Bug#1042111: marked as done (chromium: Web Environment Integrity)

Sat, 07 Oct 2023 10:51:15 -0700 

Your message dated Sat, 07 Oct 2023 17:47:10 +0000
with message-id <[email protected]>
and subject line Bug#1042111: fixed in chromium 117.0.5938.62-1~deb12u1
has caused the Debian Bug report #1042111,
regarding chromium: Web Environment Integrity
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1042111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042111
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: chromium
Version: 115.0.5790.102-2

Engineers working for Google have proposed a standard named

   Web Environment Integrity

details available at
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
There have been hundreds of articles, social media posts, etc discussing this, here is a page that gives a good summary of the events so far: 

https://interpeer.io/blog/2023/07/google-vs-the-open-web/
Initially it was a standards proposal, but now it looks that it's already implemented 

https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd
Debian needs to figure out if this is something we want in chromium (at all, disabled at build time, disabled at runtime, etc). 

Thanks,

--
Matt Taggart
[email protected]

--- End Message ---
--- Begin Message --- 
Source: chromium
Source-Version: 117.0.5938.62-1~deb12u1
Done: Andres Salomon <[email protected]>

We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andres Salomon <[email protected]> (supplier of updated chromium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Architecture: source
Version: 117.0.5938.62-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Andres Salomon <[email protected]>
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: 
#1042111)
Checksums-Sha1:
 c7357089169d708faf24aca71e0520720a79f67b 3700 
chromium_117.0.5938.62-1~deb12u1.dsc
 698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 
chromium_117.0.5938.62.orig.tar.xz
 40e0c1ddf89760d1c8804512033c9d59ed8905c9 385420 
chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 44e117863808ea9aea9e65811bd0643572df5c45 21171 
chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Checksums-Sha256:
 ec4b24e0ce10cce25b267320987a3714b4ca1081691d68c85c3a465c6ab44c51 3700 
chromium_117.0.5938.62-1~deb12u1.dsc
 f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 
chromium_117.0.5938.62.orig.tar.xz
 d231683c70ae406612fff71f882adb6ac94450e2e4836e39dc9263f8b4a59127 385420 
chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 275fb9daad189eebcc09ebf686d874a0870af008f3754c43c62ed56c2de88045 21171 
chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Files:
 1b55d8820a152310d9b75ba7015526f6 3700 web optional 
chromium_117.0.5938.62-1~deb12u1.dsc
 e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional 
chromium_117.0.5938.62.orig.tar.xz
 c575a5304f7c17ff9b6bcda3164a9639 385420 web optional 
chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 b87c0a4d87e12e665dd1f598851abb7a 21171 web optional 
chromium_117.0.5938.62-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUDFTUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjepixAApgaavUlt7GpJ4pSoYPmOTEcXBkNK
q73blR10FsnBSOZQkKO5zUyFbrclg2twYf8ytdp+YL44Y62X8c7VNVeHnWdQPWqy
vdv6ylae8yqZQWyzZ69lVOj9FsdVjaqfrqMD++eLLDlPxDbsMyNwH7/2vjLngwiE
UfODzvysIY6XJhEEUWbpuw3X9hHHnA7d/pHLS04vGzactM5JT6KJFYsE7j2cFBwH
2/+Z9dn+ABYTIcqWq6s0NZUvbQIgiPtDNP7cgtBDaKTdkctSD0cMWEsxm/Ax0iJi
TD4PK4X7e02xVwKB2t3802PxPMmmsxWHmp+VBeCjqkAVnh2HevnBzKJBqJzNCCZA
54nkQRq2ZQ3w8GvSk2lVFQQxJCCbeT4xoOVV1gSEIDN18WqBuiV8zZzTd1Bzdgcg
KcGG1E9I65KrLB3kbrHUDOWJXmEaSVaFPEJ/FzceKk/gUHsaQ6PswzuN3E4Xr/0z
9T3pjko601hUHlXd97UL/GfS+8iWiUzM1f8nmft9FjhS3OXmQzXlTGNjvM88oDcg
EJlBhE7sjbz8cW2JsLT+8wQamDP4Wf9B/BekrnLDFCp8zg9+We+On0+S258UmU2/
g90IC6VfC//e4fUBPLqdykWpgscl3bLO42IdvIUdKQldhsXpv0laBaVUnpF9wAsG
ne9G7OyWCa0otrQ=
=Yfkn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to