4rG4H5nipokLvwbNsT
KOIxopp2Qh4WPwzkK2yf5a7A6glsTENIVroGuCaLC9OPE5tkf0gKlJom+WHLz5y/
FRHahFIWDIb+EUbt/Kg+4OtRtvTPJNx8FL7yaF7tYakgPuads0J8KGi7UV9tAJ0l
u4X3TZY/X8d+8xKX5sfyJacUBWNtjbMRPtmg8vkMPE6rOpYIranXy8EUMQP5r1rb
2lk2iiK8jvyzp+c=
=MAFX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted chromium 99.0.4844.84-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted chromium 100.0.4896.75-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted chromium 99.0.4844.84-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted chromium 100.0.4896.75-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread