Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 90.0.4430.72-1 (source) into unstable
Date: Tue, 20 Apr 2021 12:34:36 +0000
Signed by: Mattia Rizzolo <mattia@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Apr 2021 19:13:47 +0200
Source: chromium
Architecture: source
Version: 90.0.4430.72-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michel Le Bihan <michel@lebihan.pl>
Closes: 987053
Changes:
 chromium (90.0.4430.72-1) unstable; urgency=medium
 .
   * New upstream security release (closes: #987053).
     - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu
       and Jianyu Chen when working at Tencent KeenLab
     - CVE-2021-21202: Use after free in extensions. Reported by David Erceg
     - CVE-2021-21203: Use after free in Blink. Reported by asnine
     - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek,
       Jeanette Ulloa, and Emily Voigtlander of Seesaw
     - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported
       by Alison Huffman, Microsoft Browser Vulnerability Research
     - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
       Reported by Guang Gong of Alpha Lab, Qihoo 360
     - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola
       @alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab
     - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by
       Ahmed Elsobky @0xsobky
     - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom
       Van Goethem @tomvangoethem
     - CVE-2021-21210: Inappropriate implementation in Network. Reported by
       @bananabr
     - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by
       Akash Labade m0ns7er
     - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by
       Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong
     - CVE-2021-21213: Use after free in WebMIDI. Reported by raven
       @raid_akame
     - CVE-2021-21214: Use after free in Network API. Reported by Anonymous
     - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by
       Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by
       Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting
       @zhouat1 of Qihoo 360 Vulcan Team
     - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting
       @zhouat1 of Qihoo 360 Vulcan Team
     - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting
       @zhouat1 of Qihoo 360 Vulcan Team
Checksums-Sha1:
 1306ee2f2f9540e4032229cd365fe757635e39ce 3639 chromium_90.0.4430.72-1.dsc
 06bae6a43b77f0edc3078111ac0b8af3cd05a2fc 450807884 chromium_90.0.4430.72.orig.tar.xz
 6c0bf6d16db729fc0cd00748babab805d9bd38a3 217160 chromium_90.0.4430.72-1.debian.tar.xz
 84c798e7a6976d3a360d8c924e60014ca2eb2a92 14741 chromium_90.0.4430.72-1_source.buildinfo
Checksums-Sha256:
 43a89bf70f68f91ddc1b06d859dc4f2a9927a54fedab62b2fdc9579205324383 3639 chromium_90.0.4430.72-1.dsc
 6300ae42d40608d253ab8616c2c80ad002ca580e8fe54141b207c024068514bb 450807884 chromium_90.0.4430.72.orig.tar.xz
 3aa09c3ba706b18dc5e52329c27e883b0c0f3814d0e5948d9762764b59552e1a 217160 chromium_90.0.4430.72-1.debian.tar.xz
 1a105c58506e172e80b9c9f194eef430c2a20304ea25e9c43d2ba2b1d15aac64 14741 chromium_90.0.4430.72-1_source.buildinfo
Files:
 0926e3df68edd607b8f72838a93f211f 3639 web optional chromium_90.0.4430.72-1.dsc
 435530a5c2dcff41478285cd5269db28 450807884 web optional chromium_90.0.4430.72.orig.tar.xz
 47d086d78b8767f8f504921cee66c93e 217160 web optional chromium_90.0.4430.72-1.debian.tar.xz
 b299061690bf33fd406fd5c0c6f9b4d7 14741 web optional chromium_90.0.4430.72-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmB+vLMACgkQCBa54Yx2
K61uzQ/+Nl4AI4axr7tfnPWNYfmu+Pm+PQSUVGEHuOjHAFZBwG6nYlOvzgj9tsHI
B3tTA3uwSltUQ2La/c+CEjWbAc4ezAKhM+9OkYVPOUpe1e+6rl92cwQwYYATtcXg
k94T3qPmatIwCb9hqmJIqkS6VZpwF3c777q90aREgkZCD956cNa/6INzBBuDf2Eg
JNw42dZ1gaYL0hhKMAYq3C2ONUnJFtmGCNZNAElLLSi8M45ptabEQj+ow76p8da+
EsMHV4wDq4/3QOhYeDwLj8S/uAEY48cLjm9BEl2cYIZmhBz6bWObOCe7UY0oYDe8
AQLjPrVWFtSbVViCed4dq2Vdav/HHGqwbHv2yv/o44/X1IdyRCUsancEMhU+NrV3
7GbGdSAHiKENqacCxxPqEwiRSjwtsR+HU3JKrD692oxSPWriUKrzxR+4d8MfeyJE
YjCFwArnaRiDI28WKO3ixxzuuzx408x0pGFv7s2pB1aCs4W9kuUrF2nIWFxGiYZ6
jHyMwXJOwEWjnb3b5lo/izUbuyE0SX6u94J22ZgGz+S6YOIscTC7A5asxgM91Atp
lDZv8XjYhcBhIL+LHCV3ou0j7MQGGiFlkMT7+9rBZnoZfoV6yUki6NBCUz0uR+Fs
0V/ueyiQvAjcNQ+xzr5o7jD94cuXrgoGBx9JfuwzHhA0trayiZ8=
=9rC4
-----END PGP SIGNATURE-----
News for package chromium
