-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Aug 2022 21:39:17 -0400 Source: chromium Architecture: source Version: 104.0.5112.79-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (104.0.5112.79-1~deb11u1) bullseye-security; urgency=high . * Build with Clang 13 instead of the bullseye default of Clang 11. * New upstream stable release. - CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous - CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang - CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel - CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani - CVE-2022-2609: Use after free in Nearby Share. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer - CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) - CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) - CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) - CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab - CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer - CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz - CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel - CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine - CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk - CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security - CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean - CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab - CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program * debian/patches: - bullseye/nomerge.patch: drop, was only needed for clang-11. - bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch. - bullseye/blink-constexpr.patch: drop, only needed for clang-11. - bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11. - disable/angle-perftests.patch: refresh - disable/catapult.patch: refresh & drop some no longer needed bits. - fixes/tflite.patch: fix a build error. * debian/copyright: - upstream dropped perfetto/ui/src/gen/. Checksums-Sha1: f47757475b1d66c4a630171a9c9abd373f2a135f 3698 chromium_104.0.5112.79-1~deb11u1.dsc a11e88ffc0819f992212c95d21314c7bc07fb78c 610675328 chromium_104.0.5112.79.orig.tar.xz 54f0e8ff77b4dba5a147bf5fa6c159cee62f833c 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz b8cfcf768107ca5744e5d29a743eb5385bdb67da 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo Checksums-Sha256: 145a78afaa76b4179726029b584385ba626119cf0c441d4465e410c604cbbed9 3698 chromium_104.0.5112.79-1~deb11u1.dsc 304851d516ca0335755032c18d96df40fbbc0b2974169d495339d230782b4a43 610675328 chromium_104.0.5112.79.orig.tar.xz 5cb48f4bab0280d51d6a311078e55bb7a4904d833b25a7eb2d1f34b2284a9747 209296 chromium_104.0.5112.79-1~deb11u1.debian.tar.xz 5b93c38d3bc1d3ea91d12a41817fc7b4b27a14929eed2eff2744d75f5db118f8 20762 chromium_104.0.5112.79-1~deb11u1_source.buildinfo Files: 63a5bedae560c5a1753965c747702ffc 3698 web optional chromium_104.0.5112.79-1~deb11u1.dsc 13edaefdeea2513a4e3489800eac30bd 610675328 web optional chromium_104.0.5112.79.orig.tar.xz 2fd7001a0988f4f8e8bdeaadb30c70b9 209296 web optional chromium_104.0.5112.79-1~deb11u1.debian.tar.xz 68c98de97ab9346087aff506c2c4a87e 20762 web optional chromium_104.0.5112.79-1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmLsga4UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcrzhAAxgkLsI1OXBS06eHgfoQmKRPaWXNN Z1+5DUof4NeqorbAPyNljz9W8G2m/MtWJVT2vj3a3+BhS9Pqt3EUg7eIZCG0tCy+ ZPLJTt9Q90NoX787HztZQZUepgV+IUFZED81XJ9hNHvcjKBlv/u3sfwODv/5KSqg 5U3mtEosJIx9eskyZjlgu5Ix8UClHG/UwtiOlDy2pHRlU14wKoJZOmwlxcWp4xm6 jTXK02Q+oob6HRMg32n0gicAT5MMmHF03M6UChxUmlgmoXLnGSxVGiPFqmb/UBhn 2+PZ09+AuHDdmrdGpQVJanGI5SQCJ19QdzzszTNjPUk9Xzm4aZrRa9je1DgptUAt NHQPLh4Cvbva/3uvqhGA2k9ZY8/uoCRK7O4tWTp2bFY2z5mRCJvgMLcvXL7UBPok nQRzr7uh5OzukDbmsUoH4GAhZo7UJAWf/oLFSHF9m2TzfL2rOKbU8COZ4qQ6BMla As78Gkpt0jPQWoZiZWfksWveS0Soy3IhkoAU9YBG3aYG3ydOiMSXZXGQjqrjv9UK c90tbjtuINKjdvTQ0z3HTSf06XCNmyoTucLjyN5GtIv0tUKjMVtIFxQzrarltuPS dQu9UWbvJ4BA2UrcACB+S8R6pNv+h+KIjqHFgox/Cz9baf+n4Qj/aS+tSvD8y2FT GZGXQiHlLz8kR1k= =Nkxg -----END PGP SIGNATURE-----