Accepted chromium 104.0.5112.79-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 04 Aug 2022 11:31:44 -0400
Source: chromium
Architecture: source
Version: 104.0.5112.79-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (104.0.5112.79-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
- CVE-2022-2604: Use after free in Safe Browsing. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
- CVE-2022-2606: Use after free in Managed devices API. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
- CVE-2022-2608: Use after free in Overview Mode.
Reported by Khalil Zhani
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
- CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
Reported by Maurice Dauer
- CVE-2022-2611: Inappropriate implementation in Fullscreen API.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-2612: Side-channel information leakage in Keyboard input.
Reported by Erik Kraft (erik.kraft5@gmx.at),
Martin Schwarzl (martin.schwarzl@iaik.tugraz.at)
- CVE-2022-2613: Use after free in Input.
Reported by Piotr Tworek (Vewd)
- CVE-2022-2614: Use after free in Sign-In Flow.
Reported by raven at KunLun lab
- CVE-2022-2615: Insufficient policy enforcement in Cookies.
Reported by Maurice Dauer
- CVE-2022-2616: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-2617: Use after free in Extensions API.
Reported by @ginggilBesel
- CVE-2022-2618: Insufficient validation of untrusted input in
Internals. Reported by asnine
- CVE-2022-2619: Insufficient validation of untrusted input in Settings.
Reported by Oliver Dunk
- CVE-2022-2620: Use after free in WebUI. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-2621: Use after free in Extensions.
Reported by Huyna at Viettel Cyber Security
- CVE-2022-2622: Insufficient validation of untrusted input in
Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
- CVE-2022-2623: Use after free in Offline. Reported by
raven at KunLun lab
- CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
* debian/patches:
- bullseye/nomerge.patch: drop, was only needed for clang-11.
- bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
- bullseye/blink-constexpr.patch: drop, only needed for clang-11.
- bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
- disable/angle-perftests.patch: refresh
- disable/catapult.patch: refresh & drop some no longer needed bits.
- fixes/tflite.patch: fix a build error.
* debian/copyright:
- upstream dropped perfetto/ui/src/gen/.
Checksums-Sha1:
00b5a34feb370c4bfb8f6c4a51c2ea2af87b2aa5 3619 chromium_104.0.5112.79-1.dsc
a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz
db4bfb71403bb965cf6e86a11244629049e6fc47 209308 chromium_104.0.5112.79-1.debian.tar.xz
970edc9525567811b532ccdcb0b7f472f9a5e9b6 20045 chromium_104.0.5112.79-1_source.buildinfo
Checksums-Sha256:
5991e4c185fa2499deaef30e59a0f55633c2b6e9da7ba03a7e330541abf0ab55 3619 chromium_104.0.5112.79-1.dsc
304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz
cfb88636c29dfac550fc760b32e96df6070d0c7391df6e916e53dcdd2b72dc84 209308 chromium_104.0.5112.79-1.debian.tar.xz
7fe587fac26f91b9fb14b29fc39602099c562e1b18652132bd2ebf876632d613 20045 chromium_104.0.5112.79-1_source.buildinfo
Files:
5c4213c2d56d0d88a145b04c4d901ac1 3619 web optional chromium_104.0.5112.79-1.dsc
13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz
f5f70c16002709041d11f0f78711efc6 209308 web optional chromium_104.0.5112.79-1.debian.tar.xz
76f967bfae15112d0db9372bc9ad912f 20045 web optional chromium_104.0.5112.79-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLshDIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfNCRAAi3Wv0p+xzcHvY2fCjC+f//yPltZD
32CWSyGsYj1kdG78yO8WG8g4iHLZgaaZMN2LRUsGVQGUEgXndh3VDumlrrr34ujA
J/ySw/okfHPb26pSy8b6rc4vU3Er3xLQBTdaMFH1Yx6COpil31QxgDdEPXnaKUOn
Gswln07Pblvu7pncyEWMj35hmvQFveQNse4A5mgfL4GR62hw2ajr0m7nY3U6mOSy
h8KApAYK0+SPRpYkr4unOH4Ht+wqJ9SPehGMTbgBFh6Gx/V35iJpwW9F8qYdvoGn
UksNQrLXK2VHlxgmHyupAgylm4L8LntU0kqO4p0GZzfrjiWJkS2QDPmLeA4bcx2b
YmxcM9tppMpso7b5WeRovq5Hvgrzv0uDCNqKI+O1ecQ8YYCriVhm6n0eH8mrsJrI
+Mv1Nj2RF3UbVzqFAOBcjSvdvgpgZqsTT7Fi2w8wkJfcWCNBvrpQsYX4qRtRXZxP
TzTUK9oFccZ/IRQhWtN6jJkGuOB0kZoUzLFGzN9vDRIn95y4yNcgr5UGJ3qEgcK4
KrW9u5eJuNkpu6X0iROjnyXCkiRfhUe6Q79iDSpNFx0z8wZkZ7DEnEuST3X5/qKO
zR8keAVa943eXk162HTnTCUGJyTCgEg5MnAViTRLVP3CxsdKCvrTDYYDeRUoT+Ku
CidcM5hJnRuInTU=
=Whn7
-----END PGP SIGNATURE-----
Reply to: