Accepted chromium 104.0.5112.79-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 04 Aug 2022 21:39:17 -0400
Source: chromium
Architecture: source
Version: 104.0.5112.79-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high
.
* Build with Clang 13 instead of the bullseye default of Clang 11.
* New upstream stable release.
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
- CVE-2022-2604: Use after free in Safe Browsing. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
- CVE-2022-2606: Use after free in Managed devices API. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
- CVE-2022-2608: Use after free in Overview Mode.
Reported by Khalil Zhani
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
Reported by Maurice Dauer
- CVE-2022-2611: Inappropriate implementation in Fullscreen API.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-2612: Side-channel information leakage in Keyboard input.
Reported by Erik Kraft (erik.kraft5@gmx.at),
Martin Schwarzl (martin.schwarzl@iaik.tugraz.at)
- CVE-2022-2613: Use after free in Input.
Reported by Piotr Tworek (Vewd)
- CVE-2022-2614: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2615: Insufficient policy enforcement in Cookies.
Reported by Maurice Dauer
- CVE-2022-2616: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-2617: Use after free in Extensions API.
Reported by @ginggilBesel
- CVE-2022-2618: Insufficient validation of untrusted input in
Internals. Reported by asnine
- CVE-2022-2619: Insufficient validation of untrusted input in Settings.
Reported by Oliver Dunk
- CVE-2022-2620: Use after free in WebUI. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2621: Use after free in Extensions.
Reported by Huyna at Viettel Cyber Security
- CVE-2022-2622: Insufficient validation of untrusted input in
Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
- CVE-2022-2623: Use after free in Offline. Reported by
raven at KunLun lab
- CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
* debian/patches:
- bullseye/nomerge.patch: drop, was only needed for clang-11.
- bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
- bullseye/blink-constexpr.patch: drop, only needed for clang-11.
- bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
- disable/angle-perftests.patch: refresh
- disable/catapult.patch: refresh & drop some no longer needed bits.
- fixes/tflite.patch: fix a build error.
* debian/copyright:
- upstream dropped perfetto/ui/src/gen/.
Checksums-Sha1:
f47757475b1d66c4a630171a9c9abd373f2a135f 3698 chromium_104.0.5112.79-1~deb11u1.dsc
a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz
54f0e8ff77b4dba5a147bf5fa6c159cee62f833c 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
b8cfcf768107ca5744e5d29a743eb5385bdb67da 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
Checksums-Sha256:
145a78afaa76b4179726029b584385ba626119cf0c441d4465e410c604cbbed9 3698 chromium_104.0.5112.79-1~deb11u1.dsc
304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz
5cb48f4bab0280d51d6a311078e55bb7a4904d833b25a7eb2d1f34b2284a9747 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
5b93c38d3bc1d3ea91d12a41817fc7b4b27a14929eed2eff2744d75f5db118f8 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
Files:
63a5bedae560c5a1753965c747702ffc 3698 web optional chromium_104.0.5112.79-1~deb11u1.dsc
13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz
2fd7001a0988f4f8e8bdeaadb30c70b9 209296 web optional chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
68c98de97ab9346087aff506c2c4a87e 20762 web optional chromium_104.0.5112.79-1~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLsga4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcrzhAAxgkLsI1OXBS06eHgfoQmKRPaWXNN
Z1+5DUof4NeqorbAPyNljz9W8G2m/MtWJVT2vj3a3+BhS9Pqt3EUg7eIZCG0tCy+
ZPLJTt9Q90NoX787HztZQZUepgV+IUFZED81XJ9hNHvcjKBlv/u3sfwODv/5KSqg
5U3mtEosJIx9eskyZjlgu5Ix8UClHG/UwtiOlDy2pHRlU14wKoJZOmwlxcWp4xm6
jTXK02Q+oob6HRMg32n0gicAT5MMmHF03M6UChxUmlgmoXLnGSxVGiPFqmb/UBhn
2+PZ09+AuHDdmrdGpQVJanGI5SQCJ19QdzzszTNjPUk9Xzm4aZrRa9je1DgptUAt
NHQPLh4Cvbva/3uvqhGA2k9ZY8/uoCRK7O4tWTp2bFY2z5mRCJvgMLcvXL7UBPok
nQRzr7uh5OzukDbmsUoH4GAhZo7UJAWf/oLFSHF9m2TzfL2rOKbU8COZ4qQ6BMla
As78Gkpt0jPQWoZiZWfksWveS0Soy3IhkoAU9YBG3aYG3ydOiMSXZXGQjqrjv9UK
c90tbjtuINKjdvTQ0z3HTSf06XCNmyoTucLjyN5GtIv0tUKjMVtIFxQzrarltuPS
dQu9UWbvJ4BA2UrcACB+S8R6pNv+h+KIjqHFgox/Cz9baf+n4Qj/aS+tSvD8y2FT
GZGXQiHlLz8kR1k=
=Nkxg
-----END PGP SIGNATURE-----
Reply to: