Your message dated Fri, 14 Jun 2019 05:39:15 +0000
with message-id <[email protected]>
and subject line Bug#914886: fixed in chromium 75.0.3770.90-1
has caused the Debian Bug report #914886,
regarding chromium: SafeBrowsing is not working at all (sample included)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
914886: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914886
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 70.0.3538.110-1
Severity: important
I am not completely sure how to handle this issue: it is obviously not present
in Google Chrome, only in Chromium so upstream isssue tracker doesn't seem to be
the best fit. Also I'm not sure how the SafeBrowsing component is maintained in
_Chromium_. If you believe this should be somehow reported upstream please do it
or request me to (with some details as of how and what).
Anyway, Chromium SafeBrowsing seems not to work at all, despite that both
"SafeBrowsing" and "Help improve SB" is on.
Just go to this URL and see no warnings: https://www[.]xn--bbox-vw5a[.]com/login
(It is a phishing site for bibox.com with TLS domain padlock.)
The URL is detected by both FireFox and Google SafeBrowsing website.
I would say this is a pretty serious problem, considering the aforementioned
example of the phishing site WITH the padlock, where Average Joe have no real
chance to see the URL forgery.
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8),
LANGUAGE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 70.0.3538.110-1
ii libasound2 1.1.6-1
ii libatk-bridge2.0-0 2.26.1-1
ii libatk1.0-0 2.28.1-1
ii libatomic1 8.2.0-7
ii libavcodec58 10:4.0.2-dmo1
ii libavformat58 10:4.0.2-dmo1
ii libavutil56 10:4.0.2-dmo1
ii libc6 2.27-5
ii libcairo-gobject2 1.16.0-1
ii libcairo2 1.16.0-1
ii libcups2 2.2.8-5
ii libdbus-1-3 1.12.10-1
ii libdrm2 2.4.89-1
ii libevent-2.1-6 2.1.8-stable-4
ii libexpat1 2.2.5-3
ii libflac8 1.3.2-1
ii libfontconfig1 2.13.1-2
ii libfreetype6 2.8.1-0.1
ii libgcc1 1:8.2.0-7
ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6
ii libglib2.0-0 2.58.1-2
ii libgtk-3-0 3.22.30-1
ii libharfbuzz0b 2.1.1-1+b1
ii libicu63 63.1-4
ii libjpeg62-turbo 1:1.5.2-2+b1
ii liblcms2-2 2.9-1
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.16-1+b1
ii libnss3 2:3.34-1
ii libopenjp2-7 2.3.0-1
ii libopus0 1.3~beta+20180518-1
ii libpango-1.0-0 1.42.4-3
ii libpangocairo-1.0-0 1.42.4-3
ii libpci3 1:3.5.2-1
ii libpng16-16 1.6.34-1
ii libpulse0 12.0-1
ii libre2-4 20180301+dfsg-1
ii libsnappy1v5 1.1.7-1
ii libstdc++6 8.2.0-7
ii libvpx5 1.7.0-3
ii libwebp6 0.6.1-2
ii libwebpdemux2 0.6.1-2
ii libwebpmux3 0.6.1-2
ii libx11-6 2:1.6.5-1
ii libx11-xcb1 2:1.6.4-3
ii libxcb1 1.13-2
ii libxcomposite1 1:0.4.4-2
ii libxcursor1 1:1.1.15-1
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxi6 2:1.7.9-1
ii libxml2 2.9.4+dfsg1-6.1+b1
ii libxrandr2 2:1.5.1-1
ii libxrender1 1:0.9.10-1
ii libxslt1.1 1.1.29-5
ii libxss1 1:1.2.2-1+b2
ii libxtst6 2:1.2.3-1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages chromium recommends:
ii chromium-sandbox 70.0.3538.102-1
Versions of packages chromium suggests:
pn chromium-driver <none>
pn chromium-l10n <none>
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii x11-utils 7.7+4
ii xdg-utils 1.1.2-1
Versions of packages chromium-common recommends:
ii chromium-sandbox 70.0.3538.102-1
ii dunst [notification-daemon] 1.2.0-2
ii fonts-liberation 1:1.07.4-8
ii libgl1-mesa-dri 17.3.1-1
pn libu2f-udev <none>
ii notification-daemon 3.20.0-2
ii upower 0.99.7-1
ii xfce4-notifyd [notification-daemon] 0.4.2-1
Versions of packages chromium-sandbox depends on:
ii libatomic1 8.2.0-7
ii libc6 2.27-5
ii libgcc1 1:8.2.0-7
ii libstdc++6 8.2.0-7
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 75.0.3770.90-1
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Jun 2019 00:10:43 +0000
Source: chromium
Architecture: source
Version: 75.0.3770.90-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Closes: 914886 926032 930348
Changes:
chromium (75.0.3770.90-1) unstable; urgency=medium
.
[ Riku Voipio ]
* Fix build on armhf (closes: #930348).
.
[ Michael Gilbert ]
* New upstream security release.
- CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE
* Disable hardware accelerated video (closes: #926032).
* Fix signedness error when built with gcc (closes: #914886).
- Thanks to Maciej S. Szmigiero.
Checksums-Sha1:
4b98b2ce5d44f87ab5eaa6edd1730fbc02d52133 4203 chromium_75.0.3770.90-1.dsc
e2a3f434a1c7d9cafea1c92a55ceefa851800d0b 249885236
chromium_75.0.3770.90.orig.tar.xz
272136d3bce9af91047d71eeb7aa94f143c0c1e4 189628
chromium_75.0.3770.90-1.debian.tar.xz
094591cef561fdb5ef1bfb9a372d81157a764226 21207
chromium_75.0.3770.90-1_source.buildinfo
Checksums-Sha256:
ae71a4d2639d641b8b8c964673a1e24961469f030a724d88dbcc247d064efb1a 4203
chromium_75.0.3770.90-1.dsc
45ef52ec4993dc626bf1676def320a1fa8f418c50d3d500af017c22dbe29805f 249885236
chromium_75.0.3770.90.orig.tar.xz
c7ac00401b4619999d7242215d73598c43f8029db315a82be955b3bc29ce2525 189628
chromium_75.0.3770.90-1.debian.tar.xz
59f9bf0496526b826687f500dbe982b699c7ccc6713c3b706579b3ca0c598ebd 21207
chromium_75.0.3770.90-1_source.buildinfo
Files:
bcefe95f8c71b961553bceaeca69c676 4203 web optional chromium_75.0.3770.90-1.dsc
28841d8f923401c863958e815eec118e 249885236 web optional
chromium_75.0.3770.90.orig.tar.xz
7806bbe3d6b238a09f31b90509f77daf 189628 web optional
chromium_75.0.3770.90-1.debian.tar.xz
dfb8196c5b3ee404b4314526ca029fb5 21207 web optional
chromium_75.0.3770.90-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAl0DLecACgkQuNayzQLW
9HMxWR/+Py2O2dLEvYtgioD9UqLeOYEqrRIexijdUgmDnsBtRG3GtJs60HwuC+aO
fzKqoI6JBAqWSuqeomWeCI9xCFjqjXQ7gU2BuSR0R37v5p7RDVboVO2VjCXSBfvj
1MGkcAjpeOv/fGUvbuBJMUuuoEH0Z766PZ0oYYyY+rmx5sMWqy3BzNkVrigGrJY5
UaB/59v/VA2zWQVyXRtHIwlUmcmCbSSKF9zQoju5o65znMCPLP2wcBMziiQutK1W
VSFbrbwPBtQXK6W40oHS1hPfMTljAXmaMJTvLajyGEjMhbLh50G+zhSFxeW89nPH
6TzgEvSdltW6rlqTAuHpL9Hm2mZTe16WQpKar+lsqjzXYQTnEnWW6+pOBoHtGXZB
C9fQ58PHrA3blYkvulMwTFtzD1BtrgkdRCZKZYLE1hJHgOUfAWL6xpOWCcLIgMpy
cOR1rScTaFcZi/KFHSR01LW4+FXz8tR2pOYa5ZW/aI4us/2vyYHWXOIOtD5+GA7F
rLe3DiChFsk0Bt8l9NysHSO+AJC4J9PkHwuOWSvecgmHeKPPJr8sgO/n+uFLIRSy
t45nr4gL4cA6eUxNrcDxWMQoSCrPp/ghrhgol+OEk+HwLWclfbVu+itbzCY1XNzR
BQHaP5Y3LQeHYorcro9W/0HXGxuXD5+m0p5vbYeDAbZtVdONLtjBfNKMEkMXnjvR
i55lBnpBx6Wt833SC8tMKcuyiZ1FRi9vEDI0SXhcssr+zqAQ17yOW3h+/9JiiPH9
8EfUXxcYhs6tZfcYqYi6eIbPvto09/sQM1WBPgAMtVY3PpI7U68eLD+0Pqo4xUn6
F9rDDL7753qIyyJPJ6Os7/8iSvy0rQQJlttpjt9HBHyp92w+qc95Ja61+6s98apm
SkMQ4Wrg9gwEUHHMwirHcOEbw4vHHub6K15rNYuLTh4jtnl1f5Kp9Spd8iLwr/6z
NviJyxhG0rdXZXNGqgjpR85pCw5c04UZuqJ8wAEKOg2M/LS4+xLD2kzWZcobRmbs
tZHjELzZeJGVY5JETv5B3o+5fMPiQZBlP/EEEIbgGMVR/aC63qD3wK9M22ASkxXt
SNFpZq0mRQ149n0e1lhb4tw0hfn+DY71nKuAi5L3aqRfqu7cYUfcUJJOLbxdqysf
/TnW51MIvOdRp5KHbe5ZYTSMtVT7VDgx1OgKrifhv9nrsz1EMRRnQJbu4i1MOjs2
0ncQ/BoKkNPwiq5ptinss6Q0O6NuuFpXboFsUEaUPeKzguHCd/TXzOEFYwZWUKdj
wYM1PDSOod6DV8POE3aoCanamoKXaXZiRXnL16qbcakpWKpnHehCgjw/0mEucF2S
kIS4VsV8Y9nhIGsbeHlqAXm5MgBqzA==
=9fFE
-----END PGP SIGNATURE-----
--- End Message ---
