Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 88.0.4324.96-0.1 (source) into unstable
Date: Thu, 21 Jan 2021 23:34:38 +0000
Signed by: Mattia Rizzolo <mattia@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Jan 2021 23:23:08 +0100
Source: chromium
Architecture: source
Version: 88.0.4324.96-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michel Le Bihan <michel@lebihan.pl>
Closes: 980564
Changes:
 chromium (88.0.4324.96-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream stable release (closes: 980564).
     - CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported
       by Rory McNamara
     - CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler
       Nighswander @tylerni7 of Theori
     - CVE-2021-21119: Use after free in Media. Reported by Anonymous
     - CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang
       @eternalsakura13 and Guang Gong of 360 Alpha Lab
     - CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang
       Gong of 360 Alpha Lab
     - CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan
     - CVE-2021-21123: Insufficient data validation in File System API. Reported
       by Maciej Pulikowski
     - CVE-2021-21124: Potential user after free in Speech Recognizer. Reported
       by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin
       Group
     - CVE-2021-21125: Insufficient policy enforcement in File System API.
       Reported by Ron Masas
     - CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of
       Project Zero
     - CVE-2021-21126: Insufficient policy enforcement in extensions. Reported
       by David Erceg
     - CVE-2021-21127: Insufficient policy enforcement in extensions. Reported
       by Jasminder Pal Singh, Web Services Point WSP, Kotkapura
     - CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong
     - CVE-2021-21129: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
     - CVE-2021-21130: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
     - CVE-2021-21131: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
     - CVE-2021-21132: Inappropriate implementation in DevTools. Reported by
       David Erceg
     - CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by
       wester0x01
     - CVE-2021-21134: Incorrect security UI in Page Info. Reported by
       wester0x01
     - CVE-2021-21135: Inappropriate implementation in Performance API. Reported
       by ndevtk
     - CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by
       Shiv Sahni, Movnavinothan V and Imdad Mohammed
     - CVE-2021-21137: Inappropriate implementation in DevTools. Reported by
       bobblybear
     - CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang
       @Krace from Codesafe Team of Legendsec at Qi'anxin Group
     - CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported
       by Jun Kokatsu, Microsoft Browser Vulnerability Research
     - CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri
     - CVE-2021-21141: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
 .
   [ Jan Luca Naumann ]
   * Add watch file.
 .
   [ Mattia Rizzolo ]
   * Change get-orig-source to produce reproducible tarballs.
Checksums-Sha1:
 6592da53ebc6f754bcc57ad1447a81d0986acb02 3569 chromium_88.0.4324.96-0.1.dsc
 c324a7b157c49e34d64264f469e02004ff2a0e32 393181596 chromium_88.0.4324.96.orig.tar.xz
 8966062ec58f45e6a8df96d9a22bf18abbfe44b2 180912 chromium_88.0.4324.96-0.1.debian.tar.xz
Checksums-Sha256:
 0ced990e1f388e376e4ccefc288442c1e95d08bb6105db4d9d7d2dcb5383e96e 3569 chromium_88.0.4324.96-0.1.dsc
 ac6cce22a59330a16fc491c89140c86667a093a366b402f19d4e4bb9887246b4 393181596 chromium_88.0.4324.96.orig.tar.xz
 e7f6fb83a6d27e1e94fe966f30060f5685da943def8f0daf2533c8e82e3db3de 180912 chromium_88.0.4324.96-0.1.debian.tar.xz
Files:
 3fcf85af613056200236d37bf8a8cb78 3569 web optional chromium_88.0.4324.96-0.1.dsc
 513fa173068f1bd542ec51a67b68cc32 393181596 web optional chromium_88.0.4324.96.orig.tar.xz
 f58688b764ca9b280697f41675702ac9 180912 web optional chromium_88.0.4324.96-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmAKDFYACgkQCBa54Yx2
K63paw//btIR2hphWyl1N0ltSRdzv36LUdXvYa2VpSt0d+fjjpgecFuBFT4pnhX0
+5cfOBUnSJuDF5DSAlYSJ0PG21MNyVB6YVPTtwQlPWwyXeOPi8hykacPOMWPLBfp
LQacit72REx9Le65QwwG10fKBLQIVAqNk+PMCl4b856jsbLGOIkJ66XCmyES3FxK
XXmR/O2MoVF8mZWZmVECVXW/MGvLXb3WB24bEaqTUQ7Hx+dXSDEtc1w4LbhB8bGf
XiXizSoR0QRplP/ku5G6Quzi75cHAZwk77cbto1RjVopkogNfgdn1rmFT+XnOBEO
1Ww93/IGz1RMj3NeuQTIDydGQ1zlTFf0mxkNflp+HMj1DDrB54raO8S3V7NStKe1
OLo5RkmCpdSTnu82pJzlMin6CdXxPEgVi6WneUmoCHRQNND3iAfUmLDUZuKXFxh/
B8IOmaDVhGVe0xfWACaUxyJ11PsoQEsbGyZ8FRuhnxJnozL8NZcSs5YtRGjCHRoP
1xHeTYnd3FiJ2mDwMgzPTzE2O94OUig89BX65yv4/bgpUkpX7FboEB1qoiJvcuTq
BhZxPhSMbSg4J6dQB0HZqapHjZfTH10MikHSOS5zOnePXD6zHVwkd53tBhdEgSXX
YsFcnsYXHp9SLJOY+QYEqvaLmbacRRYNuQPhVl4ImPlNGr5Id9Y=
=Z4xo
-----END PGP SIGNATURE-----
News for package chromium
