Accepted chromium 106.0.5249.61-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Sep 2022 14:14:44 -0400
Source: chromium
Architecture: source
Version: 106.0.5249.61-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (106.0.5249.61-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2022-3304: Use after free in CSS. Reported by Anonymous.
- CVE-2022-3201: Insufficient validation of untrusted input in
Developer Tools. Reported by NDevTK.
- CVE-2022-3305: Use after free in Survey. Reported by Nan
Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
Research Institute.
- CVE-2022-3306: Use after free in Survey. Reported by Nan
Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
Research Institute.
- CVE-2022-3307: Use after free in Media.
Reported by Anonymous Telecommunications Corp. Ltd.
- CVE-2022-3308: Insufficient policy enforcement in Developer Tools.
Reported by Andrea Cappa (zi0Black) @ Shielder.
- CVE-2022-3309: Use after free in Assistant.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
- CVE-2022-3310: Insufficient policy enforcement in Custom Tabs.
Reported by Ashwin Agrawal from Optus, Sydney.
- CVE-2022-3311: Use after free in Import.
Reported by Samet Bekmezci @sametbekmezci.
- CVE-2022-3312: Insufficient validation of untrusted input in VPN.
Reported by Andr.Ess.
- CVE-2022-3313: Incorrect security UI in Full Screen.
Reported by Irvan Kurniawan (sourc7).
- CVE-2022-3314: Use after free in Logging. Reported by Anonymous.
- CVE-2022-3315: Type confusion in Blink. Reported by Anonymous.
- CVE-2022-3316: Insufficient validation of untrusted input in Safe
Browsing. Reported by Sven Dysthe (@svn_dy).
- CVE-2022-3317: Insufficient validation of untrusted input in
Intents. Reported by Hafiizh.
- CVE-2022-3318: Use after free in ChromeOS Notifications.
Reported by GraVity0.
* debian/patches:
- disable/angle-perftests.patch: drop most of patch.
build_angle_perftests=false is set in d/rules, so no need to patch
it and its dependencies.
- upstream/browser-finder.patch: drop, merged upstream.
- upstream/disk-cache.patch: drop, merged upstream.
- upstream/masklayer-geom.patch: drop, merged upstream.
- fixes/tflite.patch: drop, merged upstream.
- bullseye/clang13.patch: update for upstream switching from one
unsupported clang warning flag to another.
- disable/catapult.patch: refresh.
- disable/installer.patch: drop, as there's no real need to delete
chrome/install_static; there's no licensing issues and it's only
actually built on windows.
- upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs.
- upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs.
- fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that
was currently papered over by disabling libaom on arm. This new
patch (hopefully) allows libaom to be built for the armhf arch.
- disable/libaom-arm.patch: drop now that we've fixed libaom on arm.
- system/event.patch: remove some old unused bits that patch gn.
* Stop deleting chrome/install_static in d/copyright, and also start
deleting third party libraries that we began linking to in v105 as
well as tools/gn.
* Remove mgilbert as an uploader; thanks for all your work on chromium
packaging!
Checksums-Sha1:
eeb7933ae7c03070a58a5b23788f0201efa380bf 3586 chromium_106.0.5249.61-1.dsc
7a4e624a907d1d3a3cece2eca9b420e838d8b895 647344332 chromium_106.0.5249.61.orig.tar.xz
7c26d260b5a80926c4d29f615d5c84037f13f14a 212064 chromium_106.0.5249.61-1.debian.tar.xz
c04b5ace1358e9808cfb91c8d7b842b8146b86b9 20210 chromium_106.0.5249.61-1_source.buildinfo
Checksums-Sha256:
68a1803e11dee5071b4774db6026687a7213e35ea5772be8b0ffa978ac1f7c8d 3586 chromium_106.0.5249.61-1.dsc
06fdc419b7af543cc870581a34d205401c294e79b2b88d0c5307fbd33d94c4e0 647344332 chromium_106.0.5249.61.orig.tar.xz
21109b6b22caa6d7a9b39eb4945a8839d90404d19e935bafc01f84a3bee8f354 212064 chromium_106.0.5249.61-1.debian.tar.xz
b5e7b59a9998e5e0bd476df327e002ed40212f9e917b1e0b72b012189d51a8d6 20210 chromium_106.0.5249.61-1_source.buildinfo
Files:
9cd7f948c35da07529ec52c810ac8c79 3586 web optional chromium_106.0.5249.61-1.dsc
203e7beced2de971b2ff4b0cc474cd1c 647344332 web optional chromium_106.0.5249.61.orig.tar.xz
dbdce741cd58443472e1ea4d53ac2610 212064 web optional chromium_106.0.5249.61-1.debian.tar.xz
26d3875fb0fdaca8cd58e0d972b6735f 20210 web optional chromium_106.0.5249.61-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmMzRb0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjc2NQ//bh1ef4078Asq2Tq1h5RH221ZKLP/
NHXYkXoFN7bsMgO19lvTCMo3aZ9ifO2Qj54hShmDThTbgjNxTc3KlGrImoZSWbcc
JV+DY6i/EDAm3Pvs6I9Nqrm+tklVDHLDMc9BuuMbNx7cUs5JC+vLf3kSiStsQUP2
PNjatErOAcTrlwNnp52vH3lGmqvbRAk0gUSwtYanpDpwDsbKlz29e/F3nwLFtDci
ILQa7F6Oe83kk+WQrX2Bm8R36btFbYnbZQtaDDOxyEai+e+GgktPhmQJV2pZPSpV
UnUXaNDqwn7WU021HWo543XdyraVgfsudsi2m/lfpxOVEmeaqdWm7Qf5z51HHeTz
f8PoKZHRi05zO+8HFB5JgVmSPVY+zacDyp8l9JaIhjmGPLb/Lryk5RUBq9gru+F3
iUnR4sTkQ7CQv2EIi+Ld6zZXfIzVOFRpOPeyZLaFgU9GuNqid9vkeUN1aip0XHk8
LWJPHO54fstmgid8RLbNBkeJ0sToYQaYTzN5U9CjdDKiKkoPY8C2vqM7lqJr1EM7
Uq23sU2aXy94vtfHU53pAA/eciqEJSWQpzYvRHAtNN1dxhBM6TD+i5AgdX3m5MPU
jLzD8xWHWbuLoge3A7ewR0LeJtXMJ6cQqvPSp26MOmfmnooxTp9CxQoeEm3L+Ot/
6cNwhHhBoFjp+dE=
=+Jqq
-----END PGP SIGNATURE-----
Reply to: