[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted chromium 104.0.5112.79-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 04 Aug 2022 21:39:17 -0400
Source: chromium
Architecture: source
Version: 104.0.5112.79-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high
 .
   * Build with Clang 13 instead of the bullseye default of Clang 11.
   * New upstream stable release.
     - CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
     - CVE-2022-2604: Use after free in Safe Browsing. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
     - CVE-2022-2606: Use after free in Managed devices API. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
     - CVE-2022-2608: Use after free in Overview Mode.
       Reported by Khalil Zhani
     - CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
       (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
     - CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
       Reported by Maurice Dauer
     - CVE-2022-2611: Inappropriate implementation in Fullscreen API.
       Reported by Irvan Kurniawan (sourc7)
     - CVE-2022-2612: Side-channel information leakage in Keyboard input.
       Reported by Erik Kraft (erik.kraft5@gmx.at),
       Martin Schwarzl (martin.schwarzl@iaik.tugraz.at)
     - CVE-2022-2613: Use after free in Input.
       Reported by Piotr Tworek (Vewd)
     - CVE-2022-2614: Use after free in Sign-In Flow.
       Reported by raven at KunLun lab
     - CVE-2022-2615: Insufficient policy enforcement in Cookies.
       Reported by Maurice Dauer
     - CVE-2022-2616: Inappropriate implementation in Extensions API.
       Reported by Alesandro Ortiz
     - CVE-2022-2617: Use after free in Extensions API.
       Reported by @ginggilBesel
     - CVE-2022-2618: Insufficient validation of untrusted input in
       Internals. Reported by asnine
     - CVE-2022-2619: Insufficient validation of untrusted input in Settings.
       Reported by Oliver Dunk
     - CVE-2022-2620: Use after free in WebUI. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-2621: Use after free in Extensions.
       Reported by Huyna at Viettel Cyber Security
     - CVE-2022-2622: Insufficient validation of untrusted input in
       Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
     - CVE-2022-2623: Use after free in Offline. Reported by
       raven at KunLun lab
     - CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
       CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
   * debian/patches:
     - bullseye/nomerge.patch: drop, was only needed for clang-11.
     - bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
     - bullseye/blink-constexpr.patch: drop, only needed for clang-11.
     - bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
     - disable/angle-perftests.patch: refresh
     - disable/catapult.patch: refresh & drop some no longer needed bits.
     - fixes/tflite.patch: fix a build error.
   * debian/copyright:
     - upstream dropped perfetto/ui/src/gen/.
Checksums-Sha1:
 f47757475b1d66c4a630171a9c9abd373f2a135f 3698 chromium_104.0.5112.79-1~deb11u1.dsc
 a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz
 54f0e8ff77b4dba5a147bf5fa6c159cee62f833c 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
 b8cfcf768107ca5744e5d29a743eb5385bdb67da 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
Checksums-Sha256:
 145a78afaa76b4179726029b584385ba626119cf0c441d4465e410c604cbbed9 3698 chromium_104.0.5112.79-1~deb11u1.dsc
 304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz
 5cb48f4bab0280d51d6a311078e55bb7a4904d833b25a7eb2d1f34b2284a9747 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
 5b93c38d3bc1d3ea91d12a41817fc7b4b27a14929eed2eff2744d75f5db118f8 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
Files:
 63a5bedae560c5a1753965c747702ffc 3698 web optional chromium_104.0.5112.79-1~deb11u1.dsc
 13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz
 2fd7001a0988f4f8e8bdeaadb30c70b9 209296 web optional chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
 68c98de97ab9346087aff506c2c4a87e 20762 web optional chromium_104.0.5112.79-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLsga4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcrzhAAxgkLsI1OXBS06eHgfoQmKRPaWXNN
Z1+5DUof4NeqorbAPyNljz9W8G2m/MtWJVT2vj3a3+BhS9Pqt3EUg7eIZCG0tCy+
ZPLJTt9Q90NoX787HztZQZUepgV+IUFZED81XJ9hNHvcjKBlv/u3sfwODv/5KSqg
5U3mtEosJIx9eskyZjlgu5Ix8UClHG/UwtiOlDy2pHRlU14wKoJZOmwlxcWp4xm6
jTXK02Q+oob6HRMg32n0gicAT5MMmHF03M6UChxUmlgmoXLnGSxVGiPFqmb/UBhn
2+PZ09+AuHDdmrdGpQVJanGI5SQCJ19QdzzszTNjPUk9Xzm4aZrRa9je1DgptUAt
NHQPLh4Cvbva/3uvqhGA2k9ZY8/uoCRK7O4tWTp2bFY2z5mRCJvgMLcvXL7UBPok
nQRzr7uh5OzukDbmsUoH4GAhZo7UJAWf/oLFSHF9m2TzfL2rOKbU8COZ4qQ6BMla
As78Gkpt0jPQWoZiZWfksWveS0Soy3IhkoAU9YBG3aYG3ydOiMSXZXGQjqrjv9UK
c90tbjtuINKjdvTQ0z3HTSf06XCNmyoTucLjyN5GtIv0tUKjMVtIFxQzrarltuPS
dQu9UWbvJ4BA2UrcACB+S8R6pNv+h+KIjqHFgox/Cz9baf+n4Qj/aS+tSvD8y2FT
GZGXQiHlLz8kR1k=
=Nkxg
-----END PGP SIGNATURE-----


Reply to: