Package: chromium Version: 90.0.4430.72-1 Severity: normal X-Debbugs-Cc: sedat.di...@gmail.com
Dear Maintainer, just today I upgraded Debian's chromium to version 90.0.4430.72-1. Thanks. With today's dist-upgrade I also see: google-chrome-stable (90.0.4430.72-1 => 90.0.4430.85-1) So, again a new google-chrome-stable with "open issues" according to Debian's security-tracker see [1]. The link in [2] lists the following 5 CVEs with "High" and a brief description: [$TBD][1194046] High CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30 [$TBD][1195308] High CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02 [$TBD][1195777] High CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05 [$TBD][1195977] High CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-05 [$TBD][1197904] High CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka (@btiszka) supporting the EFF on 2021-04-11 Please, upgrade Debian's chromium to version 90.0.4430.85. Thanks. Regards, - Sedat - [1] https://security-tracker.debian.org/tracker/source-package/chromium [2] https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html [3] https://www.heise.de/news/Webbrowser-Chrome-erneut-im-Visier-von-Angreifern-6024209.html (German) -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing'), (99, 'buildd-unstable'), (99, 'buildd-experimental'), (99, 'experimental'), (99, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.12.0-rc8-1-amd64-clang12-lto (SMP w/4 CPU threads) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chromium depends on: ii chromium-common 90.0.4430.72-1 ii libasound2 1.2.4-1.1 ii libatk-bridge2.0-0 2.38.0-1 ii libatk1.0-0 2.36.0-2 ii libatomic1 10.2.1-6 ii libatspi2.0-0 2.38.0-2 ii libavcodec58 7:4.3.2-0+deb11u1 ii libavformat58 7:4.3.2-0+deb11u1 ii libavutil56 7:4.3.2-0+deb11u1 ii libc6 2.31-11 ii libcairo2 1.16.0-5 ii libcups2 2.3.3op2-3 ii libdbus-1-3 1.12.20-2 ii libdrm2 2.4.104-1 ii libevent-2.1-7 2.1.12-stable-1 ii libexpat1 2.2.10-2 ii libflac8 1.3.3-2 ii libfontconfig1 2.13.1-4.2 ii libfreetype6 2.10.4+dfsg-1 ii libgbm1 20.3.5-1 ii libgcc-s1 10.2.1-6 ii libglib2.0-0 2.66.8-1 ii libgtk-3-0 3.24.24-3 ii libharfbuzz0b 2.7.4-1 ii libicu67 67.1-6 ii libjpeg62-turbo 1:2.0.6-4 ii libjsoncpp24 1.9.4-4 ii liblcms2-2 2.12~rc1-2 ii libminizip1 1.1-8+b1 ii libnspr4 2:4.29-1 ii libnss3 2:3.63-1 ii libopenjp2-7 2.4.0-3 ii libopus0 1.3.1-0.1 ii libpango-1.0-0 1.46.2-3 ii libpng16-16 1.6.37-3 ii libpulse0 14.2-2 ii libre2-9 20210201+dfsg-1 ii libsnappy1v5 1.1.8-1 ii libstdc++6 10.2.1-6 ii libvpx6 1.9.0-1 ii libwebp6 0.6.1-2+b1 ii libwebpdemux2 0.6.1-2+b1 ii libwebpmux3 0.6.1-2+b1 ii libx11-6 2:1.7.0-2 ii libxcb1 1.14-3 ii libxcomposite1 1:0.4.5-1 ii libxdamage1 1:1.1.5-2 ii libxext6 2:1.3.3-1.1 ii libxfixes3 1:5.0.3-2 ii libxml2 2.9.10+dfsg-6.3+b1 ii libxrandr2 2:1.5.1-1 ii libxshmfence1 1.3-1 ii libxslt1.1 1.1.34-4 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium recommends: ii chromium-sandbox 90.0.4430.72-1 Versions of packages chromium suggests: pn chromium-driver <none> ii chromium-l10n 90.0.4430.72-1 pn chromium-shell <none> Versions of packages chromium-common depends on: ii libc6 2.31-11 ii libstdc++6 10.2.1-6 ii libx11-6 2:1.7.0-2 ii libxext6 2:1.3.3-1.1 ii x11-utils 7.7+5 ii xdg-utils 1.1.3-4 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium-common recommends: ii chromium-sandbox 90.0.4430.72-1 ii fonts-liberation 1:1.07.4-11 ii gnome-shell [notification-daemon] 3.38.4-1 ii libgl1-mesa-dri 20.3.5-1 ii libu2f-udev 1.1.10-3 ii notification-daemon 3.20.0-4 ii plasma-workspace [notification-daemon] 4:5.21.4-1 ii system-config-printer 1.5.14-1 ii upower 0.99.11-2 Versions of packages chromium-sandbox depends on: ii libc6 2.31-11 -- Configuration Files: /etc/chromium.d/default-flags changed [not included] -- no debconf information
