Your message dated Thu, 16 Jun 2022 06:48:12 +0000
with message-id <e1o1jia-0007tr...@fasolo.debian.org>
and subject line Bug#1011096: fixed in chromium 102.0.5005.61-1~deb11u1
has caused the Debian Bug report #1011096,
regarding chromium: i386 and armhf packages FTBFS in bullseye
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1011096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011096
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 101.0.4951.64-1~deb11u1
Severity: normal
X-Debbugs-Cc: bsteinb...@law.harvard.edu
Dear Maintainer,
Chromium 101.0.4951.64-1~deb11u1 has been accepted for bullseye-security, and
the package
is present for the amd64 architecture. I think it has been built for arm64, but
it has not
yet appeared at
http://security.debian.org/debian-security/pool/main/c/chromium/ -- I know
there's a lag between amd64 and arm64 builds, but I think this is longer than
usual.
Please let me know if there's a better place to report this kind of issue.
Thanks!
-- System Information:
Debian Release: 11.3
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 5.10.104-linuxkit (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_RANDSTRUCT
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to
C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages chromium depends on:
ii chromium-common 101.0.4951.41-1~deb11u1
ii libasound2 1.2.4-1.1
ii libatk-bridge2.0-0 2.38.0-1
ii libatk1.0-0 2.36.0-2
ii libatomic1 10.2.1-6
ii libatspi2.0-0 2.38.0-4
ii libc6 2.31-13+deb11u3
ii libcairo2 1.16.0-5
ii libcups2 2.3.3op2-3+deb11u1
ii libdbus-1-3 1.12.20-2
ii libdrm2 2.4.104-1
ii libevent-2.1-7 2.1.12-stable-1
ii libexpat1 2.2.10-2+deb11u3
ii libflac8 1.3.3-2+deb11u1
ii libfontconfig1 2.13.1-4.2
ii libfreetype6 2.10.4+dfsg-1
ii libgbm1 20.3.5-1
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-4+deb11u2
ii libjpeg62-turbo 1:2.0.6-4
ii libjsoncpp24 1.9.4-4
ii liblcms2-2 2.12~rc1-2
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.29-1
ii libnss3 2:3.61-1+deb11u2
ii libopenjp2-7 2.4.0-3
ii libopus0 1.3.1-0.1
ii libpango-1.0-0 1.46.2-3
ii libpng16-16 1.6.37-3
ii libpulse0 14.2-2
ii libre2-9 20210201+dfsg-1
ii libsnappy1v5 1.1.8-1
ii libstdc++6 10.2.1-6
ii libwebp6 0.6.1-2.1
ii libwebpdemux2 0.6.1-2.1
ii libwebpmux3 0.6.1-2.1
ii libx11-6 2:1.7.2-1
ii libxcb1 1.14-3
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.5-2
ii libxext6 2:1.3.3-1.1
ii libxfixes3 1:5.0.3-2
ii libxkbcommon0 1.0.3-2
ii libxml2 2.9.10+dfsg-6.7+deb11u1
ii libxrandr2 2:1.5.1-1
ii libxslt1.1 1.1.34-4
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium recommends:
ii chromium-sandbox 101.0.4951.41-1~deb11u1
Versions of packages chromium suggests:
ii chromium-driver 101.0.4951.41-1~deb11u1
ii chromium-l10n 101.0.4951.41-1~deb11u1
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.31-13+deb11u3
ii libstdc++6 10.2.1-6
ii libx11-6 2:1.7.2-1
ii libxext6 2:1.3.3-1.1
ii x11-utils 7.7+5
ii xdg-utils 1.1.3-4.1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium-common recommends:
ii chromium-sandbox 101.0.4951.41-1~deb11u1
ii fonts-liberation 1:1.07.4-11
ii libgl1-mesa-dri 20.3.5-1
ii libu2f-udev 1.1.10-3
ii notification-daemon 3.20.0-4
ii system-config-printer 1.5.14-1
ii upower 0.99.11-2
Versions of packages chromium-driver depends on:
ii libatomic1 10.2.1-6
ii libc6 2.31-13+deb11u3
ii libevent-2.1-7 2.1.12-stable-1
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.66.8-1
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.29-1
ii libnss3 2:3.61-1+deb11u2
ii libre2-9 20210201+dfsg-1
ii libstdc++6 10.2.1-6
ii libxcb1 1.14-3
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium-sandbox depends on:
ii libc6 2.31-13+deb11u3
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 102.0.5005.61-1~deb11u1
Done: Andres Salomon <dilin...@debian.org>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1011...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andres Salomon <dilin...@debian.org> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 May 2022 02:24:52 -0400
Source: chromium
Architecture: source
Version: 102.0.5005.61-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Andres Salomon <dilin...@debian.org>
Closes: 1011096
Changes:
chromium (102.0.5005.61-1~deb11u1) bullseye-security; urgency=high
.
* New upstream stable release.
- CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous
- CVE-2022-1854: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa)
- CVE-2022-1855: Use after free in Messaging. Reported by Anonymous
- CVE-2022-1856: Use after free in User Education. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1857: Insufficient policy enforcement in File System API.
Reported by Daniel Rhea
- CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad
- CVE-2022-1859: Use after free in Performance Manager. Reported by
Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab
- CVE-2022-1860: Use after free in UI Foundations.
Reported by @ginggilBesel
- CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani
- CVE-2022-1862: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz
- CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg
- CVE-2022-1864: Use after free in WebApp Installs.
Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab
- CVE-2022-1865: Use after free in Bookmarks.
Reported by Rong Jian of VRI
- CVE-2022-1866: Use after free in Tablet Mode.
Reported by @ginggilBesel
- CVE-2022-1867: Insufficient validation of untrusted input in
Data Transfer. Reported by MichaĆ Bentkowski of Securitum
- CVE-2022-1868: Inappropriate implementation in Extensions API.
Reported by Alesandro Ortiz
- CVE-2022-1869: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1870: Use after free in App Service. Reported by
Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
- CVE-2022-1871: Insufficient policy enforcement in File System API.
Reported by Thomas Orlita
- CVE-2022-1872: Insufficient policy enforcement in Extensions API.
Reported by ChaobinZhang
- CVE-2022-1873: Insufficient policy enforcement in COOP.
Reported by NDevTK
- CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
Reported by hjy79425575
- CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK
- CVE-2022-1876: Heap buffer overflow in DevTools.
Reported by @ginggilBesel
* debian/patches:
- system/jpeg.patch - straight refresh.
- disable/swiftshader.patch - straight refresh.
- disable/swiftshader-2.patch - refresh for upstream dropping of legacy
swiftshader GL stuff; they now use ANGLE.
- disable/angle-perftests.patch - refresh.
- system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations
argument change.
- bullseye/clang11.patch - merge cast-call.patch into it, as well as
dropping additional unsupported clang arguments.
- bullseye/cast-call.patch - drop.
- upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS.
- upstream/blink-ftbfs.patch - another FTBFS patch.
- upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch -
fix a build failure that only happens with clang + GNU's libstdc++.
- upstream/byteswap-constexpr.patch - add this to fix bullsye builds on
32-bit platforms (closes: #1011096).
* Don't build unneccessary dawn build tests.
Checksums-Sha1:
659cb2f8e5f2194d8228affad98732c5578febca 3689
chromium_102.0.5005.61-1~deb11u1.dsc
47331ae6f69d5a5878e82c8292f0725f1bf5346a 601246340
chromium_102.0.5005.61.orig.tar.xz
2762e85869f0bc512e38e30fc1f78bff7d0cf723 210856
chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
55398206dee6c91e7ca6b6300cde37c7eade57eb 20577
chromium_102.0.5005.61-1~deb11u1_source.buildinfo
Checksums-Sha256:
67f2fbf807fa254e9504123c966a0c72eba787cdc591965bee9e14b9e90e3b9f 3689
chromium_102.0.5005.61-1~deb11u1.dsc
9b44f0f42a3b11240bac0b62587994e0fa8f59a27a4e090a3513d62949423690 601246340
chromium_102.0.5005.61.orig.tar.xz
3b7c2cdb3274e4784c4a5b2bfa3d255d5a23a1a2e844e271e24e11838742950e 210856
chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
d2459a4483776cf93b8b0fc377c6fc43216006e018314d18631740b3a14ed92e 20577
chromium_102.0.5005.61-1~deb11u1_source.buildinfo
Files:
e16fcba11587074f8ac7bd9af01dc1c9 3689 web optional
chromium_102.0.5005.61-1~deb11u1.dsc
45045d678bc6e6184d7e4e3caf230732 601246340 web optional
chromium_102.0.5005.61.orig.tar.xz
a0dd0074ca7471d2b7b94309fe13abe3 210856 web optional
chromium_102.0.5005.61-1~deb11u1.debian.tar.xz
1c4475a13c68b398acc776d67a8bdab7 20577 web optional
chromium_102.0.5005.61-1~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmKNzz0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfXtg//VMpQ7Z7ekjwzBeylGGU4MRNYtGzD
l+SoPO6xtJ24lpIesxY/CfBdkuuSXFMcgmquEg/BEFkO6Qsfz36vBZpeKL72U5vg
g2+py1c5waUatA8nGfDyu28J4QOhOzN5yM1EnQsmaWIjMS/WSMwHXEVBLGcoN4pd
YebnWgd4Ot/3fBd9HunlgJYacS9X7iCerck9ttM192zlS94MwUW9Pa5syUnRDShv
YqQqbJZYadCV7GKLmH+agT5PJZvyLBhCk5iwRzbVb4jjdf8ugREqGNhwDRhiiwvW
+YP5YU1/VLMYbm32WOyrI+w1doiT3dZwTlflJlTjNMsOTVEIBZrriE8OOzqcsP+t
rlwAc5Gv7bn6C6Jzkxfja7EgSiT9zB7nP82L2oZMSOR3PFpCfYUOCMY7BJ50qibp
Jcp+DJ7MUbuZolVl/JfoyeFK4hiSJItBNKmzfqi+I/CgRG1sBERmNHbixp7SePpB
rS1YscSJOeLcFJ1PVHHrvroxxbDkRLE6QPzWDR7xyTKkG78UfIwhrE92PvwhaQMw
lTJ1U/mxHJaBbSzTC9C5q+8ZtS4j1kqk3M1dE4yKxYKPEVGuYKWozglj5oA/wqxQ
R/6gbacoP+9L/SzqsLmjyZ3WtD0HuyN5K10vCtidYDtZV2zAGBf0oSI9Fh5Fu1Ta
gWUG4WGfpmqj94U=
=mEPb
-----END PGP SIGNATURE-----
--- End Message ---