1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted chromium 104.0.5112.79-1~deb11u1 (source) into proposed-update

    From Debian FTP Masters@21:1/5 to All on Sat Aug 13 20:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Thu, 04 Aug 2022 21:39:17 -0400
    Source: chromium
    Architecture: source
    Version: 104.0.5112.79-1~deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Chromium Team <chromium@packages.debian.org>
    Changed-By: Andres Salomon <dilinger@debian.org>
    Changes:
    chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high
    .
    * Build with Clang 13 instead of the bullseye default of Clang 11.
    * New upstream stable release.
    - CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous
    - CVE-2022-2604: Use after free in Safe Browsing. Reported by
    Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
    - CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang
    - CVE-2022-2606: Use after free in Managed devices API. Reported by
    Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
    - CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel
    - CVE-2022-2608: Use after free in Overview Mode.
    Reported by Khalil Zhani
    - CVE-2022-2609: Use after free in Nearby Share. Reported by koocola
    (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
    - CVE-2022-2610: Insufficient policy enforcement in Background Fetch.
    Reported by Maurice Dauer
    - CVE-2022-2611: Inappropriate implementation in Fullscreen API.
    Reported by Irvan Kurniawan (sourc7)
    - CVE-2022-2612: Side-channel information leakage in Keyboard input.
    Reported by Erik Kraft (erik.kraft5@gmx.at),
    Martin Schwarzl (martin.schwarzl@iaik.tugraz.at)
    - CVE-2022-2613: Use after free in Input.
    Reported by Piotr Tworek (Vewd)
    - CVE-2022-2614: Use after free in Sign-In Flow.
    Reported by raven at KunLun lab
    - CVE-2022-2615: Insufficient policy enforcement in Cookies.
    Reported by Maurice Dauer
    - CVE-2022-2616: Inappropriate implementation in Extensions API.
    Reported by Alesandro Ortiz
    - CVE-2022-2617: Use after free in Extensions API.
    Reported by @ginggilBesel
    - CVE-2022-2618: Insufficient validation of untrusted input in
    Internals. Reported by asnine
    - CVE-2022-2619: Insufficient validation of untrusted input in Settings.
    Reported by Oliver Dunk
    - CVE-2022-2620: Use after free in WebUI. Reported by
    Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
    - CVE-2022-2621: Use after free in Extensions.
    Reported by Huyna at Viettel Cyber Security
    - CVE-2022-2622: Insufficient validation of untrusted input in
    Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean
    - CVE-2022-2623: Use after free in Offline. Reported by
    raven at KunLun lab
    - CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG
    CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program
    * debian/patches:
    - bullseye/nomerge.patch: drop, was only needed for clang-11.
    - bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch.
    - bullseye/blink-constexpr.patch: drop, only needed for clang-11.
    - bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11.
    - disable/angle-perftests.patch: refresh
    - disable/catapult.patch: refresh & drop some no longer needed bits.
    - fixes/tflite.patch: fix a build error.
    * debian/copyright:
    - upstream dropped perfetto/ui/src/gen/.
    Checksums-Sha1:
    f47757475b1d66c4a630171a9c9abd373f2a135f 3698 chromium_104.0.5112.79-1~deb11u1.dsc
    a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz
    54f0e8ff77b4dba5a147bf5fa6c159cee62f833c 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
    b8cfcf768107ca5744e5d29a743eb5385bdb67da 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
    Checksums-Sha256:
    145a78afaa76b4179726029b584385ba626119cf0c441d4465e410c604cbbed9 3698 chromium_104.0.5112.79-1~deb11u1.dsc
    304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz
    5cb48f4bab0280d51d6a311078e55bb7a4904d833b25a7eb2d1f34b2284a9747 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
    5b93c38d3bc1d3ea91d12a41817fc7b4b27a14929eed2eff2744d75f5db118f8 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo
    Files:
    63a5bedae560c5a1753965c747702ffc 3698 web optional chromium_104.0.5112.79-1~deb11u1.dsc
    13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz
    2fd7001a0988f4f8e8bdeaadb30c70b9 209296 web optional chromium_104.0.5112.79-1~deb11u1.debian.tar.xz
    68c98de97ab9346087aff506c2c4a87e 20762 web optional chromium_104.0.5112.79-1~deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLsga4UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcrzhAAxgkLsI1OXBS06eHgfoQmKRPaWXNN Z1+5DUof4NeqorbAPyNljz9W8G2m/MtWJVT2vj3a3+BhS9Pqt3EUg7eIZCG0tCy+ ZPLJTt9Q90NoX787HztZQZUepgV+IUFZED81XJ9hNHvcjKBlv/u3sfwODv/5KSqg 5U3mtEosJIx9eskyZjlgu5Ix8UClHG/UwtiOlDy2pHRlU14wKoJZOmwlxcWp4xm6 jTXK02Q+oob6HRMg32n0gicAT5MMmHF03M6UChxUmlgmoXLnGSxVGiPFqmb/UBhn 2+PZ09+AuHDdmrdGpQVJanGI5SQCJ19QdzzszTNjPUk9Xzm4aZrRa9je1DgptUAt NHQPLh4Cvbva/3uvqhGA2k9ZY8/uoCRK7O4tWTp2bFY2z5mRCJvgMLcvXL7UBPok nQRzr7uh5OzukDbmsUoH4GAhZo7UJAWf/oLFSHF9m2TzfL2rOKbU8COZ4qQ6BMla As78Gkpt0jPQWoZiZWfksWveS0Soy3IhkoAU9YBG3aYG3ydOiMSXZXGQjqrjv9UK c90tbjtuINKjdvTQ0z3HTSf06XCNmyoTucLjyN5GtIv0tUKjMVtIFxQzrarltuPS dQu9UWbvJ4BA2UrcACB+S8R6pNv+h+KIjqHFgox/Cz9baf+n4Qj/aS+tSvD8y2FT GZGXQiHlLz8kR1k=
    =Nkxg
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)