1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted chromium 109.0.5414.74-2~deb11u1 (source) into proposed-update

    From Debian FTP Masters@21:1/5 to All on Tue Jan 17 15:40:02 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Thu, 12 Jan 2023 18:23:51 -0500
    Source: chromium
    Architecture: source
    Version: 109.0.5414.74-2~deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Chromium Team <chromium@packages.debian.org>
    Changed-By: Andres Salomon <dilinger@debian.org>
    Changes:
    chromium (109.0.5414.74-2~deb11u1) bullseye-security; urgency=high
    .
    [ Andres Salomon ]
    * d/patches/bullseye/clang13.patch: don't use -gsimple-template-names in
    clang arguments, as it doesn't work with clang-13.
    .
    [ Timothy Pearson ]
    * Fix crashes in dav1d during video playback on ppc64le
    * d/patches:
    - Apply upstream dav1d ppc64le fix from videolan merge request #1464
    .
    chromium (109.0.5414.74-1) unstable; urgency=high
    .
    * New upstream stable release.
    - CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani.
    - CVE-2023-0129: Heap buffer overflow in Network Service.
    Reported by asnine.
    - CVE-2023-0130: Inappropriate implementation in Fullscreen API.
    Reported by Hafiizh.
    - CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
    Reported by NDevTK.
    - CVE-2023-0132: Inappropriate implementation in Permission prompts.
    Reported by Jasper Rebane (popstonia).
    - CVE-2023-0133: Inappropriate implementation in Permission prompts.
    Reported by Alesandro Ortiz.
    - CVE-2023-0134: Use after free in Cart.
    Reported by Chaoyuan Peng (@ret2happy).
    - CVE-2023-0135: Use after free in Cart.
    Reported by Chaoyuan Peng (@ret2happy).
    - CVE-2023-0136: Inappropriate implementation in Fullscreen API.
    Reported by Axel Chong.
    - CVE-2023-0137: Heap buffer overflow in Platform Apps.
    Reported by avaue and Buff3tts at S.S.L..
    - CVE-2023-0138: Heap buffer overflow in libphonenumber.
    Reported by Michael Dau.
    - CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
    Reported by Axel Chong.
    - CVE-2023-0140: Inappropriate implementation in File System API.
    Reported by harrison.mitchell, cybercx.com.au.
    - CVE-2023-0141: Insufficient policy enforcement in CORS.
    Reported by scarlet.
    * d/patches:
    - upstream/re-fix-tflite.patch: drop, merged upstream.
    - disable/catapult.patch: refresh
    - disable/angle-perftests.patch: refresh
    .
    [ Timothy Pearson ]
    * d/patches:
    - Regenerate ppc64le configuration files from source
    - Fix register corruption in v8 on ppc64 systems
    Checksums-Sha1:
    abac30a274d94f6502bf965229f9f0a9768eaff4 3801 chromium_109.0.5414.74-2~deb11u1.dsc
    adba23110c9c93cbbd4a7a16fa51823c06455e45 627758412 chromium_109.0.5414.74.orig.tar.xz
    aa82f88e4396713e2c51e2a02941b675b0551de5 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
    a44b92d1f7c49ae1634773b66fd407e4b09ad051 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
    Checksums-Sha256:
    f4b050c4a0b33f994f0c89bc4703c5df89a8073733cc047e69357ab590c62ec8 3801 chromium_109.0.5414.74-2~deb11u1.dsc
    5cd1efa161a61d5a44c46e77ee17fa94ab26232ce5832dca00d5b4726d0b8020 627758412 chromium_109.0.5414.74.orig.tar.xz
    27e0064034f4492faeb22bdcc9fd202d2de3188ae91680352c03cd208b7e7ca4 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
    8b7a3b76b89db866242f5061f99b34d238d3637490a0d60f10dd8341244c03b0 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
    Files:
    c27e04c7cbc1dbef32a58c60f24b0702 3801 web optional chromium_109.0.5414.74-2~deb11u1.dsc
    82ecc27de0c1a7ad840ce7f740de6b32 627758412 web optional chromium_109.0.5414.74.orig.tar.xz
    953833ff9153154ae83a2571ad7ac203 296028 web optional chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
    594f2566536cfaee61587935c3997dea 21269 web optional chromium_109.0.5414.74-2~deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPAuN0UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjfnQg/+PnQrUeHm4Ybsgfk45d55jhVV/YwV 1QRMLTZxQSWbXfl+wROdzxHpm5zZC+UmCvBwnBKkINc1abewTr4OEV8w192JJMkb JrsnwkhMfWaswca8XOldpMied8/DsitVEmaDIlWfKvF3tvawG+GMItmeJFOi9Ix5 HiAH6yCX4HliVpRhMkgEV/3rEtI+rh5ovd53CysE+ImSVQ6oCmXDpiNE9VxSK40S mHscRGbugfYHF7HJbHZqf7IRExlps7QwwqIq+a/s+5vvse/VGooj3AO9eAfkFfoz fs24+SfTJSexPDw+5tr6yc7IO1yG81Wvw0esDbl6H7oo2Iq8Ah0RBV9GB4Y0fsYk D+GSievSyIX7VbwfZkrlrybVV1fbqMxP8SFv+nkcT/zugu5dTIG2eIyMs2adrvUj ygJC96WOYDLlufu6bHVk8nE9QLnrS+nA866o3uEz2TI47nyW1tbChniEjGcDm+Uj JEYlm2IaRTqpt3qLfn/UtwLktf181S9/wx45jDAY5rCjzrqsMAdbEWHJsf9nvv7R zFHNNALOoJRc/a5+eF7CZ3ml4Ew79QHQwTsJCbN8SOrcwv+DUEoFmt15e4qpWLFl ClAD5R6bERVo846cA3nnVBq7ZlGDyrKxnsaryb5ajnT3aqWSCbmrDMK4LxyD9Ss5 qVKb304HEcFwVbs=
    =Igqx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)