Accepted chromium 102.0.5005.61-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted chromium 102.0.5005.61-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 25 May 2022 06:50:13 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=KoLY6PoMTpFqjvXwlHf5S8E0eg6MRg8b+Wmzk5I49WQ=; b=Nhj1ms8swH1qRDRrz4uNntge8k jOThNDZrDsPXxAfrK0lGIsVgkGD5aXaxlDANqbGzgZA3xfd014yR8ftyOkdgxGGLgWQ8SVNLaotyH 9tG021oFm8Wx89vsaGruU4S9IYVkNF6dz5e8NUGoOd9Zs1YUekJYegTdojDXxalGy4JjQ0zY6C6H5 8uPRhfJqu45Hjx+k1ZVJTxj7sOBgsvsY1E10fS7HoGcA+Syk98+ScAc0wwB56m2IdvC3zQPrRgX4L 6/pCXMhqCayE/hFHoLut0h422ZwDWQz2UlQ3HYRaW5KATJLz2VqWN6LTTP0OyXifaksSMws1/A2C+ B6jKEEPQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1ntkqT-00097d-V8@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 May 2022 02:09:10 -0400
Source: chromium
Architecture: source
Version: 102.0.5005.61-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1011096
Changes:
chromium (102.0.5005.61-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous
- CVE-2022-1854: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1855: Use after free in Messaging. Reported by Anonymous
- CVE-2022-1856: Use after free in User Education. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1857: Insufficient policy enforcement in File System API.
Reported by Daniel Rhea
- CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad
- CVE-2022-1859: Use after free in Performance Manager. Reported by
Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab
- CVE-2022-1860: Use after free in UI Foundations.
Reported by @ginggilBesel
- CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani
- CVE-2022-1862: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz
- CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg
- CVE-2022-1864: Use after free in WebApp Installs.
Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab
- CVE-2022-1865: Use after free in Bookmarks.
Reported by Rong Jian of VRI
- CVE-2022-1866: Use after free in Tablet Mode.
Reported by @ginggilBesel
- CVE-2022-1867: Insufficient validation of untrusted input in
Data Transfer. Reported by MichaĆ Bentkowski of Securitum
- CVE-2022-1868: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-1869: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1870: Use after free in App Service. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1871: Insufficient policy enforcement in File System API.
Reported by Thomas Orlita
- CVE-2022-1872: Insufficient policy enforcement in Extensions API.
Reported by ChaobinZhang
- CVE-2022-1873: Insufficient policy enforcement in COOP.
Reported by NDevTK
- CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
Reported by hjy79425575
- CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK
- CVE-2022-1876: Heap buffer overflow in DevTools.
Reported by @ginggilBesel
* debian/patches:
- system/jpeg.patch - straight refresh.
- disable/swiftshader.patch - straight refresh.
- disable/swiftshader-2.patch - refresh for upstream dropping of legacy
swiftshader GL stuff; they now use ANGLE.
- disable/angle-perftests.patch - refresh.
- system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations
argument change.
- bullseye/clang11.patch - merge cast-call.patch into it, as well as
dropping additional unsupported clang arguments.
- bullseye/cast-call.patch - drop.
- upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS.
- upstream/blink-ftbfs.patch - another FTBFS patch.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch -
fix a build failure that only happens with clang + GNU's libstdc++.
- upstream/byteswap-constexpr.patch - add this to fix bullsye builds on
32-bit platforms (closes: #1011096).
* Don't build unneccessary dawn build tests.
Checksums-Sha1:
1755f43c4b66190af33ad27d1baacb7c0eae0fa1 3619 chromium_102.0.5005.61-1.dsc
47331ae6f69d5a5878e82c8292f0725f1bf5346a 601246340 chromium_102.0.5005.61.orig.tar.xz
a012906bef13f69455d036fb4e3a4b451cd438ba 210996 chromium_102.0.5005.61-1.debian.tar.xz
019fb104beaf76e9cdde19590bc3c173cdcf65a0 20021 chromium_102.0.5005.61-1_source.buildinfo
Checksums-Sha256:
abf209fa58d987758fa38e65c56af3cf2250aac2b8ac5367bc69906c061b9655 3619 chromium_102.0.5005.61-1.dsc
9b44f0f42a3b11240bac0b62587994e0fa8f59a27a4e090a3513d62949423690 601246340 chromium_102.0.5005.61.orig.tar.xz
07dfec4e095c8fc8c1ddcdebff11db9c6816744ce6a82159817de1e0aa4a51eb 210996 chromium_102.0.5005.61-1.debian.tar.xz
49c4646085b38eac9d1748e6f07e4430eccfd1ea5d170a26fd56cc90af3be759 20021 chromium_102.0.5005.61-1_source.buildinfo
Files:
bb0a07b0779b303abd143c58319abf1c 3619 web optional chromium_102.0.5005.61-1.dsc
45045d678bc6e6184d7e4e3caf230732 601246340 web optional chromium_102.0.5005.61.orig.tar.xz
c893a7574832f10afd1642d27a45b62a 210996 web optional chromium_102.0.5005.61-1.debian.tar.xz
bec25e7836d73a209ab7e56c0b445a67 20021 web optional chromium_102.0.5005.61-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmKNyYIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdpbA//cLBoA28ZR0Cp4hj7pAdXIBtrGqms
niZSeW3FkfKdR4zlBOO8SQZ+TT0szmbpTJjdc5Y6EtuBUSaxL+1377rDumU1SYf+
7AQ/gwHXXoeDE7y8h1/VOZKQjRrHqEPi5gFw5sZStfwSQNMTTn799kZCjqBjL//u
twujP/Jt208ABABoUdQfKIlOHZ6QXV744Km1u4xU5LxnFEZIlTvoc0DxU7hkKsFN
RFu31TTw46bxhFO8YB9j9LlfpFffmCVcBihjnzsZLp4STG/nC49K8JAUWHJXXOb7
e4D98Mip/N8NbXF1cbWpIUJimF6CaVexfbukXcvjsZb92+NjaSsXHAdcalM7HZaJ
nraoOUq/3FcbSelXAK0JHdj2hUxMDySJLXuE5v95EwDkGmyPesTIfz0T3A8aOyxm
xhXe30bxrVnRq5alHQF5uYkoYEpM61M4Z45xbtjweY5+Mh8KdWp7CBirCSaTyRjK
l/aX+rHCtgdCFd4vz8e9k4CfkZdmYASmjNvnqVhkHFbizEk2RqJ+xaCvP9FUB3j9
SGrVAe2v7PpyUkl2+8+M/gPa4QfgFs/BNBYBiC+bQazQu4JTs/S0s90AGtoclGtm
ao9hKjkg1vOjvSbRsoOQKB1QAvkzKZfqc0Opb4MgZul460c19lpyK7TETJbQLJZK
D27siIzOJ0+j70U=
=Bv3A
-----END PGP SIGNATURE-----