Bug#979520: marked as done (chromium: Security upgrade to version 87.0.4280.141)

Debian Bug Tracking System Sun, 10 Jan 2021 10:51:23 -0800

Your message dated Sun, 10 Jan 2021 18:49:23 +0000
with message-id <e1kyfmf-000gbb...@fasolo.debian.org>
and subject line Bug#979520: fixed in chromium 87.0.4280.141-0.1
has caused the Debian Bug report #979520,
regarding chromium: Security upgrade to version 87.0.4280.141
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
979520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: chromium
Version: 87.0.4280.88-0.4
Severity: normal
X-Debbugs-Cc: sedat.di...@gmail.com

Dear Maintainer,

there is a security fixed version 87.0.4280.141 of chrome available.

Can you please provide an adapted chromium package.

Thanks in advance.

Regards,
- Sedat -

[1] 
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (99, 'buildd-unstable'), (99, 
'buildd-experimental'), (99, 'experimental'), (99, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.11.0-rc2-5-amd64-clang11-cfi (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common      87.0.4280.88-0.4
ii  libasound2           1.2.4-1.1
ii  libatk-bridge2.0-0   2.38.0-1
ii  libatk1.0-0          2.36.0-2
ii  libatomic1           10.2.1-3
ii  libatspi2.0-0        2.38.0-2
ii  libavcodec58         7:4.3.1-5
ii  libavformat58        7:4.3.1-5
ii  libavutil56          7:4.3.1-5
ii  libc6                2.31-9
ii  libcairo2            1.16.0-5
ii  libcups2             2.3.3op1-4
ii  libdbus-1-3          1.12.20-1
ii  libdrm2              2.4.103-2
ii  libevent-2.1-7       2.1.12-stable-1
ii  libexpat1            2.2.10-1
ii  libflac8             1.3.3-2
ii  libfontconfig1       2.13.1-4.2
ii  libfreetype6         2.10.4+dfsg-1
ii  libgbm1              20.3.2-1
ii  libgcc-s1            10.2.1-3
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0         2.66.4-1
ii  libgtk-3-0           3.24.24-1
ii  libharfbuzz0b        2.6.7-1
ii  libicu67             67.1-5
ii  libjpeg62-turbo      1:2.0.5-2
ii  libjsoncpp24         1.9.4-4
ii  liblcms2-2           2.9-4+b1
ii  libminizip1          1.1-8+b1
ii  libnspr4             2:4.29-1
ii  libnss3              2:3.60-1
ii  libopenjp2-7         2.3.1-1
ii  libopus0             1.3.1-0.1
ii  libpango-1.0-0       1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  libpng16-16          1.6.37-3
ii  libpulse0            13.0-5
ii  libre2-9             20201101+dfsg-2
ii  libsnappy1v5         1.1.8-1
ii  libstdc++6           10.2.1-3
ii  libwebp6             0.6.1-2+b1
ii  libwebpdemux2        0.6.1-2+b1
ii  libwebpmux3          0.6.1-2+b1
ii  libx11-6             2:1.7.0-1
ii  libx11-xcb1          2:1.7.0-1
ii  libxcb1              1.14-2.1
ii  libxcomposite1       1:0.4.5-1
ii  libxdamage1          1:1.1.5-2
ii  libxext6             2:1.3.3-1.1
ii  libxfixes3           1:5.0.3-2
ii  libxml2              2.9.10+dfsg-6.3+b1
ii  libxrandr2           2:1.5.1-1
ii  libxslt1.1           1.1.34-4
ii  zlib1g               1:1.2.11.dfsg-2

Versions of packages chromium recommends:
ii  chromium-sandbox  87.0.4280.88-0.4

Versions of packages chromium suggests:
pn  chromium-driver  <none>
ii  chromium-l10n    87.0.4280.88-0.4
pn  chromium-shell   <none>

Versions of packages chromium-common depends on:
ii  libc6       2.31-9
ii  libstdc++6  10.2.1-3
ii  libx11-6    2:1.7.0-1
ii  libxext6    2:1.3.3-1.1
ii  x11-utils   7.7+5
ii  xdg-utils   1.1.3-2
ii  zlib1g      1:1.2.11.dfsg-2

Versions of packages chromium-common recommends:
ii  chromium-sandbox                        87.0.4280.88-0.4
ii  fonts-liberation                        1:1.07.4-11
ii  gnome-shell [notification-daemon]       3.38.2-1
ii  libgl1-mesa-dri                         20.3.2-1
ii  libu2f-udev                             1.1.10-1.1
ii  notification-daemon                     3.20.0-4
ii  plasma-workspace [notification-daemon]  4:5.20.5-1
ii  system-config-printer                   1.5.13-1
ii  upower                                  0.99.11-2

Versions of packages chromium-sandbox depends on:
ii  libc6  2.31-9

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: chromium
Source-Version: 87.0.4280.141-0.1
Done: Michel Le Bihan <mic...@lebihan.pl>

We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michel Le Bihan <mic...@lebihan.pl> (supplier of updated chromium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Jan 2021 11:24:58 +0100
Source: chromium
Architecture: source
Version: 87.0.4280.141-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Michel Le Bihan <mic...@lebihan.pl>
Closes: 979135 979520
Changes:
 chromium (87.0.4280.141-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream security release (closes: 979520).
     - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang
       @Krace from Codesafe Team of Legendsec at Qi'anxin Group
     - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang
       Gong of 360 Alpha Lab
     - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous
     - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by
       Alesandro Ortiz
     - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee
       @ashuu_lee of Raon Whitehat
     - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu
     - CVE-2020-16043: Insufficient data validation in networking. Reported by
       Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis
     - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub
       Security Lab
     - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu
       @P4nda20371774 of Tencent Security Xuanwu Lab
     - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison
       Huffman, Microsoft Browser Vulnerability Research
 .
   [ Jan Luca Naumann ]
   * Use desktop gl implementation as default. (closes: 979135)
Checksums-Sha1:
 9d83a1d5ad83468c5ba5da045d0235465fe5321b 3576 chromium_87.0.4280.141-0.1.dsc
 ef2fa29cf9558fc0afbd7791ea6ee8ef73ac37af 393840792 
chromium_87.0.4280.141.orig.tar.xz
 aa7529eee2b61d683a4b7640724485be4c7a0778 189436 
chromium_87.0.4280.141-0.1.debian.tar.xz
Checksums-Sha256:
 0e2c2a41c2186a47eb918e3e046ba084ebf96779b282626798f89ebf8d6ee24a 3576 
chromium_87.0.4280.141-0.1.dsc
 577a92da6e3caacd22b0b2aedc9dc7e895652f54ec3e0f615457357be099b2ae 393840792 
chromium_87.0.4280.141.orig.tar.xz
 20c26ad853b88addb65fbb3a26ba92a89f9d47b33297ad6aefdc2c2470550580 189436 
chromium_87.0.4280.141-0.1.debian.tar.xz
Files:
 fac52e6fd36d86d23ce4d5e4e1ce4e5a 3576 web optional 
chromium_87.0.4280.141-0.1.dsc
 c7f87e38af9193a5889c48e7922ac5a0 393840792 web optional 
chromium_87.0.4280.141.orig.tar.xz
 74969e52ef31b8b93d11dcad704423bd 189436 web optional 
chromium_87.0.4280.141-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl/7IfIACgkQCBa54Yx2
K60uuA//d66OMB3PAA7f74bbpaoKCKW1nRuhLrvBdZe9s2I15fNLOBTuJ7X6QgaU
5LK0gdGZVkx2t+gxiZIdEv8fiJ0TmP9rIqt4ueh7s+7fFdhA3H/P9zJHRKCnRCVv
U15PHPpFwpPelB2JlkIsJ73DPWUnB0hpEE+6ShvBlE6roQs/xyGZDKLh/u1wzGkW
tMb+jzcu5tOZrxmE9EaLOzhtvgkQ8Kp5T8IAmO4RaWst0EwJZOIf+QdCRipTxr7Q
iWaBn1ZXWWbqV5M4NSgbGwAgc66jVONPcASxM5UD0nE70kvjGiXck8jZTrpS3NIO
X4iombhiYRuKSgi+FiiuYK7vKmgDbHoadrF1uQ/xq7nHsa4Lke0WeS52mt8igPhi
YkB2fDemIltHIsmYu1JzmHgsDkegvdm8Ibl2fSc232O6Q5nEP1ft7OyyeP1X8Aw+
E0iO1VOMXhaoaZf8yGDKq0JFrYT/qw5o97Bd/6fdCh8NdmIuiNoXihmi1u/e314c
72zaXYgbQJtIegerEKzGSSEdly7mNTg9VJ4GgfULYhT2zJKKqlmftnREdcIOEKJP
jDUuknXgvNRbM+PDHa0YGYUHuW0T5J41xEH0vXFZ6WectJWSIvvQo106NE48NxUv
bBjvXsRcBZJgpnG7wbvqqeITMhTmBVoyXQ1kchFNQC77p613/2k=
=Wtvn
-----END PGP SIGNATURE-----

--- End Message ---

Bug#979520: marked as done (chromium: Security upgrade to version 87.0.4280.141)

Reply via email to