-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Aug 2022 11:31:44 -0400 Source: chromium Architecture: source Version: 104.0.5112.79-1 Distribution: unstable Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (104.0.5112.79-1) unstable; urgency=high . * New upstream stable release. - CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous - CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang - CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel - CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani - CVE-2022-2609: Use after free in Nearby Share. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer - CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) - CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) - CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) - CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab - CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer - CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz - CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel - CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine - CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk - CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security - CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean - CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab - CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program * debian/patches: - bullseye/nomerge.patch: drop, was only needed for clang-11. - bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch. - bullseye/blink-constexpr.patch: drop, only needed for clang-11. - bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11. - disable/angle-perftests.patch: refresh - disable/catapult.patch: refresh & drop some no longer needed bits. - fixes/tflite.patch: fix a build error. * debian/copyright: - upstream dropped perfetto/ui/src/gen/. Checksums-Sha1: 00b5a34feb370c4bfb8f6c4a51c2ea2af87b2aa5 3619 chromium_104.0.5112.79-1.dsc a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz db4bfb71403bb965cf6e86a11244629049e6fc47 209308 chromium_104.0.5112.79-1.debian.tar.xz 970edc9525567811b532ccdcb0b7f472f9a5e9b6 20045 chromium_104.0.5112.79-1_source.buildinfo Checksums-Sha256: 5991e4c185fa2499deaef30e59a0f55633c2b6e9da7ba03a7e330541abf0ab55 3619 chromium_104.0.5112.79-1.dsc 304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz cfb88636c29dfac550fc760b32e96df6070d0c7391df6e916e53dcdd2b72dc84 209308 chromium_104.0.5112.79-1.debian.tar.xz 7fe587fac26f91b9fb14b29fc39602099c562e1b18652132bd2ebf876632d613 20045 chromium_104.0.5112.79-1_source.buildinfo Files: 5c4213c2d56d0d88a145b04c4d901ac1 3619 web optional chromium_104.0.5112.79-1.dsc 13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz f5f70c16002709041d11f0f78711efc6 209308 web optional chromium_104.0.5112.79-1.debian.tar.xz 76f967bfae15112d0db9372bc9ad912f 20045 web optional chromium_104.0.5112.79-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLshDIUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjfNCRAAi3Wv0p+xzcHvY2fCjC+f//yPltZD 32CWSyGsYj1kdG78yO8WG8g4iHLZgaaZMN2LRUsGVQGUEgXndh3VDumlrrr34ujA J/ySw/okfHPb26pSy8b6rc4vU3Er3xLQBTdaMFH1Yx6COpil31QxgDdEPXnaKUOn Gswln07Pblvu7pncyEWMj35hmvQFveQNse4A5mgfL4GR62hw2ajr0m7nY3U6mOSy h8KApAYK0+SPRpYkr4unOH4Ht+wqJ9SPehGMTbgBFh6Gx/V35iJpwW9F8qYdvoGn UksNQrLXK2VHlxgmHyupAgylm4L8LntU0kqO4p0GZzfrjiWJkS2QDPmLeA4bcx2b YmxcM9tppMpso7b5WeRovq5Hvgrzv0uDCNqKI+O1ecQ8YYCriVhm6n0eH8mrsJrI +Mv1Nj2RF3UbVzqFAOBcjSvdvgpgZqsTT7Fi2w8wkJfcWCNBvrpQsYX4qRtRXZxP TzTUK9oFccZ/IRQhWtN6jJkGuOB0kZoUzLFGzN9vDRIn95y4yNcgr5UGJ3qEgcK4 KrW9u5eJuNkpu6X0iROjnyXCkiRfhUe6Q79iDSpNFx0z8wZkZ7DEnEuST3X5/qKO zR8keAVa943eXk162HTnTCUGJyTCgEg5MnAViTRLVP3CxsdKCvrTDYYDeRUoT+Ku CidcM5hJnRuInTU= =Whn7 -----END PGP SIGNATURE-----