Your message dated Thu, 22 Apr 2021 18:05:03 +0000
with message-id <[email protected]>
and subject line Bug#987358: fixed in chromium 90.0.4430.85-1
has caused the Debian Bug report #987358,
regarding chromium: Update to version 90.0.4430.85 (security-fixes)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987358
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 90.0.4430.72-1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
just today I upgraded Debian's chromium to version 90.0.4430.72-1.
Thanks.
With today's dist-upgrade I also see:
google-chrome-stable (90.0.4430.72-1 => 90.0.4430.85-1)
So, again a new google-chrome-stable with "open issues" according to Debian's
security-tracker see [1].
The link in [2] lists the following 5 CVEs with "High" and a brief description:
[$TBD][1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30
[$TBD][1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by
Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02
[$TBD][1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose
Martinez (tr0y4) from VerSprite Inc. on 2021-04-05
[$TBD][1195977] High CVE-2021-21225: Out of bounds memory access in V8.
Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05
[$TBD][1197904] High CVE-2021-21226: Use after free in navigation. Reported by
Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11
Please, upgrade Debian's chromium to version 90.0.4430.85.
Thanks.
Regards,
- Sedat -
[1] https://security-tracker.debian.org/tracker/source-package/chromium
[2]
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
[3]
https://www.heise.de/news/Webbrowser-Chrome-erneut-im-Visier-von-Angreifern-6024209.html
(German)
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing'), (99,
'buildd-unstable'), (99, 'buildd-experimental'), (99, 'experimental'), (99,
'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.12.0-rc8-1-amd64-clang12-lto (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 90.0.4430.72-1
ii libasound2 1.2.4-1.1
ii libatk-bridge2.0-0 2.38.0-1
ii libatk1.0-0 2.36.0-2
ii libatomic1 10.2.1-6
ii libatspi2.0-0 2.38.0-2
ii libavcodec58 7:4.3.2-0+deb11u1
ii libavformat58 7:4.3.2-0+deb11u1
ii libavutil56 7:4.3.2-0+deb11u1
ii libc6 2.31-11
ii libcairo2 1.16.0-5
ii libcups2 2.3.3op2-3
ii libdbus-1-3 1.12.20-2
ii libdrm2 2.4.104-1
ii libevent-2.1-7 2.1.12-stable-1
ii libexpat1 2.2.10-2
ii libflac8 1.3.3-2
ii libfontconfig1 2.13.1-4.2
ii libfreetype6 2.10.4+dfsg-1
ii libgbm1 20.3.5-1
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-3
ii libharfbuzz0b 2.7.4-1
ii libicu67 67.1-6
ii libjpeg62-turbo 1:2.0.6-4
ii libjsoncpp24 1.9.4-4
ii liblcms2-2 2.12~rc1-2
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.29-1
ii libnss3 2:3.63-1
ii libopenjp2-7 2.4.0-3
ii libopus0 1.3.1-0.1
ii libpango-1.0-0 1.46.2-3
ii libpng16-16 1.6.37-3
ii libpulse0 14.2-2
ii libre2-9 20210201+dfsg-1
ii libsnappy1v5 1.1.8-1
ii libstdc++6 10.2.1-6
ii libvpx6 1.9.0-1
ii libwebp6 0.6.1-2+b1
ii libwebpdemux2 0.6.1-2+b1
ii libwebpmux3 0.6.1-2+b1
ii libx11-6 2:1.7.0-2
ii libxcb1 1.14-3
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.5-2
ii libxext6 2:1.3.3-1.1
ii libxfixes3 1:5.0.3-2
ii libxml2 2.9.10+dfsg-6.3+b1
ii libxrandr2 2:1.5.1-1
ii libxshmfence1 1.3-1
ii libxslt1.1 1.1.34-4
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium recommends:
ii chromium-sandbox 90.0.4430.72-1
Versions of packages chromium suggests:
pn chromium-driver <none>
ii chromium-l10n 90.0.4430.72-1
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.31-11
ii libstdc++6 10.2.1-6
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1.1
ii x11-utils 7.7+5
ii xdg-utils 1.1.3-4
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium-common recommends:
ii chromium-sandbox 90.0.4430.72-1
ii fonts-liberation 1:1.07.4-11
ii gnome-shell [notification-daemon] 3.38.4-1
ii libgl1-mesa-dri 20.3.5-1
ii libu2f-udev 1.1.10-3
ii notification-daemon 3.20.0-4
ii plasma-workspace [notification-daemon] 4:5.21.4-1
ii system-config-printer 1.5.14-1
ii upower 0.99.11-2
Versions of packages chromium-sandbox depends on:
ii libc6 2.31-11
-- Configuration Files:
/etc/chromium.d/default-flags changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 90.0.4430.85-1
Done: Michel Le Bihan <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michel Le Bihan <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 22 Apr 2021 13:01:41 +0200
Source: chromium
Architecture: source
Version: 90.0.4430.85-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Michel Le Bihan <[email protected]>
Closes: 987358
Changes:
chromium (90.0.4430.85-1) unstable; urgency=medium
.
* New upstream security release (closes: #987358).
- CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of
Alpha Lab, Qihoo 360
- CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha
Lab, Qihoo 360
- CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez tr0y4
from VerSprite Inc.
- CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon
Tiszka @btiszka supporting the EFF
- CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka
@btiszka supporting the EFF
Checksums-Sha1:
15428e275ac6aacdff1fc99f954c4514167ed514 3639 chromium_90.0.4430.85-1.dsc
d55401790837fbc73cd06d06d4bbbb023002a1ca 450625000
chromium_90.0.4430.85.orig.tar.xz
34010eb5f1ad600620a65ac3c4723dbc0a4571ec 217260
chromium_90.0.4430.85-1.debian.tar.xz
a07cff9bf432122432fd9a2f5f94b8defe07b3ec 14741
chromium_90.0.4430.85-1_source.buildinfo
Checksums-Sha256:
199b841748eb5c3ba7e13f85094b023ee267fa94ca5ac39bd9e48983397c574f 3639
chromium_90.0.4430.85-1.dsc
ef7a2f978ed333bdbd706d0c52353c2558d841a1a235bd4b422f109923e34f0c 450625000
chromium_90.0.4430.85.orig.tar.xz
a29371f84f155fc9187db9465e23771a8b450d48126b6cb1cd81b9fb88308008 217260
chromium_90.0.4430.85-1.debian.tar.xz
9c27d89038fbe3438444155f26bc874dd7d6c4ef4bd15173e3652214541d14d5 14741
chromium_90.0.4430.85-1_source.buildinfo
Files:
2a929c356b10c2a810e7d7db6f5cb3ff 3639 web optional chromium_90.0.4430.85-1.dsc
6822b626b53198c5ef83b0d997016e9a 450625000 web optional
chromium_90.0.4430.85.orig.tar.xz
222f6043f649e4b40e7f2ec44dc54675 217260 web optional
chromium_90.0.4430.85-1.debian.tar.xz
2c07bda06028f8dca82029809cfee3b7 14741 web optional
chromium_90.0.4430.85-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmCBnTEACgkQCBa54Yx2
K62kIxAAqDIKzEIAZCHxTKRcAjOVyS6kPLLMNEdw0NFkROP0DdtaqpO7K1SNOcq3
zi/ssooXCrC8tBfw27UP9y7Bj0tpDv+OUUbtHbZmQROv7HbcIpEuVbUwHqbjtlQQ
YUrShS3bBNFUDmUPoHQCqc83LtTESuKhdGytrXylvsgRIyMvTK4WU0wJjnO5OYv0
8Jmq03VuysvKYpnQhLmTgN81Knl1x9ImYCOkLB0St3wUvQFeBBrRI+LEzOjQclWj
XUDJ1K+BJ7vbG8aZKfXOXUSgBSmqqKs5zGBMSRKRW14uMfT6VPQO5QmPeeKK8t20
daOsKrvWGt1YL8JePqTdzs2oT2a+rtL1LeRUBIM24p8NVPqzaRlkNoXiNHaTRnp4
kjFEdmr1qAEi7c1DMNkKCV7n6Qh7WDa47shYSmLI5ubpfD1HkxiEohK4kGtKKwbY
OOeFATPbZ9tPmiunfSziUtFy7vbG2pPgrbiZB4e+gs4bA2ebLK898CLZ+VBWguzR
jLpLj7MBwDFclwO/NGRujr5SsosQZy9IleN6EcDFyy0sgb75ZrEElwassQw/tTM2
Rn1SD9WwDhNtkvngIl9O/oYG2Oh25jEb3CI3q5qRkHf6Ln7PxM/o5LYEvY6vhfN7
zsyz3rYmgP3KLOqjasw7Uw0ctcZfgpzk4AcvPZxZMwIIIyLRTlQ=
=ncj6
-----END PGP SIGNATURE-----
--- End Message ---
