-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 11 Jan 2021 17:04:13 +0100 Source: chromium Architecture: source Version: 87.0.4280.141-0.1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Jan Luca Naumann <j.naumann@fu-berlin.de> Closes: 979135 979520 Changes: chromium (87.0.4280.141-0.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload. * New upstream security release (closes: 979520). - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu - CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research * Use desktop gl implementation as default. (closes: 979135) Checksums-Sha1: 20283425af744575e71c221b5868c8ceb55fa6cc 3608 chromium_87.0.4280.141-0.1~deb10u1.dsc ef2fa29cf9558fc0afbd7791ea6ee8ef73ac37af 393840792 chromium_87.0.4280.141.orig.tar.xz ea3f1e325cd767960b111a4b7991913cb1e34956 190032 chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz 692f96e5a8b5ed229a3e4db06a9f0bf6fd6c3ed2 14897 chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo Checksums-Sha256: 66e5c7de3b32da717e59f92ff98b4c5f4c2f89ad88c289b29229d9030dbe1579 3608 chromium_87.0.4280.141-0.1~deb10u1.dsc 577a92da6e3caacd22b0b2aedc9dc7e895652f54ec3e0f615457357be099b2ae 393840792 chromium_87.0.4280.141.orig.tar.xz b3c314153aa1e99b6d56fe642cd849182adc29c911256d122b9154147ae86e84 190032 chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz 19389ede5dfb4e869f7f75e29c32db52b9695a03e22a6a0a2b97268d6e094192 14897 chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo Files: b4081d34b6e8314279a02c4e691308a2 3608 web optional chromium_87.0.4280.141-0.1~deb10u1.dsc c7f87e38af9193a5889c48e7922ac5a0 393840792 web optional chromium_87.0.4280.141.orig.tar.xz 1945a0f23f04c8ebeb64be8cfed8f4cd 190032 web optional chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz 0578b84ec013fcc2fb86662f3995b647 14897 web optional chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl/9sTIACgkQCBa54Yx2 K63dmQ/+IOCzeFfUyJ6yJmnCPHE4wlHH1dB93/+4pN6L4fo/smmkudXyujRmDKH5 p5KcXIxGwosynAmDYz7NsLfh1K6ESVnUhwXHpCZH8fREjqPDe6X6P4qC3HYFZ2t+ +6yyDuz2owzwOmNpwn0dGK7MsCOsB2OneYSVCYjy4qKA4DZigB6S8//G4H+iq/uA s9pJRKjCmmho9PrsN10r1QrsOizU3GBnT8myK+vtjKB9vFMkjCne58SKV2kXG/lf pXOPmUze1r+2SlYm0eA9vs2lpzb70oJQas2WnvIwuW6OpHogSGybuT3hoOTR8pDF LivsZz7UZOP4eWbhxhjLuJbyXZ+XM6/6lxP1NW1PlY+scoWcpr19vSOJecGPP0/b 21wjCGaFGA04M/ab4/Ubx8BhIWtqprc7ineKkz7QO5prd3TN/qkzVnaP/yLzs4vv H9CO/20ebYqoTAgJT9nP/vCDKZ22mBN1NeCUPt/84qdO/AoXmibJGMGIsexYUGKR t4+xg3vstUagEvRYoz1mIhYy8V+ID76jWsek/m5I1d0NZBNRCSmwq9w0W/hA1fYB iWQa/kny3QLEEco0ul5reKkN5ZK9zNzaix20qoHJttJFp0lRi2ywJtZcpOqMh+TQ mH5dZHaOuKYbjNG7ghqjn9HCKb1DeeCZFSe75Rs7PaSxyLYK840= =IEn2 -----END PGP SIGNATURE-----