Your message dated Sun, 20 Dec 2020 17:34:39 +0000 with message-id <e1kr2bp-0002pg...@fasolo.debian.org> and subject line Bug#973848: fixed in chromium 87.0.4280.88-0.1 has caused the Debian Bug report #973848, regarding chromium: Unsupported version, many security bugs unfixed to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 973848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: chromium Version: 83.0.4103.116-3.1 Severity: important Dear Maintainer, Version 83.x of chromium became unsupported in July, with the release of Chrome 84. Since that time, two more versions of chromium have been released, 85.x and 86.x, each with 40-50 security bugs fixed. This has me pretty worried about using chromium for day-to-day work. Andreas -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-1-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE:de Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chromium depends on: ii chromium-common 83.0.4103.116-3.1 ii libasound2 1.2.3.2-1 ii libatk-bridge2.0-0 2.38.0-1 ii libatk1.0-0 2.36.0-2 ii libatspi2.0-0 2.38.0-2 ii libavcodec58 7:4.3.1-5 ii libavformat58 7:4.3.1-5 ii libavutil56 7:4.3.1-5 ii libc6 2.31-4 ii libcairo2 1.16.0-4 ii libcups2 2.3.3-3 ii libdbus-1-3 1.13.12-2 ii libdrm2 2.4.102-1 ii libevent-2.1-7 2.1.12-stable-1 ii libexpat1 2.2.10-1 ii libflac8 1.3.3-1 ii libfontconfig1 2.13.1-4.2 ii libfreetype6 2.10.2+dfsg-4 ii libgbm1 20.2.1-1 ii libgcc-s1 10.2.0-16 ii libgdk-pixbuf2.0-0 2.40.0+dfsg-5 ii libglib2.0-0 2.66.2-1 ii libgtk-3-0 3.24.23-2 ii libharfbuzz0b 2.6.7-1 ii libicu67 67.1-4 ii libjpeg62-turbo 1:2.0.5-1.1 ii libjsoncpp1 1.7.4-3.1 ii liblcms2-2 2.9-4+b1 ii libminizip1 1.1-8+b1 ii libnspr4 2:4.29-1 ii libnss3 2:3.58-1 ii libopenjp2-7 2.3.1-1 ii libopus0 1.3.1-0.1 ii libpango-1.0-0 1.46.2-2 ii libpangocairo-1.0-0 1.46.2-2 ii libpng16-16 1.6.37-3 ii libpulse0 13.0-5 ii libre2-8 20201001+dfsg-1 ii libsnappy1v5 1.1.8-1 ii libstdc++6 10.2.0-16 ii libvpx6 1.8.2-1 ii libwebp6 0.6.1-2+b1 ii libwebpdemux2 0.6.1-2+b1 ii libwebpmux3 0.6.1-2+b1 ii libx11-6 2:1.6.12-1 ii libx11-xcb1 2:1.6.12-1 ii libxcb-dri3-0 1.14-2 ii libxcb1 1.14-2 ii libxcomposite1 1:0.4.5-1 ii libxcursor1 1:1.2.0-2 ii libxdamage1 1:1.1.5-2 ii libxext6 2:1.3.3-1+b2 ii libxfixes3 1:5.0.3-2 ii libxi6 2:1.7.10-1 ii libxml2 2.9.10+dfsg-6.1 ii libxrandr2 2:1.5.1-1 ii libxrender1 1:0.9.10-1 ii libxslt1.1 1.1.34-4 ii libxss1 1:1.2.3-1 ii libxtst6 2:1.2.3-1 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium recommends: ii chromium-sandbox 83.0.4103.116-3.1 Versions of packages chromium suggests: ii chromium-driver 83.0.4103.116-3.1 ii chromium-l10n 83.0.4103.116-3.1 pn chromium-shell <none> Versions of packages chromium-common depends on: ii x11-utils 7.7+5 ii xdg-utils 1.1.3-2 Versions of packages chromium-common recommends: ii chromium-sandbox 83.0.4103.116-3.1 ii fonts-liberation 1:1.07.4-11 ii gnome-shell [notification-daemon] 3.38.1-1 ii libgl1-mesa-dri 20.2.1-1 ii libu2f-udev 1.1.10-1.1 ii notification-daemon 3.20.0-4 ii system-config-printer 1.5.12-1 ii upower 0.99.11-2 Versions of packages chromium-driver depends on: ii libc6 2.31-4 ii libevent-2.1-7 2.1.12-stable-1 ii libglib2.0-0 2.66.2-1 ii libicu67 67.1-4 ii libminizip1 1.1-8+b1 ii libnspr4 2:4.29-1 ii libnss3 2:3.58-1 ii libre2-8 20201001+dfsg-1 ii libstdc++6 10.2.0-16 ii libx11-6 2:1.6.12-1 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages chromium-sandbox depends on: ii libc6 2.31-4 -- no debconf information
--- End Message ---
--- Begin Message ---Source: chromium Source-Version: 87.0.4280.88-0.1 Done: Michel Le Bihan <mic...@lebihan.pl> We believe that the bug you reported is fixed in the latest version of chromium, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 973...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michel Le Bihan <mic...@lebihan.pl> (supplier of updated chromium package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Dec 2020 00:00:00 +0000 Source: chromium Architecture: source Version: 87.0.4280.88-0.1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team <chrom...@packages.debian.org> Changed-By: Michel Le Bihan <mic...@lebihan.pl> Closes: 973848 Changes: chromium (87.0.4280.88-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream stable release (closes: 973848). - CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki - CVE-2020-16038: Use after free in media. Reported by Khalil Zhani - CVE-2020-16039: Use after free in extensions. Reported by Anonymous - CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero - CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull - CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara - CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara - CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara - CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar - CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff - CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim - CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine - CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous - CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum - CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion - CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01 - CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01 - CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani - CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by Benjamin Petermaier - CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara - CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs - CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous - CVE-2020-16017: Use after free in site isolation. Reported by Anonymous - CVE-2020-16016: Inappropriate implementation in base. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong @n3sk of Theori - CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks - CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri - CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev - CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero - CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp - CVE-2020-16001: Use after free in media. Reported by Khalil Zhani - CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani - CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15968: Use after free in Blink. Reported by Anonymous - CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous - CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15972: Use after free in audio. Reported by Anonymous - CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im of Theori - CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous - CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann - CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati - CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera @lbherrera_ - CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen @ SeraphicAlgorithms - CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin - CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera @lbherrera_ - CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero - CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke - CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard - CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans - CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous - CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs - CVE-2020-6575: Race in Mojo. Reported by Microsoft - CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang - CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft - CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab - CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de - CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu - CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa - CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira - CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani - CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS - CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei - CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable - CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos - CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang - CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori - CVE-2020-6545: Use after free in audio. Reported by Anonymous - CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess - CVE-2020-6547: Incorrect security UI in media. Reported by David Albert - CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research - CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori - CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6554: Use after free in extensions. Reported by Anonymous - CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos Checksums-Sha1: 3f3db829da10fde27505565d4855926f729f34e4 3585 chromium_87.0.4280.88-0.1.dsc 9c079c481a3d5c5df757b1cb84c9236e4c5c9c8b 393356668 chromium_87.0.4280.88.orig.tar.xz 397fe96b833bfb3419f36fd623f04771fe722684 150648 chromium_87.0.4280.88-0.1.debian.tar.xz 1be66017d8f877c1d54a336902f9bc07a5fcf3f6 14915 chromium_87.0.4280.88-0.1_source.buildinfo Checksums-Sha256: e3df0b61a192b7bdfeb400192964dcc3704132ff793b5942a29a8479addbef13 3585 chromium_87.0.4280.88-0.1.dsc b285589a46b7f7e0375f284e27959fa6da72d4dac47cdf1b090cd8abf71e8c92 393356668 chromium_87.0.4280.88.orig.tar.xz b40ba011616b75a9cacb7e70f3cc3bbc4d3948730522f29ddb8f9b11afa03077 150648 chromium_87.0.4280.88-0.1.debian.tar.xz eb573698c7e1f1fe5c86ed939ed5243dc5d87c078b7db0a40d72c09158621fdb 14915 chromium_87.0.4280.88-0.1_source.buildinfo Files: 8b4927119119f54d959c28e0d4f81363 3585 web optional chromium_87.0.4280.88-0.1.dsc dbd764f3ac033e137af4b8bb59597feb 393356668 web optional chromium_87.0.4280.88.orig.tar.xz a7a42960247341d671e08195421a12b2 150648 web optional chromium_87.0.4280.88-0.1.debian.tar.xz a1bd2ada03ba7dec1d50479862a57cfd 14915 web optional chromium_87.0.4280.88-0.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl/fhQEACgkQCBa54Yx2 K612lA//e+hsAoaczLdPwIi+gIIqeoCMhCjDtP9XDrVOcTFRh57KmTgquWPoHcEu S2VstURviGK67AtaV7UQ+aFNXtkGlz5r7ceXVDxxAytwcwfR6dIa15B7uH7F8K7v phyFMKQRTs/EUbY8FNNCAHpa9gZ+tfNxII4fwpwyrZlICd6oUOackunHvLMnZZ+5 UVnwS4CcgqaMCwJDnkOaseGNgFUUKm3yx8YTMtANQf9G/tM73yyQUa3YZWiR5RTd R1nIDnj0aasf/nEgWdNUO9vib1EJaK6Ow+5RXCcY4/XqtxpetYvqptQQ+0NtrWwd pEBDa1/t3M780v/AOOgJa4GloBf9yQKkpQtJTZMansj5JHSv7D4u+5vnrfHnp9Vl NAGdm0R2ALNbrgtmfsPx9HIHgzmR7GaiK9jCQoIpoS60be0AFLHp59VWGHna9vA1 bShA1cH7M6gZrgxUovFKjWQbP1xKGV9FceDXjlIgHKoqf9BRnJmwS6+csW1NQSgd 2CwzIGehoBqT45bRSYzDXuuGipBW0N2Aq9NsOhaMRb6ljQpxiBPIYRxcQdghA3b2 gnXAJrBojgTkXjpf7+DrLih6S6KwEa5jvslv+pDPHogRJUHGlieo2DLqFQmIFBvd /rxJ7UF5XQMSOzEZyFO/kv6KGvED5r9i7Q+W3B/8U5oYT7wPw2c= =MJZz -----END PGP SIGNATURE-----
--- End Message ---
