Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted chromium 110.0.5481.77-1~deb11u1 (source) into stable-security
Date: Wed, 08 Feb 2023 19:10:18 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 08 Feb 2023 00:20:01 -0500
Source: chromium
Architecture: source
Version: 110.0.5481.77-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1030160
Changes:
 chromium (110.0.5481.77-1~deb11u1) bullseye-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2023-0696: Type Confusion in V8.
       Reported by Haein Lee at KAIST Hacking Lab.
     - CVE-2023-0697: Inappropriate implementation in Full screen mode.
       Reported by Ahmed ElMasry.
     - CVE-2023-0698: Out of bounds read in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2023-0699: Use after free in GPU.
       Reported by 7o8v and Cassidy Kim(@cassidy6564).
     - CVE-2023-0700: Inappropriate implementation in Download.
       Reported by Axel Chong.
     - CVE-2023-0701: Heap buffer overflow in WebUI.
       Reported by Sumin Hwang of SSD Labs.
     - CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri.
     - CVE-2023-0703: Type Confusion in DevTools.
       Reported by raven at KunLun lab.
     - CVE-2023-0704: Insufficient policy enforcement in DevTools.
       Reported by Rhys Elsmore and Zac Sims of the Canva security team.
     - CVE-2023-0705: Integer overflow in Core.
       Reported by SorryMybad (@S0rryMybad) of Kunlun Lab.
   * d/copyright: libpng16 binaries are gone, no longer need to exclude them.
   * d/scripts/unbundle: drop libjxl, which is dropped upstream. Add absl_log*.
   * d/patches:
     - debianization/optimization.patch: drop. This is unnecessary, as
       Debian's optimization flags override Chromium's by default.
     - disable/android.patch: upstream removed android_crazy_linker, so we can
       remove half of this patch.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - upstream/mojo.patch: refresh w/ what's in 110.
     - system/openjpeg.patch: completely rework due to upstream changes.
     - upstream/clamp.patch: backport a build fix.
     - upstream/blink-dbl-float.patch: another build fix.
   * Drop unused use_allocator="none" argument. This was used previously
     to switch from the default "partition" allocator. Upstream dropped
     the build flag in chromium v109. So in v109 we switched to the default
     "partition" allocator and I don't think anyone noticed, so let's just
     leave it on. Report issues if you notice any.
   * Disable v4l2 on bullseye; I forgot that it doesn't have new enough kernel
     headers (closes: #1030160).
 .
   [ Timothy Pearson ]
   * d/patches:
     - Refresh ppc64le patches for v110
     - Add upstream patches to fix build errors when use_custom_libcxx=false
     - Drop stack smashing fix patch for ppc64le due to fix included upstream
Checksums-Sha1:
 7af64cb41bdab8092c39883903c5b02012a8a455 3801 chromium_110.0.5481.77-1~deb11u1.dsc
 b82794a9a4ac3a524d8cec99b1a1a049ca368785 642934776 chromium_110.0.5481.77.orig.tar.xz
 084b55422b9cc82b60f77ae6acdb9d4658a348a4 300932 chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
 c6ba1d67b77b983eaf31961c4d102e0df7b25705 21293 chromium_110.0.5481.77-1~deb11u1_source.buildinfo
Checksums-Sha256:
 c11bec445b48655a11b811eec8814c7b5280d505ac6da99e809394f15b4392e7 3801 chromium_110.0.5481.77-1~deb11u1.dsc
 0a1933a34b0b30376c917f96e9c3fa97683979ab18c86ea63ccc19597795ac5a 642934776 chromium_110.0.5481.77.orig.tar.xz
 e388d6be7b9c7d893712171790b92fc3cdc0655ee18eeb3247c693c2ef70b8b5 300932 chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
 b32ccd6a948b39bb06feea91891062c14bea243c48ff4726ab7e388c4e584e3f 21293 chromium_110.0.5481.77-1~deb11u1_source.buildinfo
Files:
 349a0357aaa89a20c32d9b453786bc63 3801 web optional chromium_110.0.5481.77-1~deb11u1.dsc
 74e5f70aa56fa2f194eede321eb9454c 642934776 web optional chromium_110.0.5481.77.orig.tar.xz
 d2c5e225e0c629560d18ee3dc2d9a358 300932 web optional chromium_110.0.5481.77-1~deb11u1.debian.tar.xz
 c72d97921afbb37cf83047675c4aa141 21293 web optional chromium_110.0.5481.77-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPjOcMUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcsMRAAsiscVrTqbAi4Vh76zxWtlvM7Dgzc
fuKGjANiAMOVpZGPJSR2PQYUha3ZS3aSS6BBuCuPUJwaamGsZiwFLdRzBb/Lo5xx
8895siW9nt2YwPn+6gqnzr4YDM8aG8f4RJkbsMM2Bc4qp/xZyQBsNaOMRKlq6Emt
j+ewJgIOF4J7Vefy6sOULUrIvRGXuNFDKdwzzRNuNwshT4ETxSJsn+yLnQPXpsMc
Pn7UXbnQfQxWUeEmjS95S43AMqWXIukSZg6VosNlP0efuj+BH0hr4AAgr8M3rmHE
2LLM2CfUq8DYQ+QdJcnxtTu2wbCkb7UNibBkSREBBPck4p4V6PTmubkjF8JimPyJ
/DICRonJwUkAbWlbd0q8lijveF1KFu6vbk7SFPoo26kcN5U3vRNgxLpLLOSrIgqg
wL6yDodGJwdNDREJsxZtbdh8VRjw3AWRKwvWBzZrS3ureJQ1D0xh0GfqjY+MT+vv
noLBxF0TSkPbQTTOY6sAHpuI3WB3nng4Zgh/AbPSzIVytS4LcdbyEqvMN/3/A/A4
wmBt1vbZWp7jso+0voB+MpXkyOn5nXNnQn62YQnXFJUfxtTujXfXtF3okR7tQxLp
ABGAB2jQtLFykm91g1XjYE0H+EKPdK43ayxEMeTwHSwuNrVKvFxDai+ZmAzxkYh0
V8zO7Pi7FP/K5QM=
=gIS2
-----END PGP SIGNATURE-----
News for package chromium
