Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 89.0.4389.114-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Tue, 13 Apr 2021 13:47:08 +0000
Signed by: Michael Gilbert <mgilbert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Apr 2021 13:39:43 +0000
Source: chromium
Architecture: source
Version: 89.0.4389.114-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
 chromium (89.0.4389.114-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream security release.
     - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
       Zhani
     - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
       'Icewall' Noga of Cisco Talos
     - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
       Zhani
     - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
     - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
       Alison Huffman
     - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
       Huffman
     - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
       Huffman
     - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
       Guang Gong
     - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
       Luan Herrera
     - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
       and Moon Liang
     - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
     - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
       Reported by Irvan Kurniawan
     - CVE-2021-21172: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
     - CVE-2021-21173: Side-channel information leakage in Network Internals.
       Reported by Tom Van Goethem
     - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
       Ashish Gautam Kamble
     - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
       by Jun Kokatsu
     - CVE-2021-21176: Inappropriate implementation in full screen mode.
       Reported by Luan Herrera
     - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
       Abdulrahman Alqabandi
     - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
       Japong
     - CVE-2021-21179: Use after free in Network Internals. Reported by
       Anonymous
     - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
       Alqabandi
     - CVE-2021-21181: Side-channel information leakage in autofill. Reported by
       Xu Lin, Panagiotis Ilias, Jason Polakis
     - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
       by Luan Herrera
     - CVE-2021-21183: Inappropriate implementation in performance APIs.
       Reported by Takashi Yoneuchi
     - CVE-2021-21184: Inappropriate implementation in performance APIs.
       Reported by James Hartig
     - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
       by David Erceg
     - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
       by dhirajkumarnifty
     - CVE-2021-21187: Insufficient data validation in URL formatting. Reported
       by Kirtikumar Anandrao Ramchandani
     - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
     - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
       Khalil Zhani
     - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
     - CVE-2021-21191: Use after free in WebRTC. Reported by raven
     - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
       Abdulrahman Alqabandi
     - CVE-2021-21193: Use after free in Blink. Reported by Anonymous
     - CVE-2021-21194: Use after free in screen capture. Reported by Leecraso
       and Guang Gong
     - CVE-2021-21195: Use after free in V8. Reported by Liu and Liang
     - CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil
       Zhani
     - CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman
       Alqabandi
     - CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand
     - CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang
Checksums-Sha1:
 fd0c9626b5e868144d3abd6d0521b2aa0ce762ba 4298 chromium_89.0.4389.114-1~deb10u1.dsc
 2117178efd6b46359b9b030cacfd56e8b464bf99 433035976 chromium_89.0.4389.114.orig.tar.xz
 86b188e09f8a787885657a68943968d8d8f29e04 218976 chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
 a5fd0f1f02838118b33b401ff8dbf0dc2f127673 22879 chromium_89.0.4389.114-1~deb10u1_source.buildinfo
Checksums-Sha256:
 5415e1933922329125fd1311486b9a8ea72b954fa4789e726fba0256cf68ca68 4298 chromium_89.0.4389.114-1~deb10u1.dsc
 c8451a7fe5528815b2167807138c3fa09ea3dfbdf7db5f1096fcffb75d1a1a1d 433035976 chromium_89.0.4389.114.orig.tar.xz
 274d561903e769825e5ac067625ed1833da03f7cee0b27629d95f4b1874c8a29 218976 chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
 6ccff226ff9435f7fe7d4e91ddab375fdb284f20aef52a309326cd79d8133ccc 22879 chromium_89.0.4389.114-1~deb10u1_source.buildinfo
Files:
 e8783082a766e67a8b7c5c346b84564f 4298 web optional chromium_89.0.4389.114-1~deb10u1.dsc
 0c177df9432fef5f9139414ff91da915 433035976 web optional chromium_89.0.4389.114.orig.tar.xz
 d9a0cc4cd2a21f31e1ff3eb18467dc59 218976 web optional chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
 17c984e1a1c241a511dea4f6aff312c6 22879 web optional chromium_89.0.4389.114-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmBqV0IACgkQmD40ZYkU
ayh0MR//ctvrlWp9n4t0XdO6Ey9d2yPnu2KiAz9TWrhjmNfoO+esnWBCqieSasOu
xcNN0uHDxlqQkkeWSOAP+TXdh2KMJF4Xhmr6Y+c4uSkPoIbdz7ExGyIz2aD6bGfJ
X+Tiynx89sVMJoVoVQrxDr3g9m+iP98cSwXuwjuDMq7by9Mi3YDdXaZpMGp7G0sR
T6yu2Yg2NgK404NTLnAQjqdf88ftYEibNK0fnKRYsDzC7R+bmquc3LpqrQQkG3nG
i6SQ6szrrkfYmqzrIIzHUGORuefkM/v8a6SckfWN9ZCFtSzxBscFhpA4PmywAkLd
4DJ0/h8qtoN8ahm4sApxqZkKh/6piSMBcpMGeqjUsK97eRqBqcmxw3DXjShXQ0V6
HeXcx5pIlfRGYEJXktYRFvz+KRmxJPqOkxxoqdbqudZP1Tv0r2/BQszyAMmDzc9d
6sbArtUvh/k7IHcG1kQM4uO4myMbbsy8pRmgXR17ToA+fBPh1xiz9y1pkZ5fqEH7
vrT2BdKwXp5Yv3ed8bFbG6pJsxVnDWHARmvb7ELIwcuzbmGlC+jio22gl6wgq73b
BMQbAzTQF9Xb1z879BxJtb5Azj4Wd0YX+oT2oLt6ZDXKIl9RLNINL2+KpSvAxqnT
O3kN7THeYwiDbJCmmD/16fiYkz3Iwnh9XWjepqiGL7fnC86ecb7jbAQNq/e1LTmz
qUQjzBkRfiwecY4oHmyZMTbudJ9QOT/kqV9goXEjT20dSBo72G+zgJR14QXlKe4D
pmIjKb/sZcWipA2KDAWc95FTIFSlwI+yZSrZ5O6WAXJsFqOjp4zgCR9vbWqPteHx
tF/vnr+DNluN4gEpZbJvfWwcc5WgeTPZ2crvlepQmqdzvtCaxACuo7c6r1imSain
wZI639+EWPDu6decQxbPr/YwbFGSIkpmJyFQiRW8VzYQU+uZrxJ7NlR/qeXjMZf4
tJD3+8yagu9ZpR/as3FY0nAWmoZjKGlqW2VnB1GD8xtcn/YJHRY7fbaNvlGh3LvH
fYZpqFiBqEMDOcMGAa8jI6sXK6GOOzxc55ig36JO396FH2wfJcuRlzCARt1pNzsV
jBTBfJVij0V5FEk++mt4ANyb/MbNpW+Upsq3Iq4Ph9NQJnU3u9jKfEf5TRgOsfmx
eXB4+/m37HomjmXOfxztDwCqOsRpVhq6fFIzCmv24uDaIzRhhS2UIB8vRQOhfsgT
VEE/OttiIHxdTuZyAOLcVmk4GY8fuuOWArmE83ZLC4F0vJCTUf70AQZemB79P87q
xuncC8hEcyH6sI8HdRC9ZfwYUNzYpyeM+DV6SWQvXaeABp45zxs07ZWcBQNye1JW
H/nuKeWMUpJ4KSi+W7a8etrg0FcCDQ==
=CreX
-----END PGP SIGNATURE-----
News for package chromium
