Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 110.0.5481.77-1 (source) into unstable
Date: Wed, 08 Feb 2023 06:21:13 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 08 Feb 2023 00:20:01 -0500
Source: chromium
Architecture: source
Version: 110.0.5481.77-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (110.0.5481.77-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2023-0696: Type Confusion in V8.
       Reported by Haein Lee at KAIST Hacking Lab.
     - CVE-2023-0697: Inappropriate implementation in Full screen mode.
       Reported by Ahmed ElMasry.
     - CVE-2023-0698: Out of bounds read in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2023-0699: Use after free in GPU.
       Reported by 7o8v and Cassidy Kim(@cassidy6564).
     - CVE-2023-0700: Inappropriate implementation in Download.
       Reported by Axel Chong.
     - CVE-2023-0701: Heap buffer overflow in WebUI.
       Reported by Sumin Hwang of SSD Labs.
     - CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri.
     - CVE-2023-0703: Type Confusion in DevTools.
       Reported by raven at KunLun lab.
     - CVE-2023-0704: Insufficient policy enforcement in DevTools.
       Reported by Rhys Elsmore and Zac Sims of the Canva security team.
     - CVE-2023-0705: Integer overflow in Core.
       Reported by SorryMybad (@S0rryMybad) of Kunlun Lab.
   * d/copyright: libpng16 binaries are gone, no longer need to exclude them.
   * d/scripts/unbundle: drop libjxl, which is dropped upstream. Add absl_log*.
   * d/patches:
     - debianization/optimization.patch: drop. This is unnecessary, as
       Debian's optimization flags override Chromium's by default.
     - disable/android.patch: upstream removed android_crazy_linker, so we can
       remove half of this patch.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - upstream/mojo.patch: refresh w/ what's in 110.
     - system/openjpeg.patch: completely rework due to upstream changes.
     - upstream/clamp.patch: backport a build fix.
     - upstream/blink-dbl-float.patch: another build fix.
   * Drop unused use_allocator="none" argument. This was used previously
     to switch from the default "partition" allocator. Upstream dropped
     the build flag in chromium v109. So in v109 we switched to the default
     "partition" allocator and I don't think anyone noticed, so let's just
     leave it on. Report issues if you notice any.
 .
   [ Timothy Pearson ]
   * d/patches:
     - Refresh ppc64le patches for v110
     - Add upstream patches to fix build errors when use_custom_libcxx=false
     - Drop stack smashing fix patch for ppc64le due to fix included upstream
Checksums-Sha1:
 63ad50a7b865ee82374d9d4bb6c9a5a0d4814531 3684 chromium_110.0.5481.77-1.dsc
 b82794a9a4ac3a524d8cec99b1a1a049ca368785 642934776 chromium_110.0.5481.77.orig.tar.xz
 a162a7e528bc443338968911d500f65acdc777ec 300812 chromium_110.0.5481.77-1.debian.tar.xz
 6da27f65179b29af50250f0f91665dc0d10bc83c 20669 chromium_110.0.5481.77-1_source.buildinfo
Checksums-Sha256:
 f7ada81b3be45354481431a10841c4ab7a7176d8d30a4248b5b10856c2c68220 3684 chromium_110.0.5481.77-1.dsc
 0a1933a34b0b30376c917f96e9c3fa97683979ab18c86ea63ccc19597795ac5a 642934776 chromium_110.0.5481.77.orig.tar.xz
 fde757b9f30b8c1aff97ba66b8e3a7f7024c4075e898f123c6a17ba1c3d2b4fa 300812 chromium_110.0.5481.77-1.debian.tar.xz
 04fc4dad484be7dc42c2a7e7bba277772b6b95262a7001883a6371121fc10220 20669 chromium_110.0.5481.77-1_source.buildinfo
Files:
 526d5b8cd7c5347e78b78904eaf3e145 3684 web optional chromium_110.0.5481.77-1.dsc
 74e5f70aa56fa2f194eede321eb9454c 642934776 web optional chromium_110.0.5481.77.orig.tar.xz
 9f6dc2195cfdb50acb93e801b9d663ea 300812 web optional chromium_110.0.5481.77-1.debian.tar.xz
 6570ec2eb40743d9550f25ca1ebc5fee 20669 web optional chromium_110.0.5481.77-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPjNcYUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjepLxAAwdoAUTkiff5/hjZq7dWd9+6hAte6
cakq86Pk1UocRNTqTukJ67sIbpaAD2xnJgwYjx3Q7yeWMlJuNOBJ0+/VdczMukk7
PoOGjNS0hbjJH95sL4Sq6UelAmqkHt0mbO+PP541vrZQZojdwQz44gtC7NtE2HuN
suyi/Rc5sZp3J8izulVwzA+P4+yi2LAJstjhXZVko3rDFPhvsMgj45CKENumWumJ
M+aGoC5QIey2e1NK7ZI4GNYFFkPf5uBB/8cBOEfbnPRVQJ7XAlPUq0bheA6jMbBG
4AwfItr6Lkz73qBUyem30xWAcMZTyILUu83rRwu6JScdWvyU6S5LsQIbiEz1IR45
Fs4hVMO9gt+D5wdqO5EfzACVhcEEyHVZMy6NfwWCC1FEGcFRdLL/DDLgk9A8xUXn
pj4h4nm4kT4bfgyzPQsKrqApiiyd0PunbqX4NFunyg71Iebbve3+c7IISnu6kC6k
IpkdbCBi0Afy1p4Y6lo0r8QwmL6vcs6U1OqFIWyZBbdZcoeHXN3N2bhddm5t7wap
xBMHHbrJTT0kYGhqMlahm4unX/tU9INSVqlrvyPbM6IQTlQ6xNXmbfkts8HnbRgS
Kj1rJJzTZUyWP80z4nPnf9DatVKAUfD8sjBGO01ZSJX9uNYfpvNYuJ1Vw+uVFxDG
eaJqonUFL80EW8Y=
=BQXc
-----END PGP SIGNATURE-----
News for package chromium
