Back to chromium PTS page

Accepted chromium 109.0.5414.74-2~deb11u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 12 Jan 2023 18:23:51 -0500
Source: chromium
Architecture: source
Version: 109.0.5414.74-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (109.0.5414.74-2~deb11u1) bullseye-security; urgency=high
 .
   [ Andres Salomon ]
   * d/patches/bullseye/clang13.patch: don't use -gsimple-template-names in
     clang arguments, as it doesn't work with clang-13.
 .
   [ Timothy Pearson ]
   * Fix crashes in dav1d during video playback on ppc64le
   * d/patches:
     - Apply upstream dav1d ppc64le fix from videolan merge request #1464
 .
 chromium (109.0.5414.74-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani.
     - CVE-2023-0129: Heap buffer overflow in Network Service.
       Reported by asnine.
     - CVE-2023-0130: Inappropriate implementation in Fullscreen API.
       Reported by Hafiizh.
     - CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
       Reported by NDevTK.
     - CVE-2023-0132: Inappropriate implementation in Permission prompts.
       Reported by Jasper Rebane (popstonia).
     - CVE-2023-0133: Inappropriate implementation in Permission prompts.
       Reported by Alesandro Ortiz.
     - CVE-2023-0134: Use after free in Cart.
       Reported by Chaoyuan Peng (@ret2happy).
     - CVE-2023-0135: Use after free in Cart.
       Reported by Chaoyuan Peng (@ret2happy).
     - CVE-2023-0136: Inappropriate implementation in Fullscreen API.
       Reported by Axel Chong.
     - CVE-2023-0137: Heap buffer overflow in Platform Apps.
       Reported by avaue and Buff3tts at S.S.L..
     - CVE-2023-0138: Heap buffer overflow in libphonenumber.
       Reported by Michael Dau.
     - CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
       Reported by Axel Chong.
     - CVE-2023-0140: Inappropriate implementation in File System API.
       Reported by harrison.mitchell, cybercx.com.au.
     - CVE-2023-0141: Insufficient policy enforcement in CORS.
       Reported by scarlet.
   * d/patches:
     - upstream/re-fix-tflite.patch: drop, merged upstream.
     - disable/catapult.patch: refresh
     - disable/angle-perftests.patch: refresh
 .
   [ Timothy Pearson ]
   *  d/patches:
     - Regenerate ppc64le configuration files from source
     - Fix register corruption in v8 on ppc64 systems
Checksums-Sha1:
 abac30a274d94f6502bf965229f9f0a9768eaff4 3801 chromium_109.0.5414.74-2~deb11u1.dsc
 adba23110c9c93cbbd4a7a16fa51823c06455e45 627758412 chromium_109.0.5414.74.orig.tar.xz
 aa82f88e4396713e2c51e2a02941b675b0551de5 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
 a44b92d1f7c49ae1634773b66fd407e4b09ad051 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
Checksums-Sha256:
 f4b050c4a0b33f994f0c89bc4703c5df89a8073733cc047e69357ab590c62ec8 3801 chromium_109.0.5414.74-2~deb11u1.dsc
 5cd1efa161a61d5a44c46e77ee17fa94ab26232ce5832dca00d5b4726d0b8020 627758412 chromium_109.0.5414.74.orig.tar.xz
 27e0064034f4492faeb22bdcc9fd202d2de3188ae91680352c03cd208b7e7ca4 296028 chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
 8b7a3b76b89db866242f5061f99b34d238d3637490a0d60f10dd8341244c03b0 21269 chromium_109.0.5414.74-2~deb11u1_source.buildinfo
Files:
 c27e04c7cbc1dbef32a58c60f24b0702 3801 web optional chromium_109.0.5414.74-2~deb11u1.dsc
 82ecc27de0c1a7ad840ce7f740de6b32 627758412 web optional chromium_109.0.5414.74.orig.tar.xz
 953833ff9153154ae83a2571ad7ac203 296028 web optional chromium_109.0.5414.74-2~deb11u1.debian.tar.xz
 594f2566536cfaee61587935c3997dea 21269 web optional chromium_109.0.5414.74-2~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPAuN0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfnQg/+PnQrUeHm4Ybsgfk45d55jhVV/YwV
1QRMLTZxQSWbXfl+wROdzxHpm5zZC+UmCvBwnBKkINc1abewTr4OEV8w192JJMkb
JrsnwkhMfWaswca8XOldpMied8/DsitVEmaDIlWfKvF3tvawG+GMItmeJFOi9Ix5
HiAH6yCX4HliVpRhMkgEV/3rEtI+rh5ovd53CysE+ImSVQ6oCmXDpiNE9VxSK40S
mHscRGbugfYHF7HJbHZqf7IRExlps7QwwqIq+a/s+5vvse/VGooj3AO9eAfkFfoz
fs24+SfTJSexPDw+5tr6yc7IO1yG81Wvw0esDbl6H7oo2Iq8Ah0RBV9GB4Y0fsYk
D+GSievSyIX7VbwfZkrlrybVV1fbqMxP8SFv+nkcT/zugu5dTIG2eIyMs2adrvUj
ygJC96WOYDLlufu6bHVk8nE9QLnrS+nA866o3uEz2TI47nyW1tbChniEjGcDm+Uj
JEYlm2IaRTqpt3qLfn/UtwLktf181S9/wx45jDAY5rCjzrqsMAdbEWHJsf9nvv7R
zFHNNALOoJRc/a5+eF7CZ3ml4Ew79QHQwTsJCbN8SOrcwv+DUEoFmt15e4qpWLFl
ClAD5R6bERVo846cA3nnVBq7ZlGDyrKxnsaryb5ajnT3aqWSCbmrDMK4LxyD9Ss5
qVKb304HEcFwVbs=
=Igqx
-----END PGP SIGNATURE-----