Accepted chromium 112.0.5615.49-2~deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted chromium 112.0.5615.49-2~deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 16 Apr 2023 10:47:09 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: chromium_112.0.5615.49-2~deb11u1_source.changes
- Debian-source: chromium
- Debian-suite: proposed-updates
- Debian-version: 112.0.5615.49-2~deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Mf6LIYkhq8S/XoCDtFcJR9qYweItRallHJoY8o0u040=; b=WGhKVroLN12E+BwvHcad2gHJ6o CjZJayrJXx/3QYytTMPlkZBLn4sj9xna+kIWQxxu0A6febN+DcF7UPmKa/ryBouzRJWLZ4BNzhaey 27OVfa6z3U946b4QqRbDWtxQdRP/Jpfnk6k5QCr2BNOWbkaq7F3o68OFuS1ocY2octp6GHUwSwpjp F0emkGmN+CTeJ6izs0mCyeWrNxEEweiIad13XDvMjxumIVJ9JEdeBF/ZVx1GjgvRUptLrOZngQmCr zQhGE6O3r7Bb13alExL2u3CChOAQsmXe5O9w2fAek/ZjE0otfr/fRcdFETK7yTNLUvGQOdCgDOUnv A4mg3Amg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pnzuX-002YIN-QJ@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 07 Apr 2023 13:58:37 -0400
Source: chromium
Architecture: source
Version: 112.0.5615.49-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (112.0.5615.49-2~deb11u1) bullseye-security; urgency=high
.
[ Andres Salomon ]
* Add d/patches/i386/angle-lockfree.patch to fix FTBFS on i386. Also create
& populate that d/patches/i386/ directory, since we now have multiple
i386 patches.
* Remove enable_js_type_check=false build arg; upstream dropped it.
* d/patches/bullseye:
- downgrade-rollup.patch: downgrade the bundled rollup back to 2.58,
as rollup 3.x requires nodejs >= 14.
- default-equality-op.patch: work around an issue with clang-13 and
setting the default equality operator.
- ptr-traits-bug.patch: provide our own copy of <bits/ptr_traits.h>
to work around a bug in libstdc++ 10.2. This bug is fixed in sid's
libstdc++.
.
[ Timothy Pearson ]
* d/patches:
- Re-add boringssl support for ppc64le (dropped by Google upstream)
- Add ppc64le detection to partition allocator build
- Regenerate 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch
.
chromium (112.0.5615.49-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2023-1810: Heap buffer overflow in Visuals.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita.
- CVE-2023-1812: Out of bounds memory access in DOM Bindings.
Reported by Shijiang Yu.
- CVE-2023-1813: Inappropriate implementation in Extensions.
Reported by Axel Chong.
- CVE-2023-1814: Insufficient validation of untrusted input in
Safe Browsing. Reported by Young Min Kim (@ylemkimon),
CompSec Lab at Seoul National University.
- CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA.
- CVE-2023-1816: Incorrect security UI in Picture In Picture.
Reported by NDevTK.
- CVE-2023-1817: Insufficient policy enforcement in Intents.
Reported by Axel Chong.
- CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence,
Microsoft, Patrick Walker (@HomeSen), & Kirtikumar Anandrao Ramchandani.
- CVE-2023-1819: Out of bounds read in Accessibility.
Reported by Microsoft Edge Team.
- CVE-2023-1820: Heap buffer overflow in Browser History.
Reported by raven at KunLun lab.
- CVE-2023-1821: Inappropriate implementation in WebShare.
Reported by Axel Chong.
- CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진.
- CVE-2023-1823: Inappropriate implementation in FedCM.
Reported by Jasper Rebane (popstonia).
* d/copyright: change location for deleted image_diff directory.
* d/patches:
- disable/unrar.patch: update for stuff dropped upstream.
- disable/swiftshader.patch: straight refresh.
- bullseye/clang13.patch: straight refresh.
- ppc64le/third_party/0001-third_party-angle-Include-missing-header-cstddef-in-.patch:
straight refresh.
- ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: straight
refresh.
- debian/patches/ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
change is_mac to is_apple.
Checksums-Sha1:
6472883ea22124b84008f593af1526dc140dc560 3801 chromium_112.0.5615.49-2~deb11u1.dsc
a04a362826316ceddfdb80871ff805928e099e41 661675416 chromium_112.0.5615.49.orig.tar.xz
52789e9d42cffd1b66a2fabc6db2ea2e37d77f8b 628424 chromium_112.0.5615.49-2~deb11u1.debian.tar.xz
e84be325978edff6f10a0de16d8242aef8a9a473 21590 chromium_112.0.5615.49-2~deb11u1_source.buildinfo
Checksums-Sha256:
0e885b08c598909c88bb5565f2770c343b326e88dcbdffe6c1b469e477bd8ced 3801 chromium_112.0.5615.49-2~deb11u1.dsc
a70a4c72d5ba72ede51999d075e07b696dbba93f8e4790fe21b3c7abdddbebc3 661675416 chromium_112.0.5615.49.orig.tar.xz
8cb57cfa37cd8255e95dabb06aabccfb11d7a778debee332ad63cc1a52cdc354 628424 chromium_112.0.5615.49-2~deb11u1.debian.tar.xz
d357dc8cb97b42b758a4b055d5df49408a37878bf3715750eed4d35c22843a3f 21590 chromium_112.0.5615.49-2~deb11u1_source.buildinfo
Files:
0a47f942bde5e7c0f039855273d1e38f 3801 web optional chromium_112.0.5615.49-2~deb11u1.dsc
6889caf6a47d1a38c07eb4a054e6e49d 661675416 web optional chromium_112.0.5615.49.orig.tar.xz
48a83c587bc485029cd1f070b2b2a41a 628424 web optional chromium_112.0.5615.49-2~deb11u1.debian.tar.xz
44bdacd8ae822286624b4aa7302829f2 21590 web optional chromium_112.0.5615.49-2~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmQwmk8UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfT0w/+JVQCfDm6vZKwUna2dArBVMUQWU+v
sD4MsJ5z7g+VkXMrwSi6jcls4kfJN82bZdyVIsXoCl72HkkcUZbzCVBiAUJWGJD1
ifBvFPzb1ftlSOByNNqspVS6hAHzjnMunGuhPtLaosRNSwyBnnToA5lPYHIVshpY
QI2v3LImQyxIlR6U2caC+VyAQR1SiYJZsFDy3rplkPhDXqkg3nXLEqPcQpbIgxsI
BC9D2hHDZ3EDlc0WVf1fSRDj3WV4Y0CU5oYftBUYKCEqScbWQN7QYrvyqMjYYEK/
uyIvA5Zx4Gb/Hf28jAwXCeYXdacH+ItnHGujS/CQGf+gqrJ2Et02WWhXAhT7CZmq
fckhMm1qfgX5XmayTacRG3FIUbXMxp1ZAsgVD2UWbJ/EPXokv8EJzC8EdqgT39Qi
oN+tIYtx7N6Jw5+BwPtSJf6hq5GulVX/yRn0vEccdc3EhSr8oEVzgDzW8qBhsXAE
0qZBAZjcnMm7d5VsYM5uFepnf5jBDvprunutSgPyJcGsH4bglyA94+hPTM2HGGmF
DnLoBAK+2wJxVxhQU3Lc88lvJ9lAFPI+04gLXW109nJZfU67wqLY4ex4QBzFL27k
evT6F0rcFgkJYiR9qJXIQxi3KoCO07siyGh/pVmx/8Ewpp+khkgGRhMobzwPfIe+
BSw9+v8eoUCM9lE=
=uq5d
-----END PGP SIGNATURE-----