1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted chromium 104.0.5112.101-1~deb11u1 (source) into proposed-updat

    From Debian FTP Masters@21:1/5 to All on Sun Sep 11 15:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Tue, 16 Aug 2022 17:29:29 -0400
    Source: chromium
    Architecture: source
    Version: 104.0.5112.101-1~deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Chromium Team <chromium@packages.debian.org>
    Changed-By: Andres Salomon <dilinger@debian.org>
    Closes: 956012 1005808 1010407 1013268
    Changes:
    chromium (104.0.5112.101-1~deb11u1) bullseye-security; urgency=high
    .
    * New upstream security release.
    - CVE-2022-2852: Use after free in FedCM.
    Reported by Sergei Glazunov of Google Project Zero
    - CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy
    Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
    - CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim
    of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
    - CVE-2022-2857: Use after free in Blink. Reported by Anonymous
    - CVE-2022-2858: Use after free in Sign-In Flow.
    Reported by raven at KunLun lab
    - CVE-2022-2853: Heap buffer overflow in Downloads.
    Reported by Sergei Glazunov of Google Project Zero
    - CVE-2022-2856: Insufficient validation of untrusted input in Intents
    Reported by Ashley Shen and Christian Resell of Google Threat
    Analysis Group
    - CVE-2022-2859: Use after free in Chrome OS Shell. Reported by
    Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
    - CVE-2022-2860: Insufficient policy enforcement in Cookies.
    Reported by Axel Chong
    - CVE-2022-2861: Inappropriate implementation in Extensions API.
    Reported by Rong Jian of VRI
    * Change default search engine to DuckDuckGo for privacy reasons.
    Set a different search engine under Settings -> Search Engine
    (closes: #956012).
    * Drop a bunch of versioned build-deps that have been satisfied
    since at least oldoldstable.
    * debian/NEWS.Debian:
    - Document upstream dropping support for older TLSv1 and TLSv1.1
    protocols (closes: #1005808).
    - Document upstream dropping support for older x86 CPUs without
    SSE3 instruction support (closes: #1010407).
    - Document the Google to DuckDuckGo change.
    - Document upstream's config renaming of AuthServerWhitelist to
    AuthServerAllowlist (closes: #1013268).
    Checksums-Sha1:
    5d5eb921054933b891ad60d45bc0f6a18f190f1d 3647 chromium_104.0.5112.101-1~deb11u1.dsc
    d02954c54934e57b62c3bf0d5969e1148d0b1560 610982780 chromium_104.0.5112.101.orig.tar.xz
    31c79add8fb34b0d19b74c0e4e5e910fd348a127 210112 chromium_104.0.5112.101-1~deb11u1.debian.tar.xz
    a1903caafc303dff0faf5731f2a6ee977722bfc3 20790 chromium_104.0.5112.101-1~deb11u1_source.buildinfo
    Checksums-Sha256:
    7702ba45e1694c8da6b736810667ceda426a20235ea28f8ddf1d14b85bfa96fa 3647 chromium_104.0.5112.101-1~deb11u1.dsc
    c56a57a2e3f25ed3b5ad6e0f239171d5f8e534d35631b72ea23f33feb8519067 610982780 chromium_104.0.5112.101.orig.tar.xz
    d7236fcf2bff08eb1a6095a6dd64e49ab2fe4499e9685129415b60531bddcee8 210112 chromium_104.0.5112.101-1~deb11u1.debian.tar.xz
    2b7c7cdcfdf36fba2555807d0c257745caf5b262790313b730c24fba0d887b6e 20790 chromium_104.0.5112.101-1~deb11u1_source.buildinfo
    Files:
    17351ad3958890b44659b0768a9d3afc 3647 web optional chromium_104.0.5112.101-1~deb11u1.dsc
    6c34a263344736a464f7e385b64abc2c 610982780 web optional chromium_104.0.5112.101.orig.tar.xz
    872889bb097bc9cbfa4bf5d6d204a43e 210112 web optional chromium_104.0.5112.101-1~deb11u1.debian.tar.xz
    efe3c2498de064f10b04348626400e52 20790 web optional chromium_104.0.5112.101-1~deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmL8hcMUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8Nudjd6bA/8DkZV/qcFSFJgCmDKNWKS362orXCf nOfjZ+dqp60vEScC8TILcN5rj7tc7IdmggGcVJ2CAfpECC1ruSqgh4npRzdeQJEf c69PmRMjh9q/8hRh4n3OCi/lg4oneyWluwWcXxUW46le05zdQy7n3KBBgGSIIvZr VCnrWEboDQGcdjNIY8HvJFRsZcVzfhbpn2QnyGm/8lJaYmZquSBM0tgBCipjvgoH UXpFzPCgkRO8YWDIl2doP0pfxL1wcVM4TaDskyAvl0gvTDLpcNdgWUZ8q6YmKIj0 2CLijBUZpKa2hUGS+uel0sDlYeFj8WStNUqh+4wcaZdRh+ZhZG6J3TR9Z7tMA0PM s0H1/7PpfeyS2QR20osB1va4OHmpJhmKGYT1FMAnVxyJSeGwxDH3tw7uCEIRJ362 I8vPNWdOUhsf0PPsFKx9MLFLVcc/TqvlCAdZi+nMTTWAo1qZRdL3oC8oFF8g/k15 7R7pCWxtPvJinRTp14kAmy28uapcg1FLhk4Pzt+hqdqY4PcFjPh9OQU0sGve33Rr yKfMpIJ07EqQ72RLNCn2zI/YxS10Y8ViPdYBch/yeCIM5t+QEe7V1Ncaq3JcwDPE DG7ma3rpJ4YfdnubJcInYn05BA8zPBHRAKCQ+aPw8xq5MBm4SacyKMeg0uZqFTHc yVOdJwVl2NJCsug=
    =O33K
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)