Accepted chromium 109.0.5414.74-2~deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted chromium 109.0.5414.74-2~deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 17 Jan 2023 14:33:40 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: chromium_109.0.5414.74-2~deb11u1_source.changes
- Debian-source: chromium
- Debian-suite: proposed-updates
- Debian-version: 109.0.5414.74-2~deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=cHimCOYWI6kp+5saW5OyFuDBTrgeqj5ao5X6TPgrBOk=; b=K1eCnKKEhuDXhB8vLGbqShC9w1 60NS9est4f+oKRImA2BLpWc0uVBky8nj98H2JCj4QRREd09MxLeGPT97Fx6wARkgdTdMqA638M8yo hyW0G1xIYktajBX+q9rxyTnnt16D/s9GpmmpSq/ZnNMGED+4wUdjBL3I01z1wH+xiFqMnoDhYzVhN IDt8RYkkHvEPzTgARF5tC2keBC9IXgGz44IxFSunbdH49UEPHTU0oBshOiUCaBo2XvzNI5s+vhkng UJMSQFsiZc8PfHnLIfks//nHBweCelvj2wYKtebS9kZPY2vDN3f+huuF9+/kBJfYWtypeLD93/zGE 2FRjyIYA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pHn1w-003VX8-S7@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Jan 2023 18:23:51 -0500
Source: chromium
Architecture: source
Version: 109.0.5414.74-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (109.0.5414.74-2~deb11u1) bullseye-security; urgency=high
.
[ Andres Salomon ]
* d/patches/bullseye/clang13.patch: don't use -gsimple-template-names in
clang arguments, as it doesn't work with clang-13.
.
[ Timothy Pearson ]
* Fix crashes in dav1d during video playback on ppc64le
* d/patches:
- Apply upstream dav1d ppc64le fix from videolan merge request #1464
.
chromium (109.0.5414.74-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani.
- CVE-2023-0129: Heap buffer overflow in Network Service.
Reported by asnine.
- CVE-2023-0130: Inappropriate implementation in Fullscreen API.
Reported by Hafiizh.
- CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
Reported by NDevTK.
- CVE-2023-0132: Inappropriate implementation in Permission prompts.
Reported by Jasper Rebane (popstonia).
- CVE-2023-0133: Inappropriate implementation in Permission prompts.
Reported by Alesandro Ortiz.
- CVE-2023-0134: Use after free in Cart.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2023-0135: Use after free in Cart.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2023-0136: Inappropriate implementation in Fullscreen API.
Reported by Axel Chong.
- CVE-2023-0137: Heap buffer overflow in Platform Apps.
Reported by avaue and Buff3tts at S.S.L..
- CVE-2023-0138: Heap buffer overflow in libphonenumber.
Reported by Michael Dau.
- CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
Reported by Axel Chong.
- CVE-2023-0140: Inappropriate implementation in File System API.
Reported by harrison.mitchell, cybercx.com.au.
- CVE-2023-0141: Insufficient policy enforcement in CORS.
Reported by scarlet.
* d/patches:
- upstream/re-fix-tflite.patch: drop, merged upstream.
- disable/catapult.patch: refresh
- disable/angle-perftests.patch: refresh
.
[ Timothy Pearson ]
* d/patches:
- Regenerate ppc64le configuration files from source
- Fix register corruption in v8 on ppc64 systems
Checksums-Sha1:
abac30a274d94f6502bf965229f9f0a9768eaff4 3801 chromium_109.0.5414.74-2~deb11u1.dsc
adba23110c9c93cbbd4a7a16fa51823c06455e45 627758412 chromium_109.0.5414.74.orig.tar.xz
aa82f88e4396713e2c51e2a02941b675b0551de5 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
a44b92d1f7c49ae1634773b66fd407e4b09ad051 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
Checksums-Sha256:
f4b050c4a0b33f994f0c89bc4703c5df89a8073733cc047e69357ab590c62ec8 3801 chromium_109.0.5414.74-2~deb11u1.dsc
5cd1efa161a61d5a44c46e77ee17fa94ab26232ce5832dca00d5b4726d0b8020 627758412 chromium_109.0.5414.74.orig.tar.xz
27e0064034f4492faeb22bdcc9fd202d2de3188ae91680352c03cd208b7e7ca4 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
8b7a3b76b89db866242f5061f99b34d238d3637490a0d60f10dd8341244c03b0 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
Files:
c27e04c7cbc1dbef32a58c60f24b0702 3801 web optional chromium_109.0.5414.74-2~deb11u1.dsc
82ecc27de0c1a7ad840ce7f740de6b32 627758412 web optional chromium_109.0.5414.74.orig.tar.xz
953833ff9153154ae83a2571ad7ac203 296028 web optional chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
594f2566536cfaee61587935c3997dea 21269 web optional chromium_109.0.5414.74-2~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPAuN0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfnQg/+PnQrUeHm4Ybsgfk45d55jhVV/YwV
1QRMLTZxQSWbXfl+wROdzxHpm5zZC+UmCvBwnBKkINc1abewTr4OEV8w192JJMkb
JrsnwkhMfWaswca8XOldpMied8/DsitVEmaDIlWfKvF3tvawG+GMItmeJFOi9Ix5
HiAH6yCX4HliVpRhMkgEV/3rEtI+rh5ovd53CysE+ImSVQ6oCmXDpiNE9VxSK40S
mHscRGbugfYHF7HJbHZqf7IRExlps7QwwqIq+a/s+5vvse/VGooj3AO9eAfkFfoz
fs24+SfTJSexPDw+5tr6yc7IO1yG81Wvw0esDbl6H7oo2Iq8Ah0RBV9GB4Y0fsYk
D+GSievSyIX7VbwfZkrlrybVV1fbqMxP8SFv+nkcT/zugu5dTIG2eIyMs2adrvUj
ygJC96WOYDLlufu6bHVk8nE9QLnrS+nA866o3uEz2TI47nyW1tbChniEjGcDm+Uj
JEYlm2IaRTqpt3qLfn/UtwLktf181S9/wx45jDAY5rCjzrqsMAdbEWHJsf9nvv7R
zFHNNALOoJRc/a5+eF7CZ3ml4Ew79QHQwTsJCbN8SOrcwv+DUEoFmt15e4qpWLFl
ClAD5R6bERVo846cA3nnVBq7ZlGDyrKxnsaryb5ajnT3aqWSCbmrDMK4LxyD9Ss5
qVKb304HEcFwVbs=
=Igqx
-----END PGP SIGNATURE-----