-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Jun 2020 23:52:43 -0400 Source: chromium Architecture: source Version: 83.0.4103.116-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Changes: chromium (83.0.4103.116-1~deb10u1) buster-security; urgency=medium . * New upstream stable release. - CVE-2020-6423: Use after free in audio. Reported by Anonymous - CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera - CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han - CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov - CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn - CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang - CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra - CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg - CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg - CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey - CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa - CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown - CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg - CVE-2020-6448: Use after free in V8. Reported by Guang Gong - CVE-2020-6454: Use after free in extensions. Reported by leecraso and Guang Gong - CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong - CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6459: Use after free in payments. Reported by Zhe Jin - CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous - CVE-2020-6461: Use after free in storage. Reported by Zhe Jin - CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin - CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial - CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh - CVE-2020-6466: Use after free in media. Reported by Zhe Jin - CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song - CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina - CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia - CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin - CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani - CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne - CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani - CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen - CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt - CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora - CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi - CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu - CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko - CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov - CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu - CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg - CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa - CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter - CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal - CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous - CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen - CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani - CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora - CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani - CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by Alesandro Ortiz - CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov - CVE-2020-6509: Use after free in extensions. Reported by Anonymous - CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich Checksums-Sha1: 1bbb80d7f58d63d50135cc2360f271a792461888 4298 chromium_83.0.4103.116-1~deb10u1.dsc fe6724f885443cfb9c6df713a2b04745fa064f12 319669076 chromium_83.0.4103.116.orig.tar.xz 47b84d38ca27aee8de0d2b2dbcdd057227bf163e 198432 chromium_83.0.4103.116-1~deb10u1.debian.tar.xz 8b9ef996a6a60ee6172cb9049353581bb5fc452d 22443 chromium_83.0.4103.116-1~deb10u1_source.buildinfo Checksums-Sha256: 9f91dc990f580a3e6b66cb52d9bfa8b27cfa8b422a5766f29b27b925710a23c2 4298 chromium_83.0.4103.116-1~deb10u1.dsc 6400ff677d26e5394d35c74d8102340faed6e8ebc39cc2975a74aa43f81b9190 319669076 chromium_83.0.4103.116.orig.tar.xz 847c98f84b32b3153121753eaa1c94e06ca1f269dcb2375c08688aac0cea8b67 198432 chromium_83.0.4103.116-1~deb10u1.debian.tar.xz 19c82a4d9d53a4a4e45d67c997cc3b70fa9fcb310fc4fd2da20683aafe2d8a9b 22443 chromium_83.0.4103.116-1~deb10u1_source.buildinfo Files: 53635de44dab5edacce604dd7276fa27 4298 web optional chromium_83.0.4103.116-1~deb10u1.dsc e501750231052fe64f7766ad2d33c7d4 319669076 web optional chromium_83.0.4103.116.orig.tar.xz 71d5cb6bc7e363deae8afe10836ad4b4 198432 web optional chromium_83.0.4103.116-1~deb10u1.debian.tar.xz 78b5e3cb621250d8bff7706064207462 22443 web optional chromium_83.0.4103.116-1~deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl76gBkACgkQmD40ZYkU aygn+SAAyyP9n98CArT0AFwD+ikKnc36v7g2B/4Lik00OS4sV96k2cHU9nlEzb/5 KKdLxhXhG4fJATaKUqoQNSkclqAf2sHdW6b9lgP0qw6DycqQno70NtWLTWeig/3q 5WqPe+dW+zLNASOJ8JOsyB5+5D92VKyn2Ggj3uLsWhYcjL+muFndYR1mK0O0snPv ZhWBjSUFv/rxjvW5p1nFUGM5B1tInqWLYHMTHWCCqXyxq8UvBTDSsYMVc0beERRV YAWKxVb3xwsowi4ZI0JEImSUmzmHwilgOdM8jb6EnLkpcBs3AoJ6IY+1LMLUlbUG v1iLb9+WsCgW/iIyCJauRuFerDiolmXlz0BFH887yGxsZ8pbk3v5xDy183AllCR6 vAwKw/10mcKf6oeMzYqp9Hz8//XbctETkPQ1V3+Aizkbl8KtjbCGPzAYyerZQ/5k T33CG0cTdwugBT+X40UmP0cYWXXazVOwlC1RF9R3gYgYLyAxdwqGXH9oh5auCBuE 6QePaAhv68fWdgSEBhUcQTtqJeQgnUhsNalLlMynfB0/snNeEVNL86fRVG3NicpB KnVUwR9tY4z0/nInDjcPP1AtfYA3Nrsu+UK6IznLkjpScQ9AON+wGChKxYflKXWp RdrL0XlhIbxwdnL0qYty8NBNAcS30HIVoZ1mEWL4xGXJu+LYLolNd3nYER5U3Mkj BfFGaH1/Ddiqgk6KAYuCAk46Qz8FEpSAdZxMMKRVyGlASnMhuP7EYOxA7p/t+Y9V IXKi4+UCVrf5suoZAU5PjmaWDSjMTc5TA4qVPv22nwg+LQn5SYO9MnMT9i+BT9Ci LUP6zHZwA9nr+WfxKf+36UJn6N21FdhMfOZO+bv6u3yZ21nAiqTiBNzDDhZxbqnP NanncMEnc6JGDvYWiyn5ImtP67o+Nl9i+JrF992Wrjiy697Ut/6YHEBnUfW2p6FJ 7US4o5xRZLN9o/n83YGI3qiSyaYlzHaAPwGAvNfvHPqV8Wb149vx8NECMdXN3OsN jQ+iYhu62dGUjd+pt7olFvTu2CvnDAkbNaf+FFZCisHHM85jh9WDBea2LYKQJ1D2 vgpmQYWhqhLyQ5AIKjOF1dyImKsL7gPKz6Gw5yUcS7COFJUW9k6MRjWfSAvoNQn5 N5eVx1M4rEyuAQHd13kPoSvDdwmc/RX/f9M8MTNykvYp0feKfzmc2mILYg954ck0 g70CnWH55ohBRfyERZlNKSNglygeeck3p4kFgJHR94a4MSzD98YfF3IEhg9O+C9F zTHR4ga20XQ0TBJtE65Bv/z+pSi6EhaJRu7YCbZ/iKqa8osG8YToC9L8K/j9d0kM IYdiMW61CPegX//n0vEq0xsLiaOShA== =9khH -----END PGP SIGNATURE-----