Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted chromium 90.0.4430.85-1~deb10u1 (source) into stable->embargoed, stable
Date: Wed, 28 Apr 2021 01:47:10 +0000
Signed by: Michael Gilbert <mgilbert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Apr 2021 20:09:16 +0000
Source: chromium
Architecture: source
Version: 90.0.4430.85-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
 chromium (90.0.4430.85-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu
       and Jianyu Chen
     - CVE-2021-21202: Use after free in extensions. Reported by David Erceg
     - CVE-2021-21203: Use after free in Blink. Reported by asnine
     - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek,
       Jeanette Ulloa, and Emily Voigtlander
     - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported
       by Alison Huffman
     - CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
       Reported by Guang Gong
     - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola and
       Nan Wang
     - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by
       Ahmed Elsobky
     - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom
       Van Goethem
     - CVE-2021-21210: Inappropriate implementation in Network. Reported by
       @bananabr
     - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by
       Akash Labade
     - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by
       Hugo Hue and Sze Yiu Chau
     - CVE-2021-21213: Use after free in WebMIDI. Reported by raven
     - CVE-2021-21214: Use after free in Network API. Reported by Anonymous
     - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by
       Abdulrahman Alqabandi
     - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by
       Abdulrahman Alqabandi
     - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting
     - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting
     - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting
     - CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong
     - CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong
     - CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez
     - CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon
       Tiszka
     - CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka
Checksums-Sha1:
 ec52b0f2adf819f16a749f14925eaef09e20b98b 4291 chromium_90.0.4430.85-1~deb10u1.dsc
 d55401790837fbc73cd06d06d4bbbb023002a1ca 450625000 chromium_90.0.4430.85.orig.tar.xz
 18bae18be85e9dabb44dbdde2c509c58f91ceb92 220140 chromium_90.0.4430.85-1~deb10u1.debian.tar.xz
 474fa374cfb1a769b80aa93808da7d0565475279 22875 chromium_90.0.4430.85-1~deb10u1_source.buildinfo
Checksums-Sha256:
 33b99325799a32ad94502b4c4bf062d1bef14b92e5fdeca263ac1e18f2bac741 4291 chromium_90.0.4430.85-1~deb10u1.dsc
 ef7a2f978ed333bdbd706d0c52353c2558d841a1a235bd4b422f109923e34f0c 450625000 chromium_90.0.4430.85.orig.tar.xz
 6c47c3238e1f037cae8e05231227cbf1795f1db175d805a39eed11c8a685195d 220140 chromium_90.0.4430.85-1~deb10u1.debian.tar.xz
 a64b71576f11215a2ef32d18e67cbccdf17c1cf04da5bc6ff01b7666260f641a 22875 chromium_90.0.4430.85-1~deb10u1_source.buildinfo
Files:
 e9eb07a3c2f14eedee990c4e86b4a067 4291 web optional chromium_90.0.4430.85-1~deb10u1.dsc
 6822b626b53198c5ef83b0d997016e9a 450625000 web optional chromium_90.0.4430.85.orig.tar.xz
 55326f8cab22a46e406e4ba067b8db68 220140 web optional chromium_90.0.4430.85-1~deb10u1.debian.tar.xz
 e6005918eb1124233fb7ef5ac02c3d92 22875 web optional chromium_90.0.4430.85-1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmCGoboACgkQmD40ZYkU
ayiqmCAAyMzs/fyut9gzN5P4qdYgJ3Y+JKh7YmePjfXbnQ98NquuQHoCfK74c9xP
x8kJLAH0wpQPb/ZFYqfma6Jhp39ZJ0JCVbqSA0F1Z6e+kSp3jU5J1vnw+ZwWXiqP
UMylWPmNRhx5X9iykfeAPURlkDC1+Ke15M4ftaL+rLz3E/d0Ns/2530bbxstMqFw
N/pDs8EPZzcgBpUkQDFQWXeXUQxSiNpGnF0Q7RD/QNhOqfln8mrjnVOwegHRbG26
b/u2QcGA/UkDViHAWv6gpoGmoIYdZLoQWK0sezTH7TYJj+fmTOYz2BfIVEHm+is3
H/prhryhcB88syzlUOhqUyqVqZDYurnzvp0qxFrqYbPT7Yw4TY/koyszDxQvP34D
07OFX0yV/aXsAJpbPxQ41ZZDvb0vuY6mAtCLC7suGDbcfTeuks06bYwMQ8Xmsnwz
/XQyJc9Lc8KTc1FxMOcBgMXPXz+yiSBmh7q5KoJ9SYMBgY0ysVt7+27rqpeoV34Y
n+SRpTMyz2JwlPw7pDawHW9inCaYZDAK7xK98/Wrcw51oDFyMZJU5k9vhFCLzhlN
4vRZY8hTid5gXIDKCdnzoZEhBVdczLQToGyLiG3jCKvf1KmNidqcKRSNDajjZGF9
O3SYgr+8BCGJweWOJxdKlVwMp8pPj6wlzp7LU2sLEtw0tQqYqT84faQxbYN5VwTp
TUevLFumonVBREKkTgRuT3m9ZaJFBF/uYW6snD+IwlqtJXv3VnnuKBzHSLMQnVeU
x+ECTpS5Jcy1TZd55564HGtI/8nS5q0n/PhdfaJ4f0CCYcDK4Sjilv9EDSP4Eifp
2cA40YV3UTk6sf0gGabo6ORwt+CUp9qOH/6oySGIC0Cg/E2+e2sCOV5eUKqtlI8W
+AzUfMyrd4KFxFEelJ4S8/a2r68pQJzzRWvfcC5dFEioyJjglBgjyqvJk8xxnLWk
Yt1c2JR/2oEasmifXxlal0rqN5ZBzZd5pbtohjkRjDtZbEDrbtwtsypxYWVoqHnA
JvjLTqtXeupKVkUNj0Aal23XB2BcJ2enbw2rfy4/d+rPhj6bz5o9y5dW2zDx2ZJT
9zwWttWBc+eXtKaENDcPfurSbJwq2rAOyT3tz9IFTOwnwCySf8Jjl9akJCmMpRZU
QLPVO2q9N6d8c+l91dWAabtxpOuYC0g0S0dB6g6/stg8r4/VEegodJVTN8uRZaDx
Rpxu2emesQGhS4a0dQ0QZggU5UrTI0duef34O7PkGSlDyb3Qyeny30376TK7aOo5
iiWSQwxZXzE3hVSoZKrTTFvCUBDBCPdR5pvTzxaSyS1BleAycVM5SCpfWmrajGIW
K1BiWkVZa12G0CBjcaN4jDgb9c1CoQ==
=zVGN
-----END PGP SIGNATURE-----
News for package chromium
