Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 106.0.5249.61-1 (source) into unstable
Date: Tue, 27 Sep 2022 19:49:23 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Sep 2022 14:14:44 -0400
Source: chromium
Architecture: source
Version: 106.0.5249.61-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (106.0.5249.61-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2022-3304: Use after free in CSS. Reported by Anonymous.
     - CVE-2022-3201: Insufficient validation of untrusted input in
       Developer Tools. Reported by NDevTK.
     - CVE-2022-3305: Use after free in Survey. Reported by Nan
       Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
       Research Institute.
     - CVE-2022-3306: Use after free in Survey. Reported by Nan
       Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
       Research Institute.
     - CVE-2022-3307: Use after free in Media.
       Reported by Anonymous Telecommunications Corp. Ltd.
     - CVE-2022-3308: Insufficient policy enforcement in Developer Tools.
       Reported by Andrea Cappa (zi0Black) @ Shielder.
     - CVE-2022-3309: Use after free in Assistant.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
     - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs.
       Reported by Ashwin Agrawal from Optus, Sydney.
     - CVE-2022-3311: Use after free in Import.
       Reported by Samet Bekmezci @sametbekmezci.
     - CVE-2022-3312: Insufficient validation of untrusted input in VPN.
       Reported by Andr.Ess.
     - CVE-2022-3313: Incorrect security UI in Full Screen.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2022-3314: Use after free in Logging. Reported by Anonymous.
     - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous.
     - CVE-2022-3316: Insufficient validation of untrusted input in Safe
       Browsing. Reported by Sven Dysthe (@svn_dy).
     - CVE-2022-3317: Insufficient validation of untrusted input in
       Intents. Reported by Hafiizh.
     - CVE-2022-3318: Use after free in ChromeOS Notifications.
       Reported by GraVity0.
   * debian/patches:
     - disable/angle-perftests.patch: drop most of patch.
       build_angle_perftests=false is set in d/rules, so no need to patch
       it and its dependencies.
     - upstream/browser-finder.patch: drop, merged upstream.
     - upstream/disk-cache.patch: drop, merged upstream.
     - upstream/masklayer-geom.patch: drop, merged upstream.
     - fixes/tflite.patch: drop, merged upstream.
     - bullseye/clang13.patch: update for upstream switching from one
       unsupported clang warning flag to another.
     - disable/catapult.patch: refresh.
     - disable/installer.patch: drop, as there's no real need to delete
       chrome/install_static; there's no licensing issues and it's only
       actually built on windows.
     - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs.
     - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs.
     - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that
       was currently papered over by disabling libaom on arm. This new
       patch (hopefully) allows libaom to be built for the armhf arch.
     - disable/libaom-arm.patch: drop now that we've fixed libaom on arm.
     - system/event.patch: remove some old unused bits that patch gn.
   * Stop deleting chrome/install_static in d/copyright, and also start
     deleting third party libraries that we began linking to in v105 as
     well as tools/gn.
   * Remove mgilbert as an uploader; thanks for all your work on chromium
     packaging!
Checksums-Sha1:
 eeb7933ae7c03070a58a5b23788f0201efa380bf 3586 chromium_106.0.5249.61-1.dsc
 7a4e624a907d1d3a3cece2eca9b420e838d8b895 647344332 chromium_106.0.5249.61.orig.tar.xz
 7c26d260b5a80926c4d29f615d5c84037f13f14a 212064 chromium_106.0.5249.61-1.debian.tar.xz
 c04b5ace1358e9808cfb91c8d7b842b8146b86b9 20210 chromium_106.0.5249.61-1_source.buildinfo
Checksums-Sha256:
 68a1803e11dee5071b4774db6026687a7213e35ea5772be8b0ffa978ac1f7c8d 3586 chromium_106.0.5249.61-1.dsc
 06fdc419b7af543cc870581a34d205401c294e79b2b88d0c5307fbd33d94c4e0 647344332 chromium_106.0.5249.61.orig.tar.xz
 21109b6b22caa6d7a9b39eb4945a8839d90404d19e935bafc01f84a3bee8f354 212064 chromium_106.0.5249.61-1.debian.tar.xz
 b5e7b59a9998e5e0bd476df327e002ed40212f9e917b1e0b72b012189d51a8d6 20210 chromium_106.0.5249.61-1_source.buildinfo
Files:
 9cd7f948c35da07529ec52c810ac8c79 3586 web optional chromium_106.0.5249.61-1.dsc
 203e7beced2de971b2ff4b0cc474cd1c 647344332 web optional chromium_106.0.5249.61.orig.tar.xz
 dbdce741cd58443472e1ea4d53ac2610 212064 web optional chromium_106.0.5249.61-1.debian.tar.xz
 26d3875fb0fdaca8cd58e0d972b6735f 20210 web optional chromium_106.0.5249.61-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmMzRb0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjc2NQ//bh1ef4078Asq2Tq1h5RH221ZKLP/
NHXYkXoFN7bsMgO19lvTCMo3aZ9ifO2Qj54hShmDThTbgjNxTc3KlGrImoZSWbcc
JV+DY6i/EDAm3Pvs6I9Nqrm+tklVDHLDMc9BuuMbNx7cUs5JC+vLf3kSiStsQUP2
PNjatErOAcTrlwNnp52vH3lGmqvbRAk0gUSwtYanpDpwDsbKlz29e/F3nwLFtDci
ILQa7F6Oe83kk+WQrX2Bm8R36btFbYnbZQtaDDOxyEai+e+GgktPhmQJV2pZPSpV
UnUXaNDqwn7WU021HWo543XdyraVgfsudsi2m/lfpxOVEmeaqdWm7Qf5z51HHeTz
f8PoKZHRi05zO+8HFB5JgVmSPVY+zacDyp8l9JaIhjmGPLb/Lryk5RUBq9gru+F3
iUnR4sTkQ7CQv2EIi+Ld6zZXfIzVOFRpOPeyZLaFgU9GuNqid9vkeUN1aip0XHk8
LWJPHO54fstmgid8RLbNBkeJ0sToYQaYTzN5U9CjdDKiKkoPY8C2vqM7lqJr1EM7
Uq23sU2aXy94vtfHU53pAA/eciqEJSWQpzYvRHAtNN1dxhBM6TD+i5AgdX3m5MPU
jLzD8xWHWbuLoge3A7ewR0LeJtXMJ6cQqvPSp26MOmfmnooxTp9CxQoeEm3L+Ot/
6cNwhHhBoFjp+dE=
=+Jqq
-----END PGP SIGNATURE-----
News for package chromium
