Your message dated Mon, 03 Jun 2024 05:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1068096: fixed in chromium 125.0.6422.76-1~deb12u1
has caused the Debian Bug report #1068096,
regarding chromium: --temp-profile has no effect if it appears after
--ozone-platform=wayland
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1068096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 122.0.6261.57-1
Severity: normal
X-Debbugs-Cc: Daniel Kahn Gillmor <[email protected]>
I regularly launch chromimum with --temp-profile to have a completely
isolated, throwaway browsing session.
I am experimenting with switching to wayland. To use chromium with
wayland, i need to launch it with --ozone-platform=wayland.
Surprisingly, i discovered that if i launch it this way:
chromium --ozone-platform=wayland --temp-profile
Then it launches with the primary chromium profile, *not* an ephemeral
profile.
But if i launch it this way:
chromium --temp-profile --ozone-platform=wayland
then it does in fact use an ephemeral profile. I discovered this by
using the former invocation to visit a site where i have a login, and
noticed that i was already logged in as soon as i visited it.
I consider this a pretty serious privacy violation: my entire client
side state was mapped in to a process that i expected to be otherwise
anonymous.
--dkg
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chromium depends on:
ii chromium-common 122.0.6261.57-1
ii libasound2 1.2.10-3
ii libatk-bridge2.0-0 2.50.0-1+b1
ii libatk1.0-0 2.50.0-1+b1
ii libatomic1 14-20240201-3
ii libatspi2.0-0 2.50.0-1+b1
ii libc6 2.37-15
ii libcairo2 1.18.0-1+b1
ii libcups2 2.4.7-1+b1
ii libdbus-1-3 1.14.10-4
ii libdouble-conversion3 3.3.0-1+b1
ii libdrm2 2.4.120-2
ii libevent-2.1-7t64 [libevent-2.1-7] 2.1.12-stable-8.1+b1
ii libexpat1 2.5.0-2+b2
ii libflac12 1.4.3+ds-2+b1
ii libfontconfig1 2.15.0-1.1
ii libfreetype6 2.13.2+dfsg-1+b1
ii libgbm1 23.3.5-1
ii libgcc-s1 14-20240201-3
ii libglib2.0-0 2.78.4-1
ii libgtk-3-0 3.24.41-1
ii libjpeg62-turbo 1:2.1.5-2+b2
ii libjsoncpp25 1.9.5-6+b2
ii liblcms2-2 2.14-2+b1
ii libminizip1 1:1.3.dfsg-3+b1
ii libnspr4 2:4.35-1.1+b1
ii libnss3 2:3.99-1
ii libopenh264-7 2.4.1+dfsg-1
ii libopenjp2-7 2.5.0-2+b2
ii libopus0 1.4-1+b1
ii libpango-1.0-0 1.52.0+ds-1
ii libpng16-16t64 [libpng16-16] 1.6.43-5
ii libpulse0 16.1+dfsg1-3
ii libsnappy1v5 1.1.10-1+b1
ii libstdc++6 14-20240201-3
ii libwebp7 1.3.2-0.4
ii libwebpdemux2 1.3.2-0.4
ii libwebpmux3 1.3.2-0.4
ii libwoff1 1.0.2-2+b1
ii libx11-6 2:1.8.7-1
ii libxcb1 1.15-1
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.6-1
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2
ii libxkbcommon0 1.6.0-1
ii libxml2 2.9.14+dfsg-1.3+b2
ii libxnvctrl0 530.41.03-1
ii libxrandr2 2:1.5.4-1
ii libxslt1.1 1.1.35-1
ii xdg-desktop-portal-gtk [xdg-desktop-portal-backend] 1.15.1-1
ii xdg-desktop-portal-wlr [xdg-desktop-portal-backend] 0.7.1-1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium recommends:
ii chromium-sandbox 122.0.6261.57-1
Versions of packages chromium suggests:
ii chromium-driver 122.0.6261.57-1
pn chromium-l10n <none>
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.37-15
ii libjsoncpp25 1.9.5-6+b2
ii libstdc++6 14-20240201-3
ii libx11-6 2:1.8.7-1
ii libxnvctrl0 530.41.03-1
ii x11-utils 7.7+6
ii xdg-utils 1.1.3-4.1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium-common recommends:
ii awesome [notification-daemon] 4.3-7
ii chromium-sandbox 122.0.6261.57-1
ii dunst [notification-daemon] 1.9.2-1
ii fonts-liberation 1:2.1.5-3
ii libgl1-mesa-dri 23.3.5-1
pn libu2f-udev <none>
ii notification-daemon 3.20.0-4+b1
pn system-config-printer <none>
ii upower 1.90.2-8
Versions of packages chromium-driver depends on:
ii libatomic1 14-20240201-3
ii libc6 2.37-15
ii libdouble-conversion3 3.3.0-1+b1
ii libevent-2.1-7t64 [libevent-2.1-7] 2.1.12-stable-8.1+b1
ii libglib2.0-0 2.78.4-1
ii libjsoncpp25 1.9.5-6+b2
ii libminizip1 1:1.3.dfsg-3+b1
ii libnspr4 2:4.35-1.1+b1
ii libnss3 2:3.99-1
ii libstdc++6 14-20240201-3
ii libxcb1 1.15-1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium-sandbox depends on:
ii libc6 2.37-15
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 125.0.6422.76-1~deb12u1
Done: Andres Salomon <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andres Salomon <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 21 May 2024 16:12:47 -0400
Source: chromium
Architecture: source
Version: 125.0.6422.76-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Andres Salomon <[email protected]>
Closes: 1068096
Changes:
chromium (125.0.6422.76-1~deb12u1) bookworm-security; urgency=high
.
* New upstream security release.
- CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
- CVE-2024-5158: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5159: Heap buffer overflow in ANGLE.
Reported by David Sievers (@loknop).
- CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
* Don't silently ignore arguments meant for the wrapper script if chromium
args happen to come first (closes: #1068096).
Checksums-Sha1:
aa5464b41976fc65672b769acd81a3269edd0e70 3765
chromium_125.0.6422.76-1~deb12u1.dsc
1186919021515b839663052c7f290deee71b5aad 843615708
chromium_125.0.6422.76.orig.tar.xz
de745a32db1b07ae3bbe8b449b428d61a046382c 431848
chromium_125.0.6422.76-1~deb12u1.debian.tar.xz
3197f5f3d068a09e4dec9b9dfe6142c502b46cbd 21913
chromium_125.0.6422.76-1~deb12u1_source.buildinfo
Checksums-Sha256:
f4cce0d284973dc90254ee209bf1eb369de87f444adb3edcd367e3d1ed398521 3765
chromium_125.0.6422.76-1~deb12u1.dsc
2d30f3176bd8c5fa334e0d79c7949730e310e59d1a819fab5a82431ab8306837 843615708
chromium_125.0.6422.76.orig.tar.xz
ae01470d44749bee2168199b5902d1dba1a49978bf73b22407d0009f9cfbcde0 431848
chromium_125.0.6422.76-1~deb12u1.debian.tar.xz
6ea52dd01b88b1fa0ce1bb0f1e39428d70a431310ac65c467fa2f17f9a28cb47 21913
chromium_125.0.6422.76-1~deb12u1_source.buildinfo
Files:
106321a1a284416f9d49a9c4bfe081a4 3765 web optional
chromium_125.0.6422.76-1~deb12u1.dsc
03e6c494ab73747a016986722a1add16 843615708 web optional
chromium_125.0.6422.76.orig.tar.xz
796e8613dd37924f1236341a3a646695 431848 web optional
chromium_125.0.6422.76-1~deb12u1.debian.tar.xz
2e6c9b42f37fc461483a847b37abe791 21913 web optional
chromium_125.0.6422.76-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZNiLQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcFRA/+PUZoSsErIM9fVvUephtEK6Z8CR6+
gpB64DWH+B5bYPjooCLuwKrqcrs+VuDFJ2v4ZfUzpcGTbpQiKgcmj1HBLf8TRZVf
PAhbX8QAZwfjtsXa4pCluVB+eaw0F2y++MZqcJ/bChZQi+riJuuL26jhxyAIRAJz
3AD7uWQuGh4RC+HqzRnomxP7y5RaGjZ/XIc1hXt5rK1hQ4s0L1zqDz4BBHGIr8Ir
OYDv2Wt3NJjynzTEZ+WherBZlHbBEMaCuZZkuXzVrNYLsFZjvd1vK901DaSrbDv/
urU6W8Xadj76MhSpY+sR74LQS16N1dOMSYnGUVP+HZeQRIcWcUppXaPCuIgaL+vC
wZxEQn4fHcnvMU+TlNlqwsYsOgGQAHz/gRbYuuXpRQ4VMRnBicfnZVidDeN8a2eC
GBmjrYjGyPzIljTp6YivGt582A9aHu+XCPZHeYg31hJ7EinJdFTlAAAQKH+C5lz5
VvjpqXV3b8hDpPhCgnJ1fGo0Fo+KDVXhLx5qKiEMnjTne1vPGZCCG8RHTu27WVo9
zfYtkj5ECBB1EXNAIDAmtFl6sGyiIb9JvJMK2Pajn4RwZqqCkwD6omuPPy5Rrd3F
SJUvTaBOK6P6us3d54sfGKBiMdn7x+xkmxkNwNNKpPdPM+gOBNzzSQTzYmkGSVlp
VUSQ3BTeTZ3a4PI=
=katV
-----END PGP SIGNATURE-----
pgpFrdJITiq7B.pgp
Description: PGP signature
--- End Message ---
