Accepted chromium 104.0.5112.101-1 (source) into unstable

Debian FTP Masters Wed, 17 Aug 2022 00:02:47 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 16 Aug 2022 17:29:29 -0400
Source: chromium
Architecture: source
Version: 104.0.5112.101-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Andres Salomon <dilin...@debian.org>
Closes: 956012 1005808 1010407 1013268
Changes:
 chromium (104.0.5112.101-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2022-2852: Use after free in FedCM.
       Reported by Sergei Glazunov of Google Project Zero
     - CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy
       Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
     - CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim
       of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
     - CVE-2022-2857: Use after free in Blink. Reported by Anonymous
     - CVE-2022-2858: Use after free in Sign-In Flow.
       Reported by raven at KunLun lab
     - CVE-2022-2853: Heap buffer overflow in Downloads.
       Reported by Sergei Glazunov of Google Project Zero
     - CVE-2022-2856: Insufficient validation of untrusted input in Intents
       Reported by Ashley Shen and Christian Resell of Google Threat
       Analysis Group
     - CVE-2022-2859: Use after free in Chrome OS Shell. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
     - CVE-2022-2860: Insufficient policy enforcement in Cookies.
       Reported by Axel Chong
     - CVE-2022-2861: Inappropriate implementation in Extensions API.
       Reported by Rong Jian of VRI
   * Change default search engine to DuckDuckGo for privacy reasons.
     Set a different search engine under Settings -> Search Engine
     (closes: #956012).
   * Drop a bunch of versioned build-deps that have been satisfied
     since at least oldoldstable.
   * debian/NEWS.Debian:
     - Document upstream dropping support for older TLSv1 and TLSv1.1
       protocols (closes: #1005808).
     - Document upstream dropping support for older x86 CPUs without
       SSE3 instruction support (closes: #1010407).
     - Document the Google to DuckDuckGo change.
     - Document upstream's config renaming of AuthServerWhitelist to
       AuthServerAllowlist (closes: #1013268).
Checksums-Sha1:
 1c33b6d07d39a5853724e1a4065e439228a83b65 3568 chromium_104.0.5112.101-1.dsc
 d02954c54934e57b62c3bf0d5969e1148d0b1560 610982780 
chromium_104.0.5112.101.orig.tar.xz
 1fd11b65582c7c66ef25cc8b9eabd021e806cc6e 210084 
chromium_104.0.5112.101-1.debian.tar.xz
 0faa0967e1ff1da78326e6b25a5843c67e999a38 20049 
chromium_104.0.5112.101-1_source.buildinfo
Checksums-Sha256:
 28f131fb7a26114a7555ad5f11670bc2c636cf378bf402bb98ff725d7ebccd18 3568 
chromium_104.0.5112.101-1.dsc
 c56a57a2e3f25ed3b5ad6e0f239171d5f8e534d35631b72ea23f33feb8519067 610982780 
chromium_104.0.5112.101.orig.tar.xz
 f4b7a1bd0fefb3092bb4a2371733c203638e634f8be7d1ecc3240ab32a97b924 210084 
chromium_104.0.5112.101-1.debian.tar.xz
 e6ae4259343e8867d995a176cdacd6804abb39f94889c59fd6fef1a601db73f3 20049 
chromium_104.0.5112.101-1_source.buildinfo
Files:
 32b1cbfda1c4bdb85c57e1d4ad772259 3568 web optional 
chromium_104.0.5112.101-1.dsc
 6c34a263344736a464f7e385b64abc2c 610982780 web optional 
chromium_104.0.5112.101.orig.tar.xz
 09c407d189c79fc1b805ac07886aac4a 210084 web optional 
chromium_104.0.5112.101-1.debian.tar.xz
 2833d7511818c7a965686751ae7cf4ac 20049 web optional 
chromium_104.0.5112.101-1_source.buildinfo
Accepted chromium 104.0.5112.101-1 (source) into unstable

Reply via email to
