Your message dated Thu, 29 Apr 2021 22:34:48 +0000
with message-id <[email protected]>
and subject line Bug#987715: fixed in chromium 90.0.4430.93-1
has caused the Debian Bug report #987715,
regarding chromium: Update to version 90.0.4430.93 (security-fixes)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987715
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 90.0.4430.85-1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
Google's chrome version 90.0.4430.93 ships several CVEs fixed (see [1] for
details):
[1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by
Gengming Liu of Singular Security Lab on 2021-04-15
[1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05
[1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair
on 2021-02-26
[1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions.
Reported by Rob Wu on 2020-10-16
[1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported
by Mohit Raj (shadow2639) on 2021-04-12
[1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul
on 2021-04-13
[1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by
Sergei Glazunov of Google Project Zero on 2021-04-13
These CVEs are also listed in Debian's security-tracker (see [2]).
Can you please upgrade chromium to the same version?
Thanks.
Regards,
- Sedat -
[1]
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
[2] https://security-tracker.debian.org/tracker/source-package/chromium
[3]
https://www.heise.de/news/Sicherheitsluecken-in-Chrome-Aktuelles-Browser-Update-bessert-nach-6029565.htm
(German)
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing'), (99,
'buildd-unstable'), (99, 'buildd-experimental'), (99, 'experimental'), (99,
'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.12.0-1-amd64-clang12-lto (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 90.0.4430.85-1
ii libasound2 1.2.4-1.1
ii libatk-bridge2.0-0 2.38.0-1
ii libatk1.0-0 2.36.0-2
ii libatomic1 10.2.1-6
ii libatspi2.0-0 2.38.0-4
ii libavcodec58 7:4.3.2-0+deb11u1
ii libavformat58 7:4.3.2-0+deb11u1
ii libavutil56 7:4.3.2-0+deb11u1
ii libc6 2.31-11
ii libcairo2 1.16.0-5
ii libcups2 2.3.3op2-3
ii libdbus-1-3 1.12.20-2
ii libdrm2 2.4.104-1
ii libevent-2.1-7 2.1.12-stable-1
ii libexpat1 2.2.10-2
ii libflac8 1.3.3-2
ii libfontconfig1 2.13.1-4.2
ii libfreetype6 2.10.4+dfsg-1
ii libgbm1 20.3.5-1
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-3
ii libharfbuzz0b 2.7.4-1
ii libicu67 67.1-6
ii libjpeg62-turbo 1:2.0.6-4
ii libjsoncpp24 1.9.4-4
ii liblcms2-2 2.12~rc1-2
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.29-1
ii libnss3 2:3.63-1
ii libopenjp2-7 2.4.0-3
ii libopus0 1.3.1-0.1
ii libpango-1.0-0 1.46.2-3
ii libpng16-16 1.6.37-3
ii libpulse0 14.2-2
ii libre2-9 20210201+dfsg-1
ii libsnappy1v5 1.1.8-1
ii libstdc++6 10.2.1-6
ii libvpx6 1.9.0-1
ii libwebp6 0.6.1-2+b1
ii libwebpdemux2 0.6.1-2+b1
ii libwebpmux3 0.6.1-2+b1
ii libx11-6 2:1.7.0-2
ii libxcb1 1.14-3
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.5-2
ii libxext6 2:1.3.3-1.1
ii libxfixes3 1:5.0.3-2
ii libxml2 2.9.10+dfsg-6.3+b1
ii libxrandr2 2:1.5.1-1
ii libxshmfence1 1.3-1
ii libxslt1.1 1.1.34-4
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium recommends:
ii chromium-sandbox 90.0.4430.85-1
Versions of packages chromium suggests:
pn chromium-driver <none>
ii chromium-l10n 90.0.4430.85-1
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.31-11
ii libstdc++6 10.2.1-6
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1.1
ii x11-utils 7.7+5
ii xdg-utils 1.1.3-4.1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium-common recommends:
ii chromium-sandbox 90.0.4430.85-1
ii fonts-liberation 1:1.07.4-11
ii gnome-shell [notification-daemon] 3.38.4-1
ii libgl1-mesa-dri 20.3.5-1
ii libu2f-udev 1.1.10-3
ii notification-daemon 3.20.0-4
ii plasma-workspace [notification-daemon] 4:5.21.4-1
ii system-config-printer 1.5.14-1
ii upower 0.99.11-2
Versions of packages chromium-sandbox depends on:
ii libc6 2.31-11
-- Configuration Files:
/etc/chromium.d/default-flags changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 90.0.4430.93-1
Done: Michel Le Bihan <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michel Le Bihan <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Apr 2021 12:15:32 +0200
Source: chromium
Architecture: source
Version: 90.0.4430.93-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Michel Le Bihan <[email protected]>
Closes: 987715
Changes:
chromium (90.0.4430.93-1) unstable; urgency=medium
.
* New upstream security release (closes: #987715).
- CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming
Liu of Singular Security Lab
- CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman
Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair
- CVE-2021-21228: Insufficient policy enforcement in extensions. Reported
by Rob Wu
- CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit
Raj (shadow2639)
- CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul
- CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei
Glazunov of Google Project Zero
* Disable libaom on arm to potentially fix FTBFS on armhf
Checksums-Sha1:
8964ed2ecb32723041db462bce809b2f913e02c7 3639 chromium_90.0.4430.93-1.dsc
77daf78bdda780b4f9476fc25f4b9aab1ecbb9eb 450760672
chromium_90.0.4430.93.orig.tar.xz
c0e01d27fcecc71814558668009ef70b1b176c90 217568
chromium_90.0.4430.93-1.debian.tar.xz
441137a1e45f786132905000228e6db0fd43c072 14741
chromium_90.0.4430.93-1_source.buildinfo
Checksums-Sha256:
c9a30558c1c9c8eb288a65b22f5a8461fc37114de101e21daf9d8fa85768a142 3639
chromium_90.0.4430.93-1.dsc
e9a6c196eba102d217f4f58b5074f902aef320055a28e23820221e07abc093ea 450760672
chromium_90.0.4430.93.orig.tar.xz
e833de184a36625faf4b87ed0085781d15daa0712163f64019e07e12c232c432 217568
chromium_90.0.4430.93-1.debian.tar.xz
b50fe2578ecc7fa52e8d856eac1213462bc2e16ad5708b532f32d5e034306ced 14741
chromium_90.0.4430.93-1_source.buildinfo
Files:
90acdbb65cdc1ba365c9f453521b45fe 3639 web optional chromium_90.0.4430.93-1.dsc
2294523d442e9c3aea03e74c439a1a18 450760672 web optional
chromium_90.0.4430.93.orig.tar.xz
ae7aa5195106fe85477a96fe62491284 217568 web optional
chromium_90.0.4430.93-1.debian.tar.xz
ef7c42a0959983c49a95578d2f90c158 14741 web optional
chromium_90.0.4430.93-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmCLIvcACgkQCBa54Yx2
K62D9w/+K7TTs/Xpy7JxcLrgJ2p9AHv1sgljkDW+uIPgP8MqBEXWlemWLL/boQui
jswH1Z/s/H9zBWTOTIa1kCLOddv+8V4rURRbqtw3znRAHSlDIRTXE21GMbyiMCSN
/b4lKQVkJKlzHR0p4C+0Lb9eGoEQDMPIf9PPipHuDDXlFYaBT9y8/4dXM8SxHP6w
F8Ngv+XS0npjdHDHP74Ki9O//+y27iz8xqWs0iOoghX24JeJXbVAud+VZlQJrgBC
7cy3cvBCfye1KFRXlTWs09fx/Budsa2ikon8xD+bjHG6ZprXN63qMJpVpUsmQH1+
b2jLxpzE853yMWajE2z+nI91MfN+VAwZA2khhhXupAt7IXcGWcVbvxHdMfP4ecJq
nZXe3zxJbst5m7MMi70xi4dlxfcBRQ2n8mPo0nLOf275bleaOSXmFn8k0KNxZpr4
1OwootwP4EgMM/0XU3KAwNXVK+/ir8YlimXAz76GbJwNpFC0WFmp32beqrYHrd2D
JnmjcUbEZTfv+EdqVwFsDpUVqB+rdNo6/2whVVsLcNyBwAl9rhHw44Z3OMGg1uzR
WhIBfhvZBE8JXo4gneVShsERB5K4IgPuxt2UDn5JiiIgx3S7sqVgM/9Bswga6OwS
5NQYtU48n4DhlGEGFW0qY20z6Vnmq4mZqmVyQVrivzEOogH9niw=
=xjnO
-----END PGP SIGNATURE-----
--- End Message ---
