Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 102.0.5005.61-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 16 Jun 2022 06:48:12 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 May 2022 02:24:52 -0400
Source: chromium
Architecture: source
Version: 102.0.5005.61-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1011096
Changes:
 chromium (102.0.5005.61-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous
     - CVE-2022-1854: Use after free in ANGLE.
       Reported by SeongHwan Park (SeHwa)
     - CVE-2022-1855: Use after free in Messaging. Reported by Anonymous
     - CVE-2022-1856: Use after free in User Education. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-1857: Insufficient policy enforcement in File System API.
       Reported by Daniel Rhea
     - CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad
     - CVE-2022-1859: Use after free in Performance Manager. Reported by
       Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab
     - CVE-2022-1860: Use after free in UI Foundations.
       Reported by @ginggilBesel
     - CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani
     - CVE-2022-1862: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz
     - CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg
     - CVE-2022-1864: Use after free in WebApp Installs.
       Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab
     - CVE-2022-1865: Use after free in Bookmarks.
       Reported by Rong Jian of VRI
     - CVE-2022-1866: Use after free in Tablet Mode.
       Reported by @ginggilBesel
     - CVE-2022-1867: Insufficient validation of untrusted input in
       Data Transfer. Reported by Michał Bentkowski of Securitum
     - CVE-2022-1868: Inappropriate implementation in Extensions API.
       Reported by Alesandro Ortiz
     - CVE-2022-1869: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab
     - CVE-2022-1870: Use after free in App Service. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-1871: Insufficient policy enforcement in File System API.
       Reported by Thomas Orlita
     - CVE-2022-1872: Insufficient policy enforcement in Extensions API.
       Reported by ChaobinZhang
     - CVE-2022-1873: Insufficient policy enforcement in COOP.
       Reported by NDevTK
     - CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
       Reported by hjy79425575
     - CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK
     - CVE-2022-1876: Heap buffer overflow in DevTools.
       Reported by @ginggilBesel
   * debian/patches:
     - system/jpeg.patch - straight refresh.
     - disable/swiftshader.patch - straight refresh.
     - disable/swiftshader-2.patch - refresh for upstream dropping of legacy
       swiftshader GL stuff; they now use ANGLE.
     - disable/angle-perftests.patch - refresh.
     - system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations
       argument change.
     - bullseye/clang11.patch - merge cast-call.patch into it, as well as
       dropping additional unsupported clang arguments.
     - bullseye/cast-call.patch - drop.
     - upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS.
     - upstream/blink-ftbfs.patch - another FTBFS patch.
     - upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch -
       fix a build failure that only happens with clang + GNU's libstdc++.
     - upstream/byteswap-constexpr.patch - add this to fix bullsye builds on
       32-bit platforms (closes: #1011096).
   * Don't build unneccessary dawn build tests.
Checksums-Sha1:
 659cb2f8e5f2194d8228affad98732c5578febca 3689 chromium_102.0.5005.61-1~deb11u1.dsc
 47331ae6f69d5a5878e82c8292f0725f1bf5346a 601246340 chromium_102.0.5005.61.orig.tar.xz
 2762e85869f0bc512e38e30fc1f78bff7d0cf723 210856 chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
 55398206dee6c91e7ca6b6300cde37c7eade57eb 20577 chromium_102.0.5005.61-1~deb11u1_source.buildinfo
Checksums-Sha256:
 67f2fbf807fa254e9504123c966a0c72eba787cdc591965bee9e14b9e90e3b9f 3689 chromium_102.0.5005.61-1~deb11u1.dsc
 9b44f0f42a3b11240bac0b62587994e0fa8f59a27a4e090a3513d62949423690 601246340 chromium_102.0.5005.61.orig.tar.xz
 3b7c2cdb3274e4784c4a5b2bfa3d255d5a23a1a2e844e271e24e11838742950e 210856 chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
 d2459a4483776cf93b8b0fc377c6fc43216006e018314d18631740b3a14ed92e 20577 chromium_102.0.5005.61-1~deb11u1_source.buildinfo
Files:
 e16fcba11587074f8ac7bd9af01dc1c9 3689 web optional chromium_102.0.5005.61-1~deb11u1.dsc
 45045d678bc6e6184d7e4e3caf230732 601246340 web optional chromium_102.0.5005.61.orig.tar.xz
 a0dd0074ca7471d2b7b94309fe13abe3 210856 web optional chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
 1c4475a13c68b398acc776d67a8bdab7 20577 web optional chromium_102.0.5005.61-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmKNzz0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfXtg//VMpQ7Z7ekjwzBeylGGU4MRNYtGzD
l+SoPO6xtJ24lpIesxY/CfBdkuuSXFMcgmquEg/BEFkO6Qsfz36vBZpeKL72U5vg
g2+py1c5waUatA8nGfDyu28J4QOhOzN5yM1EnQsmaWIjMS/WSMwHXEVBLGcoN4pd
YebnWgd4Ot/3fBd9HunlgJYacS9X7iCerck9ttM192zlS94MwUW9Pa5syUnRDShv
YqQqbJZYadCV7GKLmH+agT5PJZvyLBhCk5iwRzbVb4jjdf8ugREqGNhwDRhiiwvW
+YP5YU1/VLMYbm32WOyrI+w1doiT3dZwTlflJlTjNMsOTVEIBZrriE8OOzqcsP+t
rlwAc5Gv7bn6C6Jzkxfja7EgSiT9zB7nP82L2oZMSOR3PFpCfYUOCMY7BJ50qibp
Jcp+DJ7MUbuZolVl/JfoyeFK4hiSJItBNKmzfqi+I/CgRG1sBERmNHbixp7SePpB
rS1YscSJOeLcFJ1PVHHrvroxxbDkRLE6QPzWDR7xyTKkG78UfIwhrE92PvwhaQMw
lTJ1U/mxHJaBbSzTC9C5q+8ZtS4j1kqk3M1dE4yKxYKPEVGuYKWozglj5oA/wqxQ
R/6gbacoP+9L/SzqsLmjyZ3WtD0HuyN5K10vCtidYDtZV2zAGBf0oSI9Fh5Fu1Ta
gWUG4WGfpmqj94U=
=mEPb
-----END PGP SIGNATURE-----
News for package chromium
