Bug#985271: marked as done (chromium: Update to version 89.0.4389.90 (security-fixes))

Debian Bug Tracking System Mon, 15 Mar 2021 08:51:18 -0700

Your message dated Mon, 15 Mar 2021 15:49:18 +0000
with message-id <[email protected]>
and subject line Bug#985271: fixed in chromium 89.0.4389.90-1
has caused the Debian Bug report #985271,
regarding chromium: Update to version 89.0.4389.90 (security-fixes)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
985271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985271
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: chromium
Version: 89.0.4389.82-1
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

recently I got an update of google-chrome-stable to version 89.0.4389.90-1.

Debian's security-tracker lists the following CVEs:

Bug             stretch         buster          bullseye        sid         
Description
---------------------------------------------------------------------------------------
CVE-2021-21193  vulnerable      vulnerable      vulnerable      vulnerable      
CVE-2021-21192  vulnerable      vulnerable      vulnerable      vulnerable      
CVE-2021-21191  vulnerable      vulnerable      vulnerable      vulnerable

Especially CVE-2021-21193 is classified as "critical high".

Please update chromium to the same version as of google-chrome-stable.

Please see/check/read below links.

Thanks.

Regards,
- Sedat -


[1] https://security-tracker.debian.org/tracker/source-package/chromium
[2] https://chromereleases.googleblog.com/search/label/Stable%20updates
[3] 
https://www.heise.de/news/Sicherheitsupdate-Angreifer-nehmen-erneut-Google-Chrome-ins-Visier-5987831.html
 (German)

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (99, 
'buildd-unstable'), (99, 'buildd-experimental'), (99, 'experimental'), (99, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.12.0-rc3-1-amd64-clang12-cfi (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common      89.0.4389.82-1
ii  libasound2           1.2.4-1.1
ii  libatk-bridge2.0-0   2.38.0-1
ii  libatk1.0-0          2.36.0-2
ii  libatomic1           10.2.1-6
ii  libatspi2.0-0        2.38.0-2
ii  libavcodec58         7:4.3.2-0+deb11u1
ii  libavformat58        7:4.3.2-0+deb11u1
ii  libavutil56          7:4.3.2-0+deb11u1
ii  libc6                2.31-9
ii  libcairo2            1.16.0-5
ii  libcups2             2.3.3op2-3
ii  libdbus-1-3          1.12.20-2
ii  libdrm2              2.4.104-1
ii  libevent-2.1-7       2.1.12-stable-1
ii  libexpat1            2.2.10-2
ii  libflac8             1.3.3-2
ii  libfontconfig1       2.13.1-4.2
ii  libfreetype6         2.10.4+dfsg-1
ii  libgbm1              20.3.4-1
ii  libgcc-s1            10.2.1-6
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0         2.66.7-2
ii  libgtk-3-0           3.24.24-3
ii  libharfbuzz0b        2.7.4-1
ii  libicu67             67.1-6
ii  libjpeg62-turbo      1:2.0.6-4
ii  libjsoncpp24         1.9.4-4
ii  liblcms2-2           2.12~rc1-2
ii  libminizip1          1.1-8+b1
ii  libnspr4             2:4.29-1
ii  libnss3              2:3.61-1
ii  libopenjp2-7         2.4.0-3
ii  libopus0             1.3.1-0.1
ii  libpango-1.0-0       1.46.2-3
ii  libpng16-16          1.6.37-3
ii  libpulse0            14.2-2
ii  libre2-9             20210201+dfsg-1
ii  libsnappy1v5         1.1.8-1
ii  libstdc++6           10.2.1-6
ii  libvpx6              1.9.0-1
ii  libwebp6             0.6.1-2+b1
ii  libwebpdemux2        0.6.1-2+b1
ii  libwebpmux3          0.6.1-2+b1
ii  libx11-6             2:1.7.0-2
ii  libxcb1              1.14-3
ii  libxcomposite1       1:0.4.5-1
ii  libxdamage1          1:1.1.5-2
ii  libxext6             2:1.3.3-1.1
ii  libxfixes3           1:5.0.3-2
ii  libxml2              2.9.10+dfsg-6.3+b1
ii  libxrandr2           2:1.5.1-1
ii  libxshmfence1        1.3-1
ii  libxslt1.1           1.1.34-4
ii  zlib1g               1:1.2.11.dfsg-2

Versions of packages chromium recommends:
ii  chromium-sandbox  89.0.4389.82-1

Versions of packages chromium suggests:
pn  chromium-driver  <none>
ii  chromium-l10n    89.0.4389.82-1
pn  chromium-shell   <none>

Versions of packages chromium-common depends on:
ii  libc6       2.31-9
ii  libstdc++6  10.2.1-6
ii  libx11-6    2:1.7.0-2
ii  libxext6    2:1.3.3-1.1
ii  x11-utils   7.7+5
ii  xdg-utils   1.1.3-4
ii  zlib1g      1:1.2.11.dfsg-2

Versions of packages chromium-common recommends:
ii  chromium-sandbox                        89.0.4389.82-1
ii  fonts-liberation                        1:1.07.4-11
ii  gnome-shell [notification-daemon]       3.38.3-4
ii  libgl1-mesa-dri                         20.3.4-1
ii  libu2f-udev                             1.1.10-3
ii  notification-daemon                     3.20.0-4
ii  plasma-workspace [notification-daemon]  4:5.21.2-1
ii  system-config-printer                   1.5.14-1
ii  upower                                  0.99.11-2

Versions of packages chromium-sandbox depends on:
ii  libc6  2.31-9

-- Configuration Files:
/etc/chromium.d/default-flags changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: chromium
Source-Version: 89.0.4389.90-1
Done: Michel Le Bihan <[email protected]>

We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michel Le Bihan <[email protected]> (supplier of updated chromium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Mar 2021 12:57:00 +0100
Source: chromium
Architecture: source
Version: 89.0.4389.90-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Michel Le Bihan <[email protected]>
Closes: 984926 985142 985271
Changes:
 chromium (89.0.4389.90-1) unstable; urgency=medium
 .
   * New upstream security release (closes: #985271).
     - CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame
     - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
       Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
     - CVE-2021-21193: Use after free in Blink. Reported by Anonymous
       (closes: #985142)
   * Fix build with libvpx 1.7.0 and libicu63 (closes: #984926).
   * Change debian/rules to not leave debian/scripts/mk-origtargz
Checksums-Sha1:
 aafb466a863c483b9bca0499e4cf10ca635941cd 3639 chromium_89.0.4389.90-1.dsc
 e3617eeddf4ff5b4c3cf1c2f25a1efc1a9fc990f 427206432 
chromium_89.0.4389.90.orig.tar.xz
 cd245ccd72a533631949406a0fda536fe6697bb5 210592 
chromium_89.0.4389.90-1.debian.tar.xz
 9e0ecf51d18d414eb6582c483e48f14f6101d7c6 14738 
chromium_89.0.4389.90-1_source.buildinfo
Checksums-Sha256:
 512d90f02e6af04019a9271180a49ef9f5690b1fe2db2f25c69d99ae00e647c0 3639 
chromium_89.0.4389.90-1.dsc
 c0b9f344749d43cb700d771d3d4c7f041186acc264d779bd8157e98d9aff68f5 427206432 
chromium_89.0.4389.90.orig.tar.xz
 67a129dc9112ce92a1498da370f8c9b3c470835e442ed3a51c0619c2d219ef7c 210592 
chromium_89.0.4389.90-1.debian.tar.xz
 823a040fb48861ca2e37c7fe1a0132763fd46f3d8c2407a1840a7dff005a18c8 14738 
chromium_89.0.4389.90-1_source.buildinfo
Files:
 242ea3437490fbbf08f1e8ae8fa2ecb8 3639 web optional chromium_89.0.4389.90-1.dsc
 e73b69040e219e40d8e9f89119e554b2 427206432 web optional 
chromium_89.0.4389.90.orig.tar.xz
 b1bdf4b7144ccca1bb85dd801260bbfe 210592 web optional 
chromium_89.0.4389.90-1.debian.tar.xz
 9a3a3f838e1987ff2db5fe8d1f804ced 14738 web optional 
chromium_89.0.4389.90-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBPfv8ACgkQCBa54Yx2
K629Jg/9EC4ir4Ds408AAbaunD/APqi9X/G3kRAd6nBIPz7Pw8lll9ESCxuFKTt+
hf8rbPb9OQISYX5tSQSt1OtqqiDldFBXgQEPr/Eo7VwqD7it5kynpBUruLs54VKe
9lp7AiyIfXQU0O90dB8nPGCh8Mwyau5FYN4V9Dxn2n6qYinahYnUnLBEb+yi6L9F
2pTwxhb0JkwpHJF3y21k6H8VoPrxQUMwkl5Yix6R9OsItyfDX1daUB94rjZwWD5w
1CAOqPitIsc7xKl8zOlCjeXoDuf61AZqfbHr/KpbGxkvsiTT08WXBfAUrrfPeNOw
jh5J81oPo9BEyPTJuSXyiX1XrnYT6oXgdJpdxCWUKp9k0l0OXS5J3Vl9suW1hf/4
IwzAT1QXB0FLSL5kY3MdbZegWs0UqVRbw+4YWEtoNSuD9ec8kSMihi6g8btdR00d
pb6Z6g2HaqCz1vOH1AG+cP5NFJ8hxUrc5jLysJQuOTw1VnwnCR6vC6MJve2lto2u
uyaBDTadqLkCE35FPiknUzhOuiMsnxFnbF1A9Q45lqXHJLYFGvT0MASFHmS/yYeJ
TzT+nxx9Uqm/RWHIw22jT0u76vb3D5SeR18sxRBHPtnQvVBt8EID6u1s5yiIco+W
R6NvKIrTOhzrsxTH/eIrLhKj4Eit4cEsGpXWhfWEzhm0hZOA76o=
=iDbx
-----END PGP SIGNATURE-----

--- End Message ---

Bug#985271: marked as done (chromium: Update to version 89.0.4389.90 (security-fixes))

Reply via email to