Back to chromium PTS page

Accepted chromium 111.0.5563.64-1~deb11u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Mar 2023 18:12:37 -0500
Source: chromium
Architecture: source
Version: 111.0.5563.64-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (111.0.5563.64-1~deb11u1) bullseye-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2023-1213: Use after free in Swiftshader.
       Reported by Jaehun Jeong(@n3sk) of Theori.
     - CVE-2023-1214: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous.
     - CVE-2023-1216: Use after free in DevTools.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2023-1217: Stack buffer overflow in Crash reporting.
       Reported by sunburst of Ant Group Tianqiong Security Lab.
     - CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous.
     - CVE-2023-1219: Heap buffer overflow in Metrics.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-1220: Heap buffer overflow in UMA.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-1221: Insufficient policy enforcement in Extensions API.
       Reported by Ahmed ElMasry.
     - CVE-2023-1222: Heap buffer overflow in Web Audio API.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2023-1223: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-1224: Insufficient policy enforcement in Web Payments API.
       Reported by Thomas Orlita.
     - CVE-2023-1225: Insufficient policy enforcement in Navigation.
       Reported by Roberto Ffrench-Davis @Lihaft.
     - CVE-2023-1226: Insufficient policy enforcement in Web Payments API.
       Reported by Anonymous.
     - CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel.
     - CVE-2023-1228: Insufficient policy enforcement in Intents.
       Reported by Axel Chong.
     - CVE-2023-1229: Inappropriate implementation in Permission prompts.
       Reported by Thomas Orlita.
     - CVE-2023-1230: Inappropriate implementation in WebApp Installs.
       Reported by Axel Chong.
     - CVE-2023-1231: Inappropriate implementation in Autofill.
       Reported by Yan Zhu, Brave.
     - CVE-2023-1232: Insufficient policy enforcement in Resource Timing.
       Reported by Sohom Datta.
     - CVE-2023-1233: Insufficient policy enforcement in Resource Timing.
       Reported by Soroush Karami.
     - CVE-2023-1234: Inappropriate implementation in Intents.
       Reported by Axel Chong.
     - CVE-2023-1235: Type Confusion in DevTools.
       Reported by raven at KunLun lab.
     - CVE-2023-1236: Inappropriate implementation in Internals.
       Reported by Alesandro Ortiz.
   * Document upcoming security support in README.Debian.security.
   * Document switching the default search engine in README.debian.
   * d/patches:
     - upstream/clamp.patch: drop, merged upstream.
     - upstream/pwman-const.patch: drop, merged upstream.
     - upstream/move-stack-to-isolate.patch: drop, merged upstream.
     - upstream/blink-dbl-float.patch: drop, merged upstream.
     - upstream/v4l2-fix.patch: drop, merged upstream.
     - disable/catapult.patch: refresh & remove unnecessary android bits.
     - disable/google-api-warning.patch: refresh.
     - bullseye/mulodic.patch: add missing import.
 .
   [ Timothy Pearson ]
    * d/patches:
     - ppc64le/third_party/0005-third_party-dav1d-crash-fix.patch: drop,
           merged upstream
     - ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch:
           skia musttail is back in upstream, disable on ppc64le due to
           contining Clang bugs
     - ppc64le: refresh libaom configuration
Checksums-Sha1:
 aa435545296c91cf5a23fe27be0a34f4efea51ae 3801 chromium_111.0.5563.64-1~deb11u1.dsc
 d8c14fdb7853f61e157a4c87427dae124a6c1563 653798792 chromium_111.0.5563.64.orig.tar.xz
 42b376bf3b797ed0ef7113823e4b1be5d3975efa 297936 chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
 8bdae78d564aaf066382c286b61ec3666ce7171c 21311 chromium_111.0.5563.64-1~deb11u1_source.buildinfo
Checksums-Sha256:
 0686fcf58f4c12ea4f5e0567429c6ca87c262106d5b46266b23962836c2b96f7 3801 chromium_111.0.5563.64-1~deb11u1.dsc
 68dc1f957c93a199571acea663a68ce59f8c028b522d010639f657d6442d154d 653798792 chromium_111.0.5563.64.orig.tar.xz
 fb84bc348278cecea73c3fcc7006f5c9bbb429889b7c269c32664d78605f8817 297936 chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
 c770936605181a767cfa2f0df124b954351b284fec1e10fdba8963b920b8bf27 21311 chromium_111.0.5563.64-1~deb11u1_source.buildinfo
Files:
 0c79c8393a2214bd627ad17cda602f49 3801 web optional chromium_111.0.5563.64-1~deb11u1.dsc
 caa4104f8f64bcdb1a6fa63531cee231 653798792 web optional chromium_111.0.5563.64.orig.tar.xz
 2b9afdaf44bda35a5bfa5d13fd68c751 297936 web optional chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
 c1cca27d96b216e5108a15d9ee7e8341 21311 web optional chromium_111.0.5563.64-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmQIFzgUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdOpQ//e6HHNmAkAtDr2PmVlbEu/xYw5qSn
vdOKOyX1oi1AD/sDnCYf/r4HYeX2AovsBT9XDuHxlYJa1V+Zik0dSzrWToZbJT5J
xY9BYa90Alus7zvKYICwZNFFaae7bMpsILTzrII0+DNJFUlYyNK3nyP3AcuSvdnz
k9WC4rwDOgJ/yixLndTicAUhzTn+Yhih848dtBtd0aI7tBeVh/vesoyePjRoId3d
eJaU3Eg6CLG9Is2TOBF2jNenFsf6iqLSQwYXhDhifJsgmUCB0MntdO/M/HVvuaYP
2dc8C38xPARhFh+cXMVq38psC3p7FvMxzJyWv/vnl2Rlu/+Ecd2+OuXE2wQdHPf7
EL8qScxqtghXUwVgCXT5yg2Cz28jD/+iHBrWINrq/fyD4g1J7vqcx/fJcoJZbiMu
tigI9HdfXu+1do2kHbRHQusQxUZSKsW30peJ5MeWWHIkin/wh3gltTJaa0VvrID+
H6GSjjysDjcK0SdNQTgF6kBSco7S+KSnleB8p8pgQsbHgREpBmRncXBAfIpuKe6B
F23ffw7KFpTP609JB6Sq5Yubf7ZoW8ypUt4f0S7WyVUCjN5mUNtr25IEG4W6DH/s
WTsyvUfCeizKdAedze4AMqPhFuusPpyO/Xu9YIoW5Rvr8R6lNNQ3rtuxGq9wzMjk
vg6XoJPFt+mrBls=
=pPNK
-----END PGP SIGNATURE-----