Back to chromium PTS page

Accepted chromium 89.0.4389.82-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Mar 2021 09:48:03 +0100
Source: chromium
Architecture: source
Version: 89.0.4389.82-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michel Le Bihan <michel@lebihan.pl>
Closes: 984532
Changes:
 chromium (89.0.4389.82-1) unstable; urgency=medium
 .
   * New upstream stable release (closes: #984532).
     - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
       Zhani
     - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
       'Icewall' Noga of Cisco Talos
     - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
       Zhani
     - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
     - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
       Alison Huffman, Microsoft Browser Vulnerability Research
     - CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported
       by Muneaki Nishimura nishimunea
     - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
       Huffman, Microsoft Browser Vulnerability Research
     - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
       Huffman, Microsoft Browser Vulnerability Research
     - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
       Luan Herrera @lbherrera_
     - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
       @P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab
     - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
     - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
       Reported by Irvan Kurniawan sourc7
     - CVE-2021-21172: Insufficient policy enforcement in File System API.
       Reported by Maciej Pulikowski
     - CVE-2021-21173: Side-channel information leakage in Network Internals.
       Reported by Tom Van Goethem from imec-DistriNet, KU Leuven
     - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
       Ashish Gautam Kamble
     - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
       by Jun Kokatsu, Microsoft Browser Vulnerability Research
     - CVE-2021-21176: Inappropriate implementation in full screen mode.
       Reported by Luan Herrera @lbherrera_
     - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
       Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
       Japong
     - CVE-2021-21179: Use after free in Network Internals. Reported by
       Anonymous
     - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
       Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean
       Campbell at Tableau
     - CVE-2021-21181: Side-channel information leakage in autofill. Reported by
       Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of
       Illinois at Chicago, Jason Polakis University of Illinois at Chicago
     - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
       by Luan Herrera @lbherrera_
     - CVE-2021-21183: Inappropriate implementation in performance APIs.
       Reported by Takashi Yoneuchi @y0n3uchy
     - CVE-2021-21184: Inappropriate implementation in performance APIs.
       Reported by James Hartig
     - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
       by David Erceg
     - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
       by dhirajkumarnifty
     - CVE-2021-21187: Insufficient data validation in URL formatting. Reported
       by Kirtikumar Anandrao Ramchandani
     - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
       @pwn_expoit of STEALIEN
     - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
       Khalil Zhani
     - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
       @zhouat1 of Qihoo 360 Vulcan Team
Checksums-Sha1:
 29ce4eb50596a37358aee583974a03a4ec851c22 3639 chromium_89.0.4389.82-1.dsc
 2966d69b45c664b6498dde8da163be9fe7b9f39c 427191424 chromium_89.0.4389.82.orig.tar.xz
 6b7f98cfca418ac6ee271a72031ed89a266ee938 208292 chromium_89.0.4389.82-1.debian.tar.xz
 768e4a551036cf8022104f924a3f7884e27d41cd 14751 chromium_89.0.4389.82-1_source.buildinfo
Checksums-Sha256:
 46e4bf1edcfc5d73fadbbddfa93e0f15cdcd39c159ffd9186c7fa67e59632baf 3639 chromium_89.0.4389.82-1.dsc
 a9c18279f7dbb2f1bfc2a212e2c43bad06456983c1d32db95afeeda4ec210d61 427191424 chromium_89.0.4389.82.orig.tar.xz
 d3acc616045d8a596a0824dd5347867997560a1b2115fd6b35d28e8fd570f19b 208292 chromium_89.0.4389.82-1.debian.tar.xz
 6bce2336450d04bd0d708085332f4b788bca09ce9c57b13cce39883a792a33a0 14751 chromium_89.0.4389.82-1_source.buildinfo
Files:
 6e8e4fce0333f7422880bd3ea9dca382 3639 web optional chromium_89.0.4389.82-1.dsc
 e5a499e999e7b73149cff1c1abf374e2 427191424 web optional chromium_89.0.4389.82.orig.tar.xz
 ac4b2762d56c5daf05415c13f8f26c92 208292 web optional chromium_89.0.4389.82-1.debian.tar.xz
 fa3d75bbb311b63e5465fca686758642 14751 web optional chromium_89.0.4389.82-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBGdWgACgkQCBa54Yx2
K616rQ//ZmngjDhLQpwOotg2CLD0qE8oMPYEayWuQtsNG+1M2GG+zMXl12dpb4dS
J6WSXu7B+QBfrVKnyXz88WV6cEod/TQ487pYyHOvxmuS+RdqDJMb9VyRzaWP+smm
HiK3YiFYSf8OumBNo2d1r/J5fG+csLjOPa24ekDh+YlswSM+G3oDlyHYRNzL4rMy
EapPtg7tDWdtbpNgt9sKaj8DMM15UmiFj8RKwVABvHxk9nUmPLUYRqcg4d1qDRNd
YXXwEF1JUMiZ8XLgyRV1oPlA4Fup3EuMe4l3bRV6yYvNgYR/cLra4Hw0ZU2SjnN8
wghNp5XO/cVnaAUQXmd+aozZy/RcnmJUSLdBZ7qn2E7LlbdNiIParTqdI9DQeYRd
Tk0NGgXDdKPzz3wsoDaluFudF24J7H/ZqmYYaLw+PG5E56BmBrTR+Jr8Qj0j2RlS
6wC5X9saYVIAeMwayyA6ftuUIp5P8sGIOuIf/rwSYqy4nrw4kpjBLkyQ6TDaeIH1
F1Ri+FPObGzfLUEbTQPaB9ciDcGrbd1gFTbWotUhNkn5ECDFqL9jdQjfKUqtWVnr
VIR8lPoLoUgFq+SFzVaeuD1iXrXhgXmAhhQTNrDueIQnvwZR57l+Jzis1JMReWdY
Q5s8uWBSYJORBPWUp7aLBg/9FnpCd3BGUBLPANhwqB1Fvs4qD5o=
=uv3X
-----END PGP SIGNATURE-----