-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 16 Mar 2022 13:51:21 -0500 Source: chromium Architecture: source Version: 99.0.4844.74-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 1003622 1006267 Changes: chromium (99.0.4844.74-1~deb11u1) bullseye-security; urgency=high . * New upstream security release. - CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. - CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel. - CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa). - CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair. - CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani. - CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous. - CVE-2022-0980: Use after free in New Tab Page. Reported by Krace. . chromium (99.0.4844.51-2) unstable; urgency=medium . * Change dependency on xdg-desktop-portal-* packages to be libgtk-3-0|xdg-desktop-portal-backend. Some folks don't want all the dependencies of the xdg portal packages, and chromium really just requires gtk unless runnning under KDE (closes: #1006267). * Disable fieldtrial testing config to fix some sandboxing issues. We used to do this, but the config flag was renamed (closes: #1003622). * Adjust patches: + system/zlib.patch: drop part of it that is unnecessary. Checksums-Sha1: 11f216c0867deae8c8e4cb4f400e146a7880ecbc 3694 chromium_99.0.4844.74-1~deb11u1.dsc 6363ebc8df5e9d89452e98d1941703017f7afec6 541240292 chromium_99.0.4844.74.orig.tar.xz ded9ef4d22016c8d11c962923de52ce5039e4ce7 215108 chromium_99.0.4844.74-1~deb11u1.debian.tar.xz 65ba3310187b702ebb52c7189d236ae7f1bfb270 20436 chromium_99.0.4844.74-1~deb11u1_source.buildinfo Checksums-Sha256: 9f76da3a3c725f47474a8f38f5f17cd1b5828b406c7902f7b255bb79ab85c97a 3694 chromium_99.0.4844.74-1~deb11u1.dsc 08d787f47c280686d3fa6299f7ede9ec14ff962f9990f3801bccae322eb613d7 541240292 chromium_99.0.4844.74.orig.tar.xz b3340841d6e28906cc07ae159c7eb7906ba95a72e6e362c3db0051ecf776a878 215108 chromium_99.0.4844.74-1~deb11u1.debian.tar.xz e7e094600eec11b3c0422fac5aef5bcab9a33cade7fc66477bc9cad4bcdc3b4c 20436 chromium_99.0.4844.74-1~deb11u1_source.buildinfo Files: fcef5c7f4dfe27abe19dac6cb94fe064 3694 web optional chromium_99.0.4844.74-1~deb11u1.dsc 2fc00b3907939cad269360ba106759d2 541240292 web optional chromium_99.0.4844.74.orig.tar.xz 68957b34662d385f23da9b140b988905 215108 web optional chromium_99.0.4844.74-1~deb11u1.debian.tar.xz feab6bcba28e3772cee395c6f4997123 20436 web optional chromium_99.0.4844.74-1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmIyqz8UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdpAhAAsmI59oM794UyLqhePV98U8mnw6AP rH58w0N0KbpQIMbVkz0iLvndzmQjRffqmwrh20fIub2L/82yS9IIsSeWMJG4gJmz KCGNkfeIoXEXtcd8fplkD2NDx1CFxl3O/kzpkPOPJMMumEGugzVYrXKy/jaAy2QE r123igI/ZgZdRm+I6lEQ6gY9Re05e5l3hqtEI1DM+Ut6ePYrQYfU9BQM7a2RXSCm kLFsk2pKVz3eL5EBbw89+3nnzBEwJppqGwP3OSq/YelIBnqSUW3ZQ4nFMVV2GkJO Jh4NAZuldN5d8P2Y8ESTjXpJawUTZk/q1HaTX1ujrm39/Te9fLmbfdqpRAQCbpW1 yMMvPrgLGQIsvDBYY+WVBtXwCarMs7CiDMpnwJsYSY1ZPLC6Gevvi4xviX7ru5xJ 0uwxWCRfdRVz1QLZunJx2q9CT5Wpe2LiBDdbRZuRTeJlpLRQ2aA/bpEkTMZZKFVr IVOACxjgHHEn4w3+sxY0dxm23Y6lQ8fL/S8n3RtmZukZC5SeiYjMbhX5F00qe/gd wLsj9ZTV11Mc72gh4hTzBDkcpni6/89UmKezEaJf7M4B3G3z4G86BJKNQd5CeZLW BJBl46DuoOAVI3W0fKrhd7wtK6gWqmX63bRPUuhPXA6pIaO7RoSYUKlrCFSO853s 3ck1zjTY+JQTJCc= =mclS -----END PGP SIGNATURE-----
