Accepted chromium 89.0.4389.114-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Apr 2021 13:39:43 +0000
Source: chromium
Architecture: source
Version: 89.0.4389.114-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Changes:
chromium (89.0.4389.114-1~deb10u1) buster-security; urgency=medium
.
* New upstream security release.
- CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin
'Icewall' Noga of Cisco Talos
- CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous
- CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by
Alison Huffman
- CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison
Huffman
- CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison
Huffman
- CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and
Guang Gong
- CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by
Luan Herrera
- CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu
and Moon Liang
- CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
Reported by Irvan Kurniawan
- CVE-2021-21172: Insufficient policy enforcement in File System API.
Reported by Maciej Pulikowski
- CVE-2021-21173: Side-channel information leakage in Network Internals.
Reported by Tom Van Goethem
- CVE-2021-21174: Inappropriate implementation in Referrer. Reported by
Ashish Gautam Kamble
- CVE-2021-21175: Inappropriate implementation in Site isolation. Reported
by Jun Kokatsu
- CVE-2021-21176: Inappropriate implementation in full screen mode.
Reported by Luan Herrera
- CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by
Abdulrahman Alqabandi
- CVE-2021-21178: Inappropriate implementation in Compositing. Reported by
Japong
- CVE-2021-21179: Use after free in Network Internals. Reported by
Anonymous
- CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman
Alqabandi
- CVE-2021-21181: Side-channel information leakage in autofill. Reported by
Xu Lin, Panagiotis Ilias, Jason Polakis
- CVE-2021-21182: Insufficient policy enforcement in navigations. Reported
by Luan Herrera
- CVE-2021-21183: Inappropriate implementation in performance APIs.
Reported by Takashi Yoneuchi
- CVE-2021-21184: Inappropriate implementation in performance APIs.
Reported by James Hartig
- CVE-2021-21185: Insufficient policy enforcement in extensions. Reported
by David Erceg
- CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported
by dhirajkumarnifty
- CVE-2021-21187: Insufficient data validation in URL formatting. Reported
by Kirtikumar Anandrao Ramchandani
- CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh
- CVE-2021-21189: Insufficient policy enforcement in payments. Reported by
Khalil Zhani
- CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting
- CVE-2021-21191: Use after free in WebRTC. Reported by raven
- CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
Abdulrahman Alqabandi
- CVE-2021-21193: Use after free in Blink. Reported by Anonymous
- CVE-2021-21194: Use after free in screen capture. Reported by Leecraso
and Guang Gong
- CVE-2021-21195: Use after free in V8. Reported by Liu and Liang
- CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil
Zhani
- CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman
Alqabandi
- CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand
- CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang
Checksums-Sha1:
fd0c9626b5e868144d3abd6d0521b2aa0ce762ba 4298 chromium_89.0.4389.114-1~deb10u1.dsc
2117178efd6b46359b9b030cacfd56e8b464bf99 433035976 chromium_89.0.4389.114.orig.tar.xz
86b188e09f8a787885657a68943968d8d8f29e04 218976 chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
a5fd0f1f02838118b33b401ff8dbf0dc2f127673 22879 chromium_89.0.4389.114-1~deb10u1_source.buildinfo
Checksums-Sha256:
5415e1933922329125fd1311486b9a8ea72b954fa4789e726fba0256cf68ca68 4298 chromium_89.0.4389.114-1~deb10u1.dsc
c8451a7fe5528815b2167807138c3fa09ea3dfbdf7db5f1096fcffb75d1a1a1d 433035976 chromium_89.0.4389.114.orig.tar.xz
274d561903e769825e5ac067625ed1833da03f7cee0b27629d95f4b1874c8a29 218976 chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
6ccff226ff9435f7fe7d4e91ddab375fdb284f20aef52a309326cd79d8133ccc 22879 chromium_89.0.4389.114-1~deb10u1_source.buildinfo
Files:
e8783082a766e67a8b7c5c346b84564f 4298 web optional chromium_89.0.4389.114-1~deb10u1.dsc
0c177df9432fef5f9139414ff91da915 433035976 web optional chromium_89.0.4389.114.orig.tar.xz
d9a0cc4cd2a21f31e1ff3eb18467dc59 218976 web optional chromium_89.0.4389.114-1~deb10u1.debian.tar.xz
17c984e1a1c241a511dea4f6aff312c6 22879 web optional chromium_89.0.4389.114-1~deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmBqV0IACgkQmD40ZYkU
ayh0MR//ctvrlWp9n4t0XdO6Ey9d2yPnu2KiAz9TWrhjmNfoO+esnWBCqieSasOu
xcNN0uHDxlqQkkeWSOAP+TXdh2KMJF4Xhmr6Y+c4uSkPoIbdz7ExGyIz2aD6bGfJ
X+Tiynx89sVMJoVoVQrxDr3g9m+iP98cSwXuwjuDMq7by9Mi3YDdXaZpMGp7G0sR
T6yu2Yg2NgK404NTLnAQjqdf88ftYEibNK0fnKRYsDzC7R+bmquc3LpqrQQkG3nG
i6SQ6szrrkfYmqzrIIzHUGORuefkM/v8a6SckfWN9ZCFtSzxBscFhpA4PmywAkLd
4DJ0/h8qtoN8ahm4sApxqZkKh/6piSMBcpMGeqjUsK97eRqBqcmxw3DXjShXQ0V6
HeXcx5pIlfRGYEJXktYRFvz+KRmxJPqOkxxoqdbqudZP1Tv0r2/BQszyAMmDzc9d
6sbArtUvh/k7IHcG1kQM4uO4myMbbsy8pRmgXR17ToA+fBPh1xiz9y1pkZ5fqEH7
vrT2BdKwXp5Yv3ed8bFbG6pJsxVnDWHARmvb7ELIwcuzbmGlC+jio22gl6wgq73b
BMQbAzTQF9Xb1z879BxJtb5Azj4Wd0YX+oT2oLt6ZDXKIl9RLNINL2+KpSvAxqnT
O3kN7THeYwiDbJCmmD/16fiYkz3Iwnh9XWjepqiGL7fnC86ecb7jbAQNq/e1LTmz
qUQjzBkRfiwecY4oHmyZMTbudJ9QOT/kqV9goXEjT20dSBo72G+zgJR14QXlKe4D
pmIjKb/sZcWipA2KDAWc95FTIFSlwI+yZSrZ5O6WAXJsFqOjp4zgCR9vbWqPteHx
tF/vnr+DNluN4gEpZbJvfWwcc5WgeTPZ2crvlepQmqdzvtCaxACuo7c6r1imSain
wZI639+EWPDu6decQxbPr/YwbFGSIkpmJyFQiRW8VzYQU+uZrxJ7NlR/qeXjMZf4
tJD3+8yagu9ZpR/as3FY0nAWmoZjKGlqW2VnB1GD8xtcn/YJHRY7fbaNvlGh3LvH
fYZpqFiBqEMDOcMGAa8jI6sXK6GOOzxc55ig36JO396FH2wfJcuRlzCARt1pNzsV
jBTBfJVij0V5FEk++mt4ANyb/MbNpW+Upsq3Iq4Ph9NQJnU3u9jKfEf5TRgOsfmx
eXB4+/m37HomjmXOfxztDwCqOsRpVhq6fFIzCmv24uDaIzRhhS2UIB8vRQOhfsgT
VEE/OttiIHxdTuZyAOLcVmk4GY8fuuOWArmE83ZLC4F0vJCTUf70AQZemB79P87q
xuncC8hEcyH6sI8HdRC9ZfwYUNzYpyeM+DV6SWQvXaeABp45zxs07ZWcBQNye1JW
H/nuKeWMUpJ4KSi+W7a8etrg0FcCDQ==
=CreX
-----END PGP SIGNATURE-----