-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Mar 2021 09:48:03 +0100 Source: chromium Architecture: source Version: 89.0.4389.82-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team <chrom...@packages.debian.org> Changed-By: Michel Le Bihan <mic...@lebihan.pl> Closes: 984532 Changes: chromium (89.0.4389.82-1) unstable; urgency=medium . * New upstream stable release (closes: #984532). - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported by Muneaki Nishimura nishimunea - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera @lbherrera_ - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu @P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan sourc7 - CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera @lbherrera_ - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong - CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean Campbell at Tableau - CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of Illinois at Chicago, Jason Polakis University of Illinois at Chicago - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera @lbherrera_ - CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi @y0n3uchy - CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty - CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team Checksums-Sha1: 29ce4eb50596a37358aee583974a03a4ec851c22 3639 chromium_89.0.4389.82-1.dsc 2966d69b45c664b6498dde8da163be9fe7b9f39c 427191424 chromium_89.0.4389.82.orig.tar.xz 6b7f98cfca418ac6ee271a72031ed89a266ee938 208292 chromium_89.0.4389.82-1.debian.tar.xz 768e4a551036cf8022104f924a3f7884e27d41cd 14751 chromium_89.0.4389.82-1_source.buildinfo Checksums-Sha256: 46e4bf1edcfc5d73fadbbddfa93e0f15cdcd39c159ffd9186c7fa67e59632baf 3639 chromium_89.0.4389.82-1.dsc a9c18279f7dbb2f1bfc2a212e2c43bad06456983c1d32db95afeeda4ec210d61 427191424 chromium_89.0.4389.82.orig.tar.xz d3acc616045d8a596a0824dd5347867997560a1b2115fd6b35d28e8fd570f19b 208292 chromium_89.0.4389.82-1.debian.tar.xz 6bce2336450d04bd0d708085332f4b788bca09ce9c57b13cce39883a792a33a0 14751 chromium_89.0.4389.82-1_source.buildinfo Files: 6e8e4fce0333f7422880bd3ea9dca382 3639 web optional chromium_89.0.4389.82-1.dsc e5a499e999e7b73149cff1c1abf374e2 427191424 web optional chromium_89.0.4389.82.orig.tar.xz ac4b2762d56c5daf05415c13f8f26c92 208292 web optional chromium_89.0.4389.82-1.debian.tar.xz fa3d75bbb311b63e5465fca686758642 14751 web optional chromium_89.0.4389.82-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBGdWgACgkQCBa54Yx2 K616rQ//ZmngjDhLQpwOotg2CLD0qE8oMPYEayWuQtsNG+1M2GG+zMXl12dpb4dS J6WSXu7B+QBfrVKnyXz88WV6cEod/TQ487pYyHOvxmuS+RdqDJMb9VyRzaWP+smm HiK3YiFYSf8OumBNo2d1r/J5fG+csLjOPa24ekDh+YlswSM+G3oDlyHYRNzL4rMy EapPtg7tDWdtbpNgt9sKaj8DMM15UmiFj8RKwVABvHxk9nUmPLUYRqcg4d1qDRNd YXXwEF1JUMiZ8XLgyRV1oPlA4Fup3EuMe4l3bRV6yYvNgYR/cLra4Hw0ZU2SjnN8 wghNp5XO/cVnaAUQXmd+aozZy/RcnmJUSLdBZ7qn2E7LlbdNiIParTqdI9DQeYRd Tk0NGgXDdKPzz3wsoDaluFudF24J7H/ZqmYYaLw+PG5E56BmBrTR+Jr8Qj0j2RlS 6wC5X9saYVIAeMwayyA6ftuUIp5P8sGIOuIf/rwSYqy4nrw4kpjBLkyQ6TDaeIH1 F1Ri+FPObGzfLUEbTQPaB9ciDcGrbd1gFTbWotUhNkn5ECDFqL9jdQjfKUqtWVnr VIR8lPoLoUgFq+SFzVaeuD1iXrXhgXmAhhQTNrDueIQnvwZR57l+Jzis1JMReWdY Q5s8uWBSYJORBPWUp7aLBg/9FnpCd3BGUBLPANhwqB1Fvs4qD5o= =uv3X -----END PGP SIGNATURE-----