Back to chromium PTS page

Accepted chromium 99.0.4844.51-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Feb 2022 21:53:14 -0500
Source: chromium
Architecture: source
Version: 99.0.4844.51-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (99.0.4844.51-1) unstable; urgency=high
 .
   * Embed harfbuzz instead of using the system harfbuzz. Debian doesn't
     yet package harfbuzz-subset (see #988781). Once it is packaged, we
     can go back to using it.
   * Build against Debian's rapidjson-dev package instead of ANGLE's
     bundled rapidjson.
   * Adjust patches:
     + system/harfbuzz.patch - drop, we're using bundled harfbuzz now.
     + upstream/quiche-include.patch - drop, merged upstream.
     + upstream/restrict.patch - drop, merged upstream.
     + upstream/sequence-point.patch - drop, merged upstream.
     + disable/installer.patch - use new BUILDFLAG() macro.
     + disable/unrar.patch - use new BUILDFLAG() macro.
     + disable/welcome-page.patch - use new BUILDFLAG() macro.
     + disable/widevine-cdm.cu.patch - use new BUILDFLAG() macro.
     + disable/tests.patch - drop unnecessary parts of the patch (which ends
       up being most of it).
     + disable/angle-perftests.patch - drop config disabling ANGLE's rapidjson.
     + disable/swiftshader.patch - drop removal of rapidjson dependency.
   * New upstream stable release.
     - CVE-2022-0789: Heap buffer overflow in ANGLE.
       Reported by SeongHwan Park (SeHwa).
     - CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous.
     - CVE-2022-0791: Use after free in Omnibox.
       Reported by Zhihua Yao of KunLun Lab.
     - CVE-2022-0792: Out of bounds read in ANGLE.
       Reported by Jaehun Jeong(@n3sk) of Theori.
     - CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita.
     - CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani.
     - CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960.
     - CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim
       of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
     - CVE-2022-0797: Out of bounds memory access in Mojo.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2022-0798: Use after free in MediaStream.
       Reported by Samet Bekmezci @sametbekmezci.
     - CVE-2022-0799: Insufficient policy enforcement in Installer.
       Reported by Abdelhamid Naceri (halov).
     - CVE-2022-0800: Heap buffer overflow in Cast UI.
       Reported by Khalil Zhani.
     - CVE-2022-0801: Inappropriate implementation in HTML parser.
       Reported by MichaƂ Bentkowski of Securitum.
     - CVE-2022-0802: Inappropriate implementation in Full screen mode.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2022-0803: Inappropriate implementation in Permissions.
       Reported by Abdulla Aldoseri.
     - CVE-2022-0804: Inappropriate implementation in Full screen mode.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2022-0805: Use after free in Browser Switcher.
       Reported by raven at KunLun Lab.
     - CVE-2022-0806: Data leak in Canvas. Reported by Paril.
     - CVE-2022-0807: Inappropriate implementation in Autofill.
       Reported by Alesandro Ortiz.
     - CVE-2022-0808: Use after free in Chrome OS Shell.
       Reported by @ginggilBesel.
     - CVE-2022-0809: Out of bounds memory access in WebXR.
       Reported by @uwu7586.
Checksums-Sha1:
 88b0ce86b933deb2f28294c7f178c20703f0bb6b 3624 chromium_99.0.4844.51-1.dsc
 342f4302163936b2e0a5c93dbbb4cdea48a9d0c4 541114444 chromium_99.0.4844.51.orig.tar.xz
 656d12f543a912f9f88492e47df15bad2dfc3402 213184 chromium_99.0.4844.51-1.debian.tar.xz
 6b919fb0557c200c264409fbdee03966b0b1b4d5 20316 chromium_99.0.4844.51-1_source.buildinfo
Checksums-Sha256:
 2a08f338ab589c7280f5927afd79ca3404a961d88189a02a684c3c6e19a74f43 3624 chromium_99.0.4844.51-1.dsc
 2d3f14764bb2216c6bfdf52dd6da53af256f15860a501467ace9a4af7e2eb593 541114444 chromium_99.0.4844.51.orig.tar.xz
 b7dcd7e6dc276da220d1146cbff04f6cfbc2257d4ed6d953de51bcabc5ca7cb6 213184 chromium_99.0.4844.51-1.debian.tar.xz
 e8d6a66adf079f71a914207b87f05805b2b73444cc1b526794b6d1625bcff708 20316 chromium_99.0.4844.51-1_source.buildinfo
Files:
 6fc132eaa4e53a5ac1d856686c3f2b0e 3624 web optional chromium_99.0.4844.51-1.dsc
 1f227939ac2b27eb861f5e7c1ac9ba38 541114444 web optional chromium_99.0.4844.51.orig.tar.xz
 1be5073def38a192586e48c49a80f332 213184 web optional chromium_99.0.4844.51-1.debian.tar.xz
 10dd88bb7f6fd681fd4fd45cc22933d2 20316 web optional chromium_99.0.4844.51-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmIgMHkUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcRzw/9Fm2YBwmtWk1KOgy1Di996IU/oU70
VzUMjBWcq2eXG8C0bA5ayz6poUzO5fhwxVLejv+y2gUUPcLc48lNgI+65gN0uknM
HoHmhmIwqKRq2j4FwbPr9UrZucdH2mtrLAqhcLPS6RuApw1OJbTOYP5TmktvRs3N
ZKWNL8ZLKqOxyhDLWBFxFi2GggsZGtDE/zGrQWewCboug4LZggZLYir1h441Wcg7
nAYnnjyEa/9hvH37JPWzbZChkQfaeguSDbjFFUSxMkjG7MAVZYAMv+j8QPr1+XBP
KEfrVOAarlGikbzJqu+kDe2tG0zIrluOxpjRoAnIh1yt4ziVYKIwo7Jeb4fUJMo2
Wqre9jDZcJjhp5g1pdq8Gg5YtJU68OG7fwXs5NoQHDs0fpxA1ccH88u9hq0+81Vh
AOqg/zOuqfFNT7oGMO0xxySC/oBEeOC/LIADp/n7FZxjfdy9IZpTVne+/FfThIid
sICqcAGtP/EqxHc6EvsKujtFiIQATHL+mL8rO2mfvewIQ97GwY08msycjMidhkDs
LH9Jalozu2l/KsjNsfbnpHKQvIkbcIEiUtP0CqI4r6oMCQEra6JH345ypQuw/xul
1JIeiBj1j2wG/1CKD+y+XnxP1cksMERNv8ddkKeYCyLDr6Ithyz9nICMDNt5TucI
hQRxNLqxoma0LY0=
=gRAx
-----END PGP SIGNATURE-----