Accepted chromium 83.0.4103.116-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2020 23:52:43 -0400
Source: chromium
Architecture: source
Version: 83.0.4103.116-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
chromium (83.0.4103.116-1~deb10u1) buster-security; urgency=medium
.
* New upstream stable release.
- CVE-2020-6423: Use after free in audio. Reported by Anonymous
- CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen
- CVE-2020-6431: Insufficient policy enforcement in full screen. Reported
by Luan Herrera
- CVE-2020-6432: Insufficient policy enforcement in navigations. Reported
by David Erceg
- CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by
David Erceg
- CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han
- CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by
Sergei Glazunov
- CVE-2020-6436: Use after free in window management. Reported by Igor
Bukanov
- CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann
Horn
- CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by
Ng Yik Phang
- CVE-2020-6439: Insufficient policy enforcement in navigations. Reported
by remkoboonstra
- CVE-2020-6440: Inappropriate implementation in extensions. Reported by
David Erceg
- CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by
David Erceg
- CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey
- CVE-2020-6443: Insufficient data validation in developer tools. Reported
by @lovasoa
- CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown
- CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported
by Jun Kokatsu
- CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported
by Jun Kokatsu
- CVE-2020-6447: Inappropriate implementation in developer tools. Reported
by David Erceg
- CVE-2020-6448: Use after free in V8. Reported by Guang Gong
- CVE-2020-6454: Use after free in extensions. Reported by leecraso and
Guang Gong
- CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and
Guang Gong
- CVE-2020-6456: Insufficient validation of untrusted input in clipboard.
Reported by Michał Bentkowski
- CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso
and Guang Gong
- CVE-2020-6458: Out of bounds read and write in PDFium. Reported by
Aleksandar Nikolic
- CVE-2020-6459: Use after free in payments. Reported by Zhe Jin
- CVE-2020-6460: Insufficient data validation in URL formatting. Reported
by Anonymous
- CVE-2020-6461: Use after free in storage. Reported by Zhe Jin
- CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin
- CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial
- CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang
- CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh
- CVE-2020-6466: Use after free in media. Reported by Zhe Jin
- CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song
- CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake
Corina
- CVE-2020-6469: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
Reported by Michał Bentkowski
- CVE-2020-6471: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6472: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by
Soroush Karami and Panagiotis Ilia
- CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin
- CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil
Zhani
- CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by
Alexandre Le Borgne
- CVE-2020-6478: Inappropriate implementation in full screen. Reported by
Khalil Zhani
- CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong
Zhaochen
- CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by
Marvin Witt
- CVE-2020-6481: Insufficient policy enforcement in URL formatting.
Reported by Rayyan Bijoora
- CVE-2020-6482: Insufficient policy enforcement in developer tools.
Reported by Abdulrahman Alqabandi
- CVE-2020-6483: Insufficient policy enforcement in payments. Reported by
Jun Kokatsu
- CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by
Artem Zinenko
- CVE-2020-6485: Insufficient data validation in media router. Reported by
Sergei Glazunov
- CVE-2020-6486: Insufficient policy enforcement in navigations. Reported
by David Erceg
- CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by
Jun Kokatsu
- CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by
David Erceg
- CVE-2020-6489: Inappropriate implementation in developer tools. Reported
by @lovasoa
- CVE-2020-6490: Insufficient data validation in loader. Reported by
Twitter
- CVE-2020-6491: Incorrect security UI in site information. Reported by
Sultan Haikal
- CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous
- CVE-2020-6494: Incorrect security UI in payments. Reported by Juho
Nurminen
- CVE-2020-6495: Insufficient policy enforcement in developer tools.
Reported by David Erceg
- CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani
- CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by
Rayyan Bijoora
- CVE-2020-6498: Incorrect security UI in progress display. Reported by
Rayyan Bijoora
- CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani
- CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by
Alesandro Ortiz
- CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov
- CVE-2020-6509: Use after free in extensions. Reported by Anonymous
- CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie
Silvanovich
Checksums-Sha1:
1bbb80d7f58d63d50135cc2360f271a792461888 4298 chromium_83.0.4103.116-1~deb10u1.dsc
fe6724f885443cfb9c6df713a2b04745fa064f12 319669076 chromium_83.0.4103.116.orig.tar.xz
47b84d38ca27aee8de0d2b2dbcdd057227bf163e 198432 chromium_83.0.4103.116-1~deb10u1.debian.tar.xz
8b9ef996a6a60ee6172cb9049353581bb5fc452d 22443 chromium_83.0.4103.116-1~deb10u1_source.buildinfo
Checksums-Sha256:
9f91dc990f580a3e6b66cb52d9bfa8b27cfa8b422a5766f29b27b925710a23c2 4298 chromium_83.0.4103.116-1~deb10u1.dsc
6400ff677d26e5394d35c74d8102340faed6e8ebc39cc2975a74aa43f81b9190 319669076 chromium_83.0.4103.116.orig.tar.xz
847c98f84b32b3153121753eaa1c94e06ca1f269dcb2375c08688aac0cea8b67 198432 chromium_83.0.4103.116-1~deb10u1.debian.tar.xz
19c82a4d9d53a4a4e45d67c997cc3b70fa9fcb310fc4fd2da20683aafe2d8a9b 22443 chromium_83.0.4103.116-1~deb10u1_source.buildinfo
Files:
53635de44dab5edacce604dd7276fa27 4298 web optional chromium_83.0.4103.116-1~deb10u1.dsc
e501750231052fe64f7766ad2d33c7d4 319669076 web optional chromium_83.0.4103.116.orig.tar.xz
71d5cb6bc7e363deae8afe10836ad4b4 198432 web optional chromium_83.0.4103.116-1~deb10u1.debian.tar.xz
78b5e3cb621250d8bff7706064207462 22443 web optional chromium_83.0.4103.116-1~deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl76gBkACgkQmD40ZYkU
aygn+SAAyyP9n98CArT0AFwD+ikKnc36v7g2B/4Lik00OS4sV96k2cHU9nlEzb/5
KKdLxhXhG4fJATaKUqoQNSkclqAf2sHdW6b9lgP0qw6DycqQno70NtWLTWeig/3q
5WqPe+dW+zLNASOJ8JOsyB5+5D92VKyn2Ggj3uLsWhYcjL+muFndYR1mK0O0snPv
ZhWBjSUFv/rxjvW5p1nFUGM5B1tInqWLYHMTHWCCqXyxq8UvBTDSsYMVc0beERRV
YAWKxVb3xwsowi4ZI0JEImSUmzmHwilgOdM8jb6EnLkpcBs3AoJ6IY+1LMLUlbUG
v1iLb9+WsCgW/iIyCJauRuFerDiolmXlz0BFH887yGxsZ8pbk3v5xDy183AllCR6
vAwKw/10mcKf6oeMzYqp9Hz8//XbctETkPQ1V3+Aizkbl8KtjbCGPzAYyerZQ/5k
T33CG0cTdwugBT+X40UmP0cYWXXazVOwlC1RF9R3gYgYLyAxdwqGXH9oh5auCBuE
6QePaAhv68fWdgSEBhUcQTtqJeQgnUhsNalLlMynfB0/snNeEVNL86fRVG3NicpB
KnVUwR9tY4z0/nInDjcPP1AtfYA3Nrsu+UK6IznLkjpScQ9AON+wGChKxYflKXWp
RdrL0XlhIbxwdnL0qYty8NBNAcS30HIVoZ1mEWL4xGXJu+LYLolNd3nYER5U3Mkj
BfFGaH1/Ddiqgk6KAYuCAk46Qz8FEpSAdZxMMKRVyGlASnMhuP7EYOxA7p/t+Y9V
IXKi4+UCVrf5suoZAU5PjmaWDSjMTc5TA4qVPv22nwg+LQn5SYO9MnMT9i+BT9Ci
LUP6zHZwA9nr+WfxKf+36UJn6N21FdhMfOZO+bv6u3yZ21nAiqTiBNzDDhZxbqnP
NanncMEnc6JGDvYWiyn5ImtP67o+Nl9i+JrF992Wrjiy697Ut/6YHEBnUfW2p6FJ
7US4o5xRZLN9o/n83YGI3qiSyaYlzHaAPwGAvNfvHPqV8Wb149vx8NECMdXN3OsN
jQ+iYhu62dGUjd+pt7olFvTu2CvnDAkbNaf+FFZCisHHM85jh9WDBea2LYKQJ1D2
vgpmQYWhqhLyQ5AIKjOF1dyImKsL7gPKz6Gw5yUcS7COFJUW9k6MRjWfSAvoNQn5
N5eVx1M4rEyuAQHd13kPoSvDdwmc/RX/f9M8MTNykvYp0feKfzmc2mILYg954ck0
g70CnWH55ohBRfyERZlNKSNglygeeck3p4kFgJHR94a4MSzD98YfF3IEhg9O+C9F
zTHR4ga20XQ0TBJtE65Bv/z+pSi6EhaJRu7YCbZ/iKqa8osG8YToC9L8K/j9d0kM
IYdiMW61CPegX//n0vEq0xsLiaOShA==
=9khH
-----END PGP SIGNATURE-----