Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 107.0.5304.68-1~deb11u1 (source) into proposed-updates
Date: Wed, 07 Dec 2022 18:32:09 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Oct 2022 17:40:14 -0400
Source: chromium
Architecture: source
Version: 107.0.5304.68-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (107.0.5304.68-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at
       S.S.L Team.
     - CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park
       (SeHwa).
     - CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of
       Google Project Zero.
     - CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by
       koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute.
     - CVE-2022-3656: Insufficient data validation in File System. Reported by
       Ron Masas, Imperva.
     - CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari,
       Talon Cyber Security.
     - CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported
       by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research
       Institute.
     - CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel.
     - CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported
       by Irvan Kurniawan (sourc7).
     - CVE-2022-3661: Insufficient data validation in Extensions. Reported by
       Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University.
   * Disable building against QT5 (for now).
     https://groups.google.com/a/chromium.org/g/chromium-packagers/c/-2VGexQAK6w
   * debian/copyright:
     - delete third_party/dawn/tools/golang binaries.
   * debian/patches:
     - upstream/armhf-ftbfs.patch: drop, merged upstream.
     - upstream/fix-nullptr-qual.patch: drop, merged upstream.
     - disable/catapult.patch: delete add'l blink reference to catapult.
     - bullseye/clang13.patch: refresh for minor upstream changes.
     - ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
     - disable/clang-version-check.patch: added to fix build failure. Needs
       to go upstream.
     - ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch:
       drop, upstream skia stopped using clang::musttail.
     - upstream/re-fix-tflite.patch: re-add a build fix that upstream lost.
 .
   [ Timothy Pearson ]
   * regenerate libaom configuration on ppc64el systems.
Checksums-Sha1:
 406e86605e2f3533f7f603141861686b0e563ad5 3801 chromium_107.0.5304.68-1~deb11u1.dsc
 dace8293eb488d190ef7f8225ff5d13064f3772f 648953428 chromium_107.0.5304.68.orig.tar.xz
 266a8ecf8ada4b3b0c56c6c2af2814848bfd0e17 290188 chromium_107.0.5304.68-1~deb11u1.debian.tar.xz
 7bcb0ecb6fb06f1052d6ab323f178e25eba3cc30 21241 chromium_107.0.5304.68-1~deb11u1_source.buildinfo
Checksums-Sha256:
 8c1cf1600787190c52537d145fa1ab751e83b1f66e5bd61aae3bad43ebcd6d25 3801 chromium_107.0.5304.68-1~deb11u1.dsc
 cb7ef428ac6ff97a34ce127cdd1687946071d0a549d852a8c4fc75a0d8e28782 648953428 chromium_107.0.5304.68.orig.tar.xz
 f34ac8855f7e8464dd406e23078101a980d61e87d185d6aeeb0b8bd01b3c4cf8 290188 chromium_107.0.5304.68-1~deb11u1.debian.tar.xz
 8e273bca093944828d0d1667d99d1219248243e373053464e26022d06fe3be93 21241 chromium_107.0.5304.68-1~deb11u1_source.buildinfo
Files:
 64bcdd59c0f63d1719a894d176c955eb 3801 web optional chromium_107.0.5304.68-1~deb11u1.dsc
 81918c0a34c54105a59164d0b294c1d9 648953428 web optional chromium_107.0.5304.68.orig.tar.xz
 94c4d0d2708782624498021e968ae404 290188 web optional chromium_107.0.5304.68-1~deb11u1.debian.tar.xz
 c3d7c3ca2d762ee16e159c1313bc2a4a 21241 web optional chromium_107.0.5304.68-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmNYtxsUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcVoA//esamjoR1pObR6vbuOWAR0adAyLTT
UA0xuMh+rk/Bg9e/BXJfz9K3IcoWJA/tqqxb/PkQ9EGIHekO9oqWgqxDJNcuDEQP
6yW+5qObJNd0p2gveBD/V/YZwjqD072qFf7BFpnjgWAqNbQQ892AfFP1jLlRv+6r
r8OLd+PrW4vxdrVg9n3NteKbaYQp0myuoJ1K0KtC1q5JOyAfRpDayVkimFZKoyEX
ErzfuwZHifVP3bnaFuP7+k6sA+Piu4Yia+253oC+2aQdSc9agFOG6WMxR75hGu1E
d5juDHOWxN3STzAnfIHVK5aocGF2dcPXJfL9pzoxuF3YirXdV8/aFM9BELGCvict
z2vDAXYi+GQFZ8enPIurUu5ZKfi90oKH4nxZTYnb6Tfpco+q+h6/CAGlulp9O8kc
8mQdTXM0wtOfFTOW3xzG39oJ89UMyUlJNJvgyRHyrvOJ83v7DdnChnOzWf8w0A5y
sMB9WkuteQCvEdYKmy94iDTNOEq0i64KWY18I+7JwZWP9f9hCQQcPrDmfjaW9XfC
vXHVb4qRR+n9V5YLAVIjhvdF+r4M3sLWs3hdZdZ/Mzj/HSA1xCzVt9Rvl0BufmvI
drzbcIplkPakSxPGA2Hr2AG6tul89Goqt9scSV6VslEiylpovZlLfNcdLbdhEuJO
cRNB9JC0rfd4yZ8=
=wxUX
-----END PGP SIGNATURE-----
News for package chromium
