Accepted chromium 105.0.5195.52-1 (source) into unstable

Wed, 31 Aug 2022 20:04:01 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 31 Aug 2022 20:48:11 -0400
Source: chromium
Architecture: source
Version: 105.0.5195.52-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Andres Salomon <dilin...@debian.org>
Closes: 987292
Changes:
 chromium (105.0.5195.52-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2022-3038: Use after free in Network Service.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2022-3039: Use after free in WebSQL. Reported by
       Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability
       Research Institute.
     - CVE-2022-3040: Use after free in Layout. Reported by Anonymous.
     - CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and
       Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute.
     - CVE-2022-3042: Use after free in PhoneHub. Reported by koocola
       (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute.
     - CVE-2022-3043: Heap buffer overflow in Screen Capture.
       Reported by @ginggilBesel.
     - CVE-2022-3044: Inappropriate implementation in Site Isolation.
       Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research
     - CVE-2022-3045: Insufficient validation of untrusted input in V8.
       Reported by Ben Noordhuis <i...@bnoordhuis.nl>.
     - CVE-2022-3046: Use after free in Browser Tag.
       Reported by Rong Jian of VRI.
     - CVE-2022-3071: Use after free in Tab Strip.
       Reported by @ginggilBesel.
     - CVE-2022-3047: Insufficient policy enforcement in Extensions API.
       Reported by Maurice Dauer.
     - CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen.
       Reported by Andr.Ess.
     - CVE-2022-3049: Use after free in SplitScreen.
       Reported by @ginggilBesel.
     - CVE-2022-3050: Heap buffer overflow in WebUI.
       Reported by Zhihua Yao of KunLun Lab.
     - CVE-2022-3051: Heap buffer overflow in Exosphere.
       Reported by @ginggilBesel.
     - CVE-2022-3052: Heap buffer overflow in Window Manager.
       Reported by Khalil Zhani.
     - CVE-2022-3053: Inappropriate implementation in Pointer Lock.
       Reported by Jesper van den Ende (Pelican Party Studios).
     - CVE-2022-3054: Insufficient policy enforcement in DevTools.
       Reported by Kuilin Li.
     - CVE-2022-3055: Use after free in Passwords. Reported by Weipeng
       Jiang (@Krace) and Guang Gong of 360 Vulnerability Research
       Institute.
     - CVE-2022-3056: Insufficient policy enforcement in Content
       Security Policy. Reported by Anonymous.
     - CVE-2022-3057: Inappropriate implementation in iframe Sandbox.
       Reported by Gareth Heyes.
     - CVE-2022-3058: Use after free in Sign-In Flow.
       Reported by raven at KunLun lab.
   * Drop workaround for lack of older clang's -ffile-prefix-map. This
     should make reproducible builds happy.
   * debian/copyright:
     - Update for new libevent location (moved out of base/).
     - libopenjpeg20 -> libopenjpeg
   * debian/patches:
     - debianization/support-i386.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/libaom-arm.patch: refresh.
     - system/event.patch: update for new libevent location.
     - system/openjpeg.patch: refresh.
     - bullseye/clang13.patch: drop part of patch dropped upstream.
     - upstream/disk-cache.patch: build fix pulled from upstream.
     - upstream/browser-finder.patch: build fix pulled from upstream.
     - upstream/masklayer-geom.patch: build fix pulled from upstream.
     - system/jsoncpp.patch: drop, merged upstream.
     - fixes/angle-wayland: build fix due to mismatched wayland headers
       on sid. Only needed until angle updates its copy of wayland.
     - disable/welcome-page.patch: drop. Upstream fixed the original
       issue some time ago, and this new version finally cleaned up
       the workaround.
     - fixes/connection-message.patch: drop it. I looked at sending this
       upstream, but the original extension doesn't exist any more,
       and chromium properly prints an error if a proxy is unreachable.
       If you can still reproduce the issue (described in
       http://bugs.debian.org/864539), let me know so I can get it fixed
       upstream.
   * debian/scripts/unbundle: upstream tripled the number of (previously
     vendored) libraries that we can use system versions of. However,
     the majority of them are either not in bullseye or are too old, so
     we'll have to wait to use the debian versions for the ones not newly
     added as build-deps.
   * Disable optimize_webui, due to a build failure using nodejs from
     bullseye. I'll reenable this when it either gets fixed or we're done
     with bullseye security support.
   * Remove sse3-support dependency and just refuse to run if SSE3 is
     not present. Breaking via preinst script isn't appropriate for
     packages that might be installed by default (eg, by Debian Edu).
   * debian/control: add build-deps for brotli, libdouble-conversion-dev,
     libwoff-dev, and libxnvctrl-dev (closes: #987292).
   * Rework default search engine stuff. People did not like the "Your
     browser is managed" and "Your administrator can change your browser
     setup remotely" messages, which are admittedly alarming.
     Instead of using /etc/chromium/policies/recommended/duckduckgo.json,
     delete that and use /etc/chromium/master_preferences instead.
Checksums-Sha1:
 8330c4899b5aec37c962d7acb2a7f68006ee3ada 3624 chromium_105.0.5195.52-1.dsc
 6ba6f55075924cd84f5965df56e8f3af3a518187 649804380 
chromium_105.0.5195.52.orig.tar.xz
 f7b18003f79ada31b41c2ced9ed884eae4107fef 211588 
chromium_105.0.5195.52-1.debian.tar.xz
 4adafac6ba800a4df177955637292955b0cb541e 20210 
chromium_105.0.5195.52-1_source.buildinfo
Checksums-Sha256:
 4b2d5d0dbc7c7852c1630978ce219075464c415c4138effe78e464e6857d2c4a 3624 
chromium_105.0.5195.52-1.dsc
 0e6291a7ed25a05f888c75a5c4d9851d7caaef7a4e107726f7d1eec8009925a6 649804380 
chromium_105.0.5195.52.orig.tar.xz
 e959b87ff9fcb5a7cb1cbe110fd23709ad6a0c136ae73d8e0ad13af2ec7341c1 211588 
chromium_105.0.5195.52-1.debian.tar.xz
 d0bb34c157f172a4b70e0a3491bf0e1e2cef5ebac079bff711360d9f90979afb 20210 
chromium_105.0.5195.52-1_source.buildinfo
Files:
 67d230fefd58ea5f30d46a500495d3e6 3624 web optional chromium_105.0.5195.52-1.dsc
 c54755caa29708fee3b7c55ebffcee6b 649804380 web optional 
chromium_105.0.5195.52.orig.tar.xz
 afa4af33287ed55f49b37f3a8be89d48 211588 web optional 
chromium_105.0.5195.52-1.debian.tar.xz
 83a535f077dc0c09ae58032510b68227 20210 web optional 
chromium_105.0.5195.52-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmMQFKEUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdY4g/+KrR86TC1b+YWO4gS72mXW1Lgr3LY
Ukm7+Oj6GFYfU72moXcXC8/L253hZLkbWZeTd77wIEIXQXkpqQEcnoYzqPMoT6Kx
DECSe3D1e666u2oKrVJdr3sDVdOPze8Ug2h4HF6oGkhj57tDwzW5AD+/+GL7ZZXn
RTNgLO/Fce2k3QDWVbzuc3lzlYH1JkBrKwr2Tx1/qM2k+1+ercz4TSgbXdIV9MXv
r/loLS6bA/iV4fX1HaCNqtkFDl3+je4uAImHmpxEeIE0aC9EtQNT6MUdIPEPTsix
P8S5avf5NOnxcgDFgQ51plO2RN0X0KXYpwck6S/2fKwLs+u40WF4xmZKm/wOaFwg
+7INNMrNDd3zxNZ2AgRVy93/gMpstBVkR/STO2wRuCxevDRTx75R8T9pO9iJFhB9
EC1YldRwtkjvGNNfgCRPGZOLFNDctjSMGRx5mzBbiUmROMHHK/U6g8yfLJcK0J0J
QH7aSP7zIwp0pJNMLeg99Lfr6Jm4SoNHpc/q7BMDiOLSo0u6aKu1ouT2D3CRrNfT
eTQRWcVfjrx3zrkwjPrRQ79Dk1e327ra3DxJTYULArw1EwbIxAXpt+RJPW/2PGtj
CiOcTqHzhmhGAXzK+haR3ObbW3zTACyBxFzriDka6Io7oHB/HJKDgufbqpofZPGu
jxQQzn7YAf0QsZE=
=k5XS
-----END PGP SIGNATURE-----

Reply via email to