1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted chromium 110.0.5481.77-1~deb11u1 (source) into proposed-update

    From Debian FTP Masters@21:1/5 to All on Fri Mar 10 11:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 08 Feb 2023 00:20:01 -0500
    Source: chromium
    Architecture: source
    Version: 110.0.5481.77-1~deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Chromium Team <chromium@packages.debian.org>
    Changed-By: Andres Salomon <dilinger@debian.org>
    Closes: 1030160
    Changes:
    chromium (110.0.5481.77-1~deb11u1) bullseye-security; urgency=high
    .
    [ Andres Salomon ]
    * New upstream stable release.
    - CVE-2023-0696: Type Confusion in V8.
    Reported by Haein Lee at KAIST Hacking Lab.
    - CVE-2023-0697: Inappropriate implementation in Full screen mode.
    Reported by Ahmed ElMasry.
    - CVE-2023-0698: Out of bounds read in WebRTC.
    Reported by Cassidy Kim(@cassidy6564).
    - CVE-2023-0699: Use after free in GPU.
    Reported by 7o8v and Cassidy Kim(@cassidy6564).
    - CVE-2023-0700: Inappropriate implementation in Download.
    Reported by Axel Chong.
    - CVE-2023-0701: Heap buffer overflow in WebUI.
    Reported by Sumin Hwang of SSD Labs.
    - CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri.
    - CVE-2023-0703: Type Confusion in DevTools.
    Reported by raven at KunLun lab.
    - CVE-2023-0704: Insufficient policy enforcement in DevTools.
    Reported by Rhys Elsmore and Zac Sims of the Canva security team.
    - CVE-2023-0705: Integer overflow in Core.
    Reported by SorryMybad (@S0rryMybad) of Kunlun Lab.
    * d/copyright: libpng16 binaries are gone, no longer need to exclude them.
    * d/scripts/unbundle: drop libjxl, which is dropped upstream. Add absl_log*.
    * d/patches:
    - debianization/optimization.patch: drop. This is unnecessary, as
    Debian's optimization flags override Chromium's by default.
    - disable/android.patch: upstream removed android_crazy_linker, so we can
    remove half of this patch.
    - disable/catapult.patch: refresh.
    - disable/google-api-warning.patch: refresh.
    - upstream/mojo.patch: refresh w/ what's in 110.
    - system/openjpeg.patch: completely rework due to upstream changes.
    - upstream/clamp.patch: backport a build fix.
    - upstream/blink-dbl-float.patch: another build fix.
    * Drop unused use_allocator="none" argument. This was used previously
    to switch from the default "partition" allocator. Upstream dropped
    the build flag in chromium v109. So in v109 we switched to the default
    "partition" allocator and I don't think anyone noticed, so let's just
    leave it on. Report issues if you notice any.
    * Disable v4l2 on bullseye; I forgot that it doesn't have new enough kernel
    headers (closes: #1030160).
    .
    [ Timothy Pearson ]
    * d/patches:
    - Refresh ppc64le patches for v110
    - Add upstream patches to fix build errors when use_custom_libcxx=false
    - Drop stack smashing fix patch for ppc64le due to fix included upstream Checksums-Sha1:
    7af64cb41bdab8092c39883903c5b02012a8a455 3801 chromium_110.0.5481.77-1~deb11u1.dsc
    b82794a9a4ac3a524d8cec99b1a1a049ca368785 642934776 chromium_110.0.5481.77.orig.tar.xz
    084b55422b9cc82b60f77ae6acdb9d4658a348a4 300932 chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
    c6ba1d67b77b983eaf31961c4d102e0df7b25705 21293 chromium_110.0.5481.77-1~deb11u1_source.buildinfo
    Checksums-Sha256:
    c11bec445b48655a11b811eec8814c7b5280d505ac6da99e809394f15b4392e7 3801 chromium_110.0.5481.77-1~deb11u1.dsc
    0a1933a34b0b30376c917f96e9c3fa97683979ab18c86ea63ccc19597795ac5a 642934776 chromium_110.0.5481.77.orig.tar.xz
    e388d6be7b9c7d893712171790b92fc3cdc0655ee18eeb3247c693c2ef70b8b5 300932 chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
    b32ccd6a948b39bb06feea91891062c14bea243c48ff4726ab7e388c4e584e3f 21293 chromium_110.0.5481.77-1~deb11u1_source.buildinfo
    Files:
    349a0357aaa89a20c32d9b453786bc63 3801 web optional chromium_110.0.5481.77-1~deb11u1.dsc
    74e5f70aa56fa2f194eede321eb9454c 642934776 web optional chromium_110.0.5481.77.orig.tar.xz
    d2c5e225e0c629560d18ee3dc2d9a358 300932 web optional chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
    c72d97921afbb37cf83047675c4aa141 21293 web optional chromium_110.0.5481.77-1~deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPjOcMUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcsMRAAsiscVrTqbAi4Vh76zxWtlvM7Dgzc fuKGjANiAMOVpZGPJSR2PQYUha3ZS3aSS6BBuCuPUJwaamGsZiwFLdRzBb/Lo5xx 8895siW9nt2YwPn+6gqnzr4YDM8aG8f4RJkbsMM2Bc4qp/xZyQBsNaOMRKlq6Emt j+ewJgIOF4J7Vefy6sOULUrIvRGXuNFDKdwzzRNuNwshT4ETxSJsn+yLnQPXpsMc Pn7UXbnQfQxWUeEmjS95S43AMqWXIukSZg6VosNlP0efuj+BH0hr4AAgr8M3rmHE 2LLM2CfUq8DYQ+QdJcnxtTu2wbCkb7UNibBkSREBBPck4p4V6PTmubkjF8JimPyJ /DICRonJwUkAbWlbd0q8lijveF1KFu6vbk7SFPoo26kcN5U3vRNgxLpLLOSrIgqg wL6yDodGJwdNDREJsxZtbdh8VRjw3AWRKwvWBzZrS3ureJQ1D0xh0GfqjY+MT+vv noLBxF0TSkPbQTTOY6sAHpuI3WB3nng4Zgh/AbPSzIVytS4LcdbyEqvMN/3/A/A4 wmBt1vbZWp7jso+0voB+MpXkyOn5nXNnQn62YQnXFJUfxtTujXfXtF3okR7tQxLp ABGAB2jQtLFykm91g1XjYE0H+EKPdK43ayxEMeTwHSwuNrVKvFxDai+ZmAzxkYh0 V8zO7Pi7FP/K5QM=
    =gIS2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)