Accepted chromium 89.0.4389.82-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Mar 2021 09:48:03 +0100
Source: chromium
Architecture: source
Version: 89.0.4389.82-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michel Le Bihan <michel@lebihan.pl>
Closes: 984532
Changes:
chromium (89.0.4389.82-1) unstable; urgency=medium
.
* New upstream stable release (closes: #984532).
- CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
'Icewall' Noga of Cisco Talos
- CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
- CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
Alison Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported
by Muneaki Nishimura nishimunea
- CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
Huffman, Microsoft Browser Vulnerability Research
- CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
Guang Gong of 360 Alpha Lab
- CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
Luan Herrera @lbherrera_
- CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
@P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab
- CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
Reported by Irvan Kurniawan sourc7
- CVE-2021-21172: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21173: Side-channel information leakage in Network Internals.
Reported by Tom Van Goethem from imec-DistriNet, KU Leuven
- CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
Ashish Gautam Kamble
- CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
by Jun Kokatsu, Microsoft Browser Vulnerability Research
- CVE-2021-21176: Inappropriate implementation in full screen mode.
Reported by Luan Herrera @lbherrera_
- CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
Japong
- CVE-2021-21179: Use after free in Network Internals. Reported by
Anonymous
- CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean
Campbell at Tableau
- CVE-2021-21181: Side-channel information leakage in autofill. Reported by
Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of
Illinois at Chicago, Jason Polakis University of Illinois at Chicago
- CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
by Luan Herrera @lbherrera_
- CVE-2021-21183: Inappropriate implementation in performance APIs.
Reported by Takashi Yoneuchi @y0n3uchy
- CVE-2021-21184: Inappropriate implementation in performance APIs.
Reported by James Hartig
- CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
by dhirajkumarnifty
- CVE-2021-21187: Insufficient data validation in URL formatting. Reported
by Kirtikumar Anandrao Ramchandani
- CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
@pwn_expoit of STEALIEN
- CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
Khalil Zhani
- CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
@zhouat1 of Qihoo 360 Vulcan Team
Checksums-Sha1:
29ce4eb50596a37358aee583974a03a4ec851c22 3639 chromium_89.0.4389.82-1.dsc
2966d69b45c664b6498dde8da163be9fe7b9f39c 427191424 chromium_89.0.4389.82.orig.tar.xz
6b7f98cfca418ac6ee271a72031ed89a266ee938 208292 chromium_89.0.4389.82-1.debian.tar.xz
768e4a551036cf8022104f924a3f7884e27d41cd 14751 chromium_89.0.4389.82-1_source.buildinfo
Checksums-Sha256:
46e4bf1edcfc5d73fadbbddfa93e0f15cdcd39c159ffd9186c7fa67e59632baf 3639 chromium_89.0.4389.82-1.dsc
a9c18279f7dbb2f1bfc2a212e2c43bad06456983c1d32db95afeeda4ec210d61 427191424 chromium_89.0.4389.82.orig.tar.xz
d3acc616045d8a596a0824dd5347867997560a1b2115fd6b35d28e8fd570f19b 208292 chromium_89.0.4389.82-1.debian.tar.xz
6bce2336450d04bd0d708085332f4b788bca09ce9c57b13cce39883a792a33a0 14751 chromium_89.0.4389.82-1_source.buildinfo
Files:
6e8e4fce0333f7422880bd3ea9dca382 3639 web optional chromium_89.0.4389.82-1.dsc
e5a499e999e7b73149cff1c1abf374e2 427191424 web optional chromium_89.0.4389.82.orig.tar.xz
ac4b2762d56c5daf05415c13f8f26c92 208292 web optional chromium_89.0.4389.82-1.debian.tar.xz
fa3d75bbb311b63e5465fca686758642 14751 web optional chromium_89.0.4389.82-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBGdWgACgkQCBa54Yx2
K616rQ//ZmngjDhLQpwOotg2CLD0qE8oMPYEayWuQtsNG+1M2GG+zMXl12dpb4dS
J6WSXu7B+QBfrVKnyXz88WV6cEod/TQ487pYyHOvxmuS+RdqDJMb9VyRzaWP+smm
HiK3YiFYSf8OumBNo2d1r/J5fG+csLjOPa24ekDh+YlswSM+G3oDlyHYRNzL4rMy
EapPtg7tDWdtbpNgt9sKaj8DMM15UmiFj8RKwVABvHxk9nUmPLUYRqcg4d1qDRNd
YXXwEF1JUMiZ8XLgyRV1oPlA4Fup3EuMe4l3bRV6yYvNgYR/cLra4Hw0ZU2SjnN8
wghNp5XO/cVnaAUQXmd+aozZy/RcnmJUSLdBZ7qn2E7LlbdNiIParTqdI9DQeYRd
Tk0NGgXDdKPzz3wsoDaluFudF24J7H/ZqmYYaLw+PG5E56BmBrTR+Jr8Qj0j2RlS
6wC5X9saYVIAeMwayyA6ftuUIp5P8sGIOuIf/rwSYqy4nrw4kpjBLkyQ6TDaeIH1
F1Ri+FPObGzfLUEbTQPaB9ciDcGrbd1gFTbWotUhNkn5ECDFqL9jdQjfKUqtWVnr
VIR8lPoLoUgFq+SFzVaeuD1iXrXhgXmAhhQTNrDueIQnvwZR57l+Jzis1JMReWdY
Q5s8uWBSYJORBPWUp7aLBg/9FnpCd3BGUBLPANhwqB1Fvs4qD5o=
=uv3X
-----END PGP SIGNATURE-----