Back to chromium PTS page

Accepted chromium 99.0.4844.51-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium 99.0.4844.51-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 14 Mar 2022 21:17:10 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nTs3y-000GBH-BF@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 03 Feb 2022 00:14:50 -0500
Source: chromium
Architecture: source
Version: 99.0.4844.51-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (99.0.4844.51-1~deb11u1) bullseye-security; urgency=high
 .
   * Embed harfbuzz instead of using the system harfbuzz. Debian doesn't
     yet package harfbuzz-subset (see #988781). Once it is packaged, we
     can go back to using it.
   * Build against Debian's rapidjson-dev package instead of ANGLE's
     bundled rapidjson.
   * Adjust patches:
     + system/harfbuzz.patch - drop, we're using bundled harfbuzz now.
     + upstream/quiche-include.patch - drop, merged upstream.
     + upstream/restrict.patch - drop, merged upstream.
     + upstream/sequence-point.patch - drop, merged upstream.
     + disable/installer.patch - use new BUILDFLAG() macro.
     + disable/unrar.patch - use new BUILDFLAG() macro.
     + disable/welcome-page.patch - use new BUILDFLAG() macro.
     + disable/widevine-cdm.cu.patch - use new BUILDFLAG() macro.
     + disable/tests.patch - drop unnecessary parts of the patch (which ends
       up being most of it).
     + disable/angle-perftests.patch - drop config disabling ANGLE's rapidjson.
     + disable/swiftshader.patch - drop removal of rapidjson dependency.
   * New upstream stable release.
     - CVE-2022-0789: Heap buffer overflow in ANGLE.
       Reported by SeongHwan Park (SeHwa).
     - CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous.
     - CVE-2022-0791: Use after free in Omnibox.
       Reported by Zhihua Yao of KunLun Lab.
     - CVE-2022-0792: Out of bounds read in ANGLE.
       Reported by Jaehun Jeong(@n3sk) of Theori.
     - CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita.
     - CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani.
     - CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960.
     - CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim
       of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
     - CVE-2022-0797: Out of bounds memory access in Mojo.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2022-0798: Use after free in MediaStream.
       Reported by Samet Bekmezci @sametbekmezci.
     - CVE-2022-0799: Insufficient policy enforcement in Installer.
       Reported by Abdelhamid Naceri (halov).
     - CVE-2022-0800: Heap buffer overflow in Cast UI.
       Reported by Khalil Zhani.
     - CVE-2022-0801: Inappropriate implementation in HTML parser.
       Reported by Michał Bentkowski of Securitum.
     - CVE-2022-0802: Inappropriate implementation in Full screen mode.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2022-0803: Inappropriate implementation in Permissions.
       Reported by Abdulla Aldoseri.
     - CVE-2022-0804: Inappropriate implementation in Full screen mode.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2022-0805: Use after free in Browser Switcher.
       Reported by raven at KunLun Lab.
     - CVE-2022-0806: Data leak in Canvas. Reported by Paril.
     - CVE-2022-0807: Inappropriate implementation in Autofill.
       Reported by Alesandro Ortiz.
     - CVE-2022-0808: Use after free in Chrome OS Shell.
       Reported by @ginggilBesel.
     - CVE-2022-0809: Out of bounds memory access in WebXR.
       Reported by @uwu7586.
Checksums-Sha1:
 371708404a9bab7cbb520ed9cf8e831dd62e8c62 3694 chromium_99.0.4844.51-1~deb11u1.dsc
 342f4302163936b2e0a5c93dbbb4cdea48a9d0c4 541114444 chromium_99.0.4844.51.orig.tar.xz
 405311bdc6b5ade2d68f2f5ac0762c77111259a4 213088 chromium_99.0.4844.51-1~deb11u1.debian.tar.xz
 a292ba31e737b2d474241104214aed07c17c1ec0 20419 chromium_99.0.4844.51-1~deb11u1_source.buildinfo
Checksums-Sha256:
 a2e00fe488d5cd7204738020db2f14bb90cf6b0fc335c979748847ddc2454e65 3694 chromium_99.0.4844.51-1~deb11u1.dsc
 2d3f14764bb2216c6bfdf52dd6da53af256f15860a501467ace9a4af7e2eb593 541114444 chromium_99.0.4844.51.orig.tar.xz
 878aa8cd04096b53daa91c7c000959a916cff762f637692d4e2c3a65721fd542 213088 chromium_99.0.4844.51-1~deb11u1.debian.tar.xz
 794ef34145588c8aeb430e1e3827d175fce6cac7720595852c481ef255d6423b 20419 chromium_99.0.4844.51-1~deb11u1_source.buildinfo
Files:
 3daf1fa13e0edb01726455b970399eb9 3694 web optional chromium_99.0.4844.51-1~deb11u1.dsc
 1f227939ac2b27eb861f5e7c1ac9ba38 541114444 web optional chromium_99.0.4844.51.orig.tar.xz
 c1407fe881f5af10bf76b0cb14882d1a 213088 web optional chromium_99.0.4844.51-1~deb11u1.debian.tar.xz
 b7f9f048483fcf33ae1f0ce18a3705b4 20419 web optional chromium_99.0.4844.51-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmIhAXoUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfXjRAAuJArSH9yc1SZoiO9ebtCb9u5psl8
KKb26Z7IwXHrP18wNzBemr/vagkp8ISTNIBHogE9O+W4vX2q3BohsE4J+1iEm6SX
skVi+yGW+goET2TV3F9PT6BT2ECUohbB25Go97HcyVfJmE93v9Fzq0br8Y6PGFD+
wJrUxehoOYKbmJw/tJZUSysqZqSS9B39ck5tiwiJCFAMu0GBWRhN5Q55GVgw0C6a
bewXDLQ9VtWBnBD99l3S3tXk5Xoegrd1rvkT5uywRQY09B/zgTIS2oTkyTIJ8svS
LGw1ZqhOqmZTq/1I4L04285DdeSC8M9/+/c9Lyy9rbeVp55XhOER8llJqDhseZjl
ytZLr629Rdfw67+IKTW1xCjVO8O7nIoI2cdDzd1ZLnOvkIUe5Srp2iEvosZ+4XW+
KQGQNWiedH2VRES+MumkE7CySqXWCrQB1tYDhFhJcRYw5O474b+1zODVlNjAQf57
gHmwgyBeyqDtFLrS2Z7B7jh/yphG0nd8r6z2wOJsVPkcMJWe6Qy1peRzREqgQ4B8
pmXJb23wm3wdJ7ToYprTHFZFrcis55R8ehHGoKXl24sRzHmXewcUJx7AZ8HEAwde
80yEYOop409ZrpLRmQ/nhS+gmkRLKewK8ZOqLh0Hk0LYXF8w63XFq561LpStsBfP
mpwPYePJCE64LHk=
=9e4h
-----END PGP SIGNATURE-----