-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 15 Feb 2022 20:15:03 -0500 Source: chromium Architecture: source Version: 98.0.4758.102-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 954824 970571 1005230 1005466 Changes: chromium (98.0.4758.102-1~deb11u1) bullseye-security; urgency=high . * Enable pipewire support in webrtc (closes: #954824). * Enable optimize_webui. This UI speed improvement was originally disabled due to nodejs deps, but recent upstream changes makes those deps necessary either way (closes: #970571). * Switch to using bundled node modules, to deal with (frequent) build failures (closes: #1005466). * Manually depend on xdg-desktop-portal-* packages. The file saving dialog needs a UI toolkit (closes: #1005230). * New upstream security release. - CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy). - CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace. - CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita. - CVE-2022-0606: Use after free in ANGLE. - CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0607: Use after free in GPU. Reported by 0x74960. - CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group. - CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous. Checksums-Sha1: a10615c243fe10738ccb5ebe48b8ee518e69b159 3714 chromium_98.0.4758.102-1~deb11u1.dsc 7eef940a3971cdeee336cd39a8b80393c2d1cf06 527215312 chromium_98.0.4758.102.orig.tar.xz 2b90b6baba3d4ba0e857b57e0b42f24850b12485 215384 chromium_98.0.4758.102-1~deb11u1.debian.tar.xz c3aa5db517e83e01c9cf284303d3114f93c5ee65 20365 chromium_98.0.4758.102-1~deb11u1_source.buildinfo Checksums-Sha256: d50ac6d07186e38b432ddfdf23ad8692bb8382b1aa1cd252d54145d65c635aae 3714 chromium_98.0.4758.102-1~deb11u1.dsc ff05a6111b189fa99c60c2887e7129bf6b11cdff1a5d7ac38e473668c70a0654 527215312 chromium_98.0.4758.102.orig.tar.xz 9735b488cfe2feb66a3ced285774a0c14d6158f78b3c1f0dad93dbfd293b60aa 215384 chromium_98.0.4758.102-1~deb11u1.debian.tar.xz eccaa9edb45dd4206fd2bd6579f16dbb4dbb332351a8b5a023730963737b988a 20365 chromium_98.0.4758.102-1~deb11u1_source.buildinfo Files: 76042dd832e164bbe56208466bec96c5 3714 web optional chromium_98.0.4758.102-1~deb11u1.dsc a2e94ce03be789833a6641e842936377 527215312 web optional chromium_98.0.4758.102.orig.tar.xz 7467c040ac054fec66db0794ace6243f 215384 web optional chromium_98.0.4758.102-1~deb11u1.debian.tar.xz eb11847d581c4a490575c2438d6e0fa6 20365 web optional chromium_98.0.4758.102-1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmINkAMUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdVghAAjM9Mht03JilwERcgs5JjCYNj5ilo 34No3DiMyzPIBw+q+HgxhGikOR8VFYlfz/HVPq0HNkWS+tVtmqyax17YZ3EULITF CaezYsnK3Ub7rgcTe6Y5gV+YxRa4BNEMwm1BbJGHzA0zIEkXzwAPKo+HI+eqnUFV 9XF3RAwRKE7fYuOzkkZaWDROvsRnwCDKtA4xkSFifKeImNK68ls0cORyp4Sa8sKz rT/16LBavqb6nr+iePdr2zPYuaCFQNVmAIQZbH4eOwqrVHGSKChQSPnqf4N8bRBt BO6ys+Un80q0koyVNEuVHL1ebe3ogrfzZkXz74+OkjDIBvncO6uqfYWgMfFzx3pd yYI+NWvhtIaZ5ms4E2Cfijdx+m2UHE5NjwqkHkyQxCqMk1MiQbYyye3omMWxJ51i DbSAhhBAKJTa2soYDmznBZgIjUyeGw2o3yCF3h1TgueDExZ4TUk+Xyc0fqBsPTLZ sI7lRaUMvR5vadBHQ4wpm40gTK7czbtqB5RG9oA/jTR8BtPH5ya3rqOEg2xe+ybe yCeDXIF27r0z/SoD8XnMvcsSksgmvTVL/3FjmqK4e1wE5Hju74hsdFpOK14CxJFp EUKkDOr+MAGn+PM38iyEA86WdYgShkmb6kM1ypnki5+wMyZNI5dB3l5dgDqIA50/ HGrqDJvgk93hUZI= =/24V -----END PGP SIGNATURE-----
