Bug#1061591: rhsrvany: tests can fail on ci.debian.net due to wine32 installation
package: src:rhsrvany version: 1.1-2 severity: serious tag: patch runsrvany64 and runpnpwait64 autopkgtests can fail on amd64 on ci.debian.net because of foreign arch wine32 installability issues [0]. This currently prevents wine from migrating to testing [1]. The attached patch solves the problem by removing wine32 install from the scripts. wine32 isn't needed since the tests run correctly on amd64 when wine and wine64 are installed, which is the case for ci.debian.net. Best wishes, Mike [0] https://ci.debian.net/packages/r/rhsrvany/testing/amd64/42392786/ [1] https://qa.debian.org/excuses.php?package=wine --- a/debian/tests/runsrvany64 +++ b/debian/tests/runsrvany64 @@ -1,5 +1,4 @@ #!/bin/sh set -e -dpkg --add-architecture i386 && apt-get update && apt-get -y install wine32 wine /usr/share/virt-tools/rhsrvany.exe install wine /usr/share/virt-tools/rhsrvany.exe uninstall --- a/debian/tests/runpnpwait64 +++ b/debian/tests/runpnpwait64 @@ -1,4 +1,3 @@ #!/bin/sh set -e -dpkg --add-architecture i386 && apt-get update && apt-get -y install wine32 wine /usr/share/virt-tools/pnp_wait.exe
Bug#1061591: rhsrvany: tests can fail on ci.debian.net due to wine32 installation
package: src:rhsrvany version: 1.1-2 severity: serious tag: patch runsrvany64 and runpnpwait64 autopkgtests can fail on amd64 on ci.debian.net because of foreign arch wine32 installability issues [0]. This currently prevents wine from migrating to testing [1]. The attached patch solves the problem by removing wine32 install from the scripts. wine32 isn't needed since the tests run correctly on amd64 when wine and wine64 are installed, which is the case for ci.debian.net. Best wishes, Mike [0] https://ci.debian.net/packages/r/rhsrvany/testing/amd64/42392786/ [1] https://qa.debian.org/excuses.php?package=wine --- a/debian/tests/runsrvany64 +++ b/debian/tests/runsrvany64 @@ -1,5 +1,4 @@ #!/bin/sh set -e -dpkg --add-architecture i386 && apt-get update && apt-get -y install wine32 wine /usr/share/virt-tools/rhsrvany.exe install wine /usr/share/virt-tools/rhsrvany.exe uninstall --- a/debian/tests/runpnpwait64 +++ b/debian/tests/runpnpwait64 @@ -1,4 +1,3 @@ #!/bin/sh set -e -dpkg --add-architecture i386 && apt-get update && apt-get -y install wine32 wine /usr/share/virt-tools/pnp_wait.exe
Bug#956181: zlib: provide minizip binary packages
Bastian Germann wrote:
> Mark has stated on https://github.com/madler/zlib/issues/742 that
> he will not be working on this.
I am willing to volunteer as zlib co-maintainer focusing solely on
minizip so that Mark need do no work related to it.
> Mark, are you aware that this has a patch already?
I updated the minizip patch to apply to zlib 1.2.13 (from previously
1.2.11), attached below. What do you think?
Best wishes,
Mike
diff -Nru zlib-1.2.13.dfsg/debian/changelog zlib-1.2.13.dfsg/debian/changelog
--- zlib-1.2.13.dfsg/debian/changelog 2022-11-05 12:24:46.0 +
+++ zlib-1.2.13.dfsg/debian/changelog 2023-08-02 01:30:53.0 +
@@ -1,3 +1,9 @@
+zlib (1:1.2.13.dfsg-1.1) UNRELEASED; urgency=medium
+
+ * Build minizip packages.
+
+ -- Michael Gilbert Wed, 02 Aug 2023 01:30:53 +
+
zlib (1:1.2.13.dfsg-1) unstable; urgency=low
* New upstream release.
diff -Nru zlib-1.2.13.dfsg/debian/control zlib-1.2.13.dfsg/debian/control
--- zlib-1.2.13.dfsg/debian/control 2022-11-05 12:24:46.0 +
+++ zlib-1.2.13.dfsg/debian/control 2023-08-02 01:30:53.0 +
@@ -4,7 +4,7 @@
Maintainer: Mark Brown
Standards-Version: 4.6.1
Homepage: http://zlib.net/
-Build-Depends: debhelper (>= 13), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] , dpkg-dev (>= 1.16.1)
+Build-Depends: debhelper (>= 13), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] , dpkg-dev (>= 1.16.1), autoconf
Package: zlib1g
Architecture: any
@@ -118,3 +118,50 @@
This package should ONLY be used for building packages, users who do
not need to build packages should use multiarch to install the relevant
runtime.
+
+Package: minizip
+Section: utils
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Replaces:
+ zlib-bin,
+Conflicts:
+ zlib-bin,
+Description: compression library - minizip tools
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip and miniunzip tools.
+
+Package: libminizip1
+Architecture: any
+Multi-Arch: same
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: compression library - minizip library
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip library.
+
+Package: libminizip-dev
+Architecture: any
+Multi-Arch: same
+Section: libdevel
+Depends:
+ ${misc:Depends},
+ libminizip1 (= ${binary:Version})
+Replaces:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Breaks:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Description: compression library - minizip development files
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes development support files for the minizip library.
diff -Nru zlib-1.2.13.dfsg/debian/libminizip-dev.install zlib-1.2.13.dfsg/debian/libminizip-dev.install
--- zlib-1.2.13.dfsg/debian/libminizip-dev.install 1970-01-01 00:00:00.0 +
+++ zlib-1.2.13.dfsg/debian/libminizip-dev.install 2023-08-02 01:29:43.0 +
@@ -0,0 +1,4 @@
+usr/include/minizip
+usr/lib/*/libminizip.a
+usr/lib/*/libminizip.so
+usr/lib/*/pkgconfig/minizip.pc
diff -Nru zlib-1.2.13.dfsg/debian/libminizip1.install zlib-1.2.13.dfsg/debian/libminizip1.install
--- zlib-1.2.13.dfsg/debian/libminizip1.install 1970-01-01 00:00:00.0 +
+++ zlib-1.2.13.dfsg/debian/libminizip1.install 2023-08-02 01:29:43.0 +
@@ -0,0 +1 @@
+usr/lib/*/libminizip.so.*
diff -Nru zlib-1.2.13.dfsg/debian/libminizip1.symbols zlib-1.2.13.dfsg/debian/libminizip1.symbols
--- zlib-1.2.13.dfsg/debian/libminizip1.symbols 1970-01-01 00:00:00.0 +
+++ zlib-1.2.13.dfsg/debian/libminizip1.symbols 2023-08-02 01:30:53.0 +
@@ -0,0 +1,62 @@
+libminizip.so.1 libminizip1
+ call_zopen64@Base 1.1
+ call_zseek64@Base 1.1
+ call_ztell64@Base 1.1
+ fill_fopen64_filefunc@Base 1.1
+ fill_fopen_filefunc@Base 1.1
+ fill_zlib_filefunc64_32_def_from_filefunc32@Base 1.1
+ unzClose@Base 1.1
+ unzCloseCurrentFile@Base 1.1
+ unzGetCurrentFileInfo64@Base 1.1
+ unzGetCurrentFileInfo@Base 1.1
+ unzGetCurrentFileZStreamPos64@Base 1.1
+ unzGetFilePos64@Base 1.1
+ unzGetFilePos@Base 1.1
+ unzGetGlobalComment@Base 1.1
+ unzGetGlobalInfo64@Base 1.1
+ unzGetGlobalInfo@Base 1.1
+ unzGetLocalExtrafield@Base 1.1
+ unzGetOffset64@Base 1.1
+ unzGetOffset@Base 1.1
+ unzGoToFilePos64@Base 1.1
+ unzGoToFilePos@Base 1.1
+ unzGoToFirstFile@Base 1.1
+ unzGoToNextFile@Base 1.1
+ unzLocateFile@Base 1.1
+ unzOpen2@Base 1.1
+ unzOpen2_64@Base 1.1
+ unzO
Bug#1031655: Lutris: wine build does not support Esync/Fsync
control: severity -1 normal control: reassign -1 src:lutris Bernhard Übelacker wrote: > It looks like Lutris extracts the version > from the path the wine executable was found. Lutris parses version information from "wine --version" to conclude whether features are supported [0]. The wine in debian outputs package version detail, which lutris does not currently ignore and concludes that the version is not in its known good set (i.e. does not support particular features). Lutris needs to be updated to ignore the extra package details returned by the debian wine package. Best wishes, Mike [0] https://github.com/lutris/lutris/blob/v0.5.12/lutris/util/wine/wine.py#L274
Bug#1031655: Lutris: wine build does not support Esync/Fsync
control: severity -1 normal control: reassign -1 src:lutris Bernhard Übelacker wrote: > It looks like Lutris extracts the version > from the path the wine executable was found. Lutris parses version information from "wine --version" to conclude whether features are supported [0]. The wine in debian outputs package version detail, which lutris does not currently ignore and concludes that the version is not in its known good set (i.e. does not support particular features). Lutris needs to be updated to ignore the extra package details returned by the debian wine package. Best wishes, Mike [0] https://github.com/lutris/lutris/blob/v0.5.12/lutris/util/wine/wine.py#L274
Bug#1031573: RM: jthread -- ROM; abandoned upstream, unmaintained
package: ftp.debian.org severity: normal user: ftp.debian@packages.debian.org usertags: remove Please remove src:jthread from bookworm and sid. It no longer has reverse dependencies and is abandoned upstream. It has release critical bug #1031253 that I plan to not fix. Best wishes, Mike
Bug#1013082: wine: CombineZP doesn't display a picture
Günter Frenz wrote: > version 6.18~repack-1 is the last working version. When comparing this > to the current version 7.0, I noticed an error message in CombineZP > saying "CreateCompatibleBitmap failed", maybe this helps too. Bitmap handling was moved from dlls/gdi32 to dlls/win32u between 6.18 and 6.19 (commit 08f677ca). There was also refactoring related to bitmap memory allocation, which may be relevant (commit 6ea18f66). That should be a start to begin working out which commit caused the problem. Best wishes, Mike
Bug#1013082: wine: CombineZP doesn't display a picture
Günter Frenz wrote: > version 6.18~repack-1 is the last working version. When comparing this > to the current version 7.0, I noticed an error message in CombineZP > saying "CreateCompatibleBitmap failed", maybe this helps too. Bitmap handling was moved from dlls/gdi32 to dlls/win32u between 6.18 and 6.19 (commit 08f677ca). There was also refactoring related to bitmap memory allocation, which may be relevant (commit 6ea18f66). That should be a start to begin working out which commit caused the problem. Best wishes, Mike
Bug#1013082: wine: CombineZP doesn't display a picture
control: tag -1 moreinfo Günter Frenz wrote: > I'm using CombineZP (https://combinezp.software.informer.com/1.0/) with wine. > Since the > latest update the pictures are no longer displayed. Are you saying it worked correctly with wine 6.0.3~repack-1? If so, are you able to test the 6.x wine-development packages from snapshot.debian.org [0] to determine when the regression began? Best wishes, Mike [0] https://snapshot.debian.org/package/wine-development/
Bug#1013082: wine: CombineZP doesn't display a picture
control: tag -1 moreinfo Günter Frenz wrote: > I'm using CombineZP (https://combinezp.software.informer.com/1.0/) with wine. > Since the > latest update the pictures are no longer displayed. Are you saying it worked correctly with wine 6.0.3~repack-1? If so, are you able to test the 6.x wine-development packages from snapshot.debian.org [0] to determine when the regression began? Best wishes, Mike [0] https://snapshot.debian.org/package/wine-development/
Bug#1011430: RM: vkd3d [s390x] -- ROM; tests fail on s390x, not yet intended to be supported in a stable release
package: ftp.debian.org severity: normal Please remove vkd3d binaries from s390x (testing only). s390x is not yet a supported architecture upstream and autopkg tests currently fail for that architecture. See #1010331. Best wishes, Mike
[Git][security-tracker-team/security-tracker][master] include missing chromium CVE
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f6a50f8 by Michael Gilbert at 2021-05-19T02:00:48+00:00
include missing chromium CVE
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -2,7 +2,7 @@
{CVE-2019-18978}
[buster] - ruby-rack-cors 1.0.2-1+deb10u1
[18 May 2021] DSA-4917-1 chromium - security update
- {CVE-2021-3051 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508
CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513
CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30518 CVE-2021-30519
CVE-2021-30520}
+ {CVE-2021-3051 CVE-2021-30506 CVE-2021-30507 CVE-2021-30508
CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513
CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518
CVE-2021-30519 CVE-2021-30520}
[buster] - chromium 90.0.4430.212-1~deb10u1
[17 May 2021] DSA-4916-1 prosody - security update
{CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920
CVE-2021-32921}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6a50f87d9caae2bc06866cb7504f9e0da585ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6a50f87d9caae2bc06866cb7504f9e0da585ff
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DSA 4917-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4917-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert May 17, 2021 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520 Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface. CVE-2021-30507 Alison Huffman discovered an error in the Offline mode. CVE-2021-30508 Leecraso and Guang Gong discovered a buffer overflow issue in the Media Feeds implementation. CVE-2021-30509 David Erceg discovered an out-of-bounds write issue in the Tab Strip implementation. CVE-2021-30510 Weipeng Jiang discovered a race condition in the aura window manager. CVE-2021-30511 David Erceg discovered an out-of-bounds read issue in the Tab Strip implementation. CVE-2021-30512 ZhanJia Song discovered a use-after-free issue in the notifications implementation. CVE-2021-30513 Man Yue Mo discovered an incorrect type in the v8 javascript library. CVE-2021-30514 koocola and Wang discovered a use-after-free issue in the Autofill feature. CVE-2021-30515 Rong Jian and Guang Gong discovered a use-after-free issue in the file system access API. CVE-2021-30516 ZhanJia Song discovered a buffer overflow issue in the browsing history. CVE-2021-30517 Jun Kokatsu discovered a buffer overflow issue in the reader mode. CVE-2021-30518 laural discovered use of an incorrect type in the v8 javascript library. CVE-2021-30519 asnine discovered a use-after-free issue in the Payments feature. CVE-2021-30520 Khalil Zhani discovered a use-after-free issue in the Tab Strip implementation. For the stable distribution (buster), these problems have been fixed in version 90.0.4430.212-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmCjKigACgkQmD40ZYkU aygutiAAoTR+pOTfxVWYgdzkPI4z5VSeoFm6nWmE2UhB+yowe7MSczx69hJ9O0DF c+KyNJkolgkOA6Vu8oywbYhikIj5wSVhFwq3CuAE8IGyDF2T1qNeGiVfXyzO1VHK r/3zSLZIa7vvRL3/Znb+lhGbrXCAgMEDizzztvIVuZq9vnV6oYDpBVCaSCmk2nBv AUcuRkBiYp3WEKwOs3N3LJ96WwcObjXUEIyioGXMyczJDRNSN5M7m65A8dlogAvx tHNipgcMcMU08sAR3Zrw6AwKDqQRaq0tuDmgf85cLDKKAWpJgA8UQQe5l6NJPjlB WQ0ZvJwO4U2oTKjb7kLBSkZsnqeXqor44Hi+2hcW+4ZhL55N9Cq0rjzeNyUbi5Bl sGnWrpgg6llIh0e40g6Niq47/1fUMHtiCHrqvn0/lkdpWQ3UvPHV+efWPe1KpIaT vhq7ja/wS/zIr4glVIvzXprV9vJH1dKcPB/dukdb2jZWBeEF4Dj7GqP+hHMpqR1x KodWOsInNC+aqiPb6r5VCMpm3l1KxiI8bdTzhPz5cmSlb3n/DuDlGq2bmjA02FGy 2u19R1S7bQbn8yUOB5KGwYnWNVdYo6VugEkfCEnmc0D3ev5LWx9fdqunrZhqWfeZ izWG5WfutUmIeZ2+SqdFdGUC50ZSCppdnH2Nmc31QvpZfDy2WQk/FtieyCKRm3D1 Oo1rD4GHbw+WCJfQbmSIwit0AZJVG5hyIOComzojMMQdFyihv5N59sZ2LHBOFl3r J67x9cdPcNCHIKE+hmvnLcf2N+GPSM4PTFyibs5cmUMlsiNnInQVcizV6a25nY8X iiI7OoG3W+hHcxY3hcl8nHrI/KiQ/ji7yY1bzjfmjR7uEMKhNQz3GH7XAdGo7B5+ HDPg/UH/euXRl+1Gwco6sY5k6Zs/Fl2VdFVFBiqtqd8RO1wltC4XK1JrEKHp3L3d mADBUgOZHWRNcVNvCLwO59/9hmViQMhwRh1M7Lh1EqhDCfCOuN+2f/rexPDPB7a8 hu9fn4e18Aexc9naqr/JpJxYL+zfbDJgy04ms/2iqR94mQVFd/ON7DtNgfnkfbCB HXInjHkzTpCxFw8otbPIY2A9aXH1PeT1jNB6oQWF0cJv8WpSw4AV1xU3GaPw323g 4eG0BJ9RlR3cpfvcOQEdvZoaOvZdIgPGM2TvcbHPTjQ7kXYaFlYyCsA7jpwE4aWW WnYkiY4it9vZi2kmoYNOZbnB7m/w1AA5JmLBkXaNLTHDLU/Lm8YodPirDM9gjae5 3HZLZnmjjZHC0swahD8J8D0XfxwZvonee07pEFKhbL+/pjbs2TeSivOhIwTp9VVo 7KROY+DZ08ZtOkS8mIsHy91+Uh+Wlg== =7EHh -END PGP SIGNATURE-
Bug#986456: chromium: Could not unzip extension on armhf
control: severity -1 minor control: forwarded -1 http://crbug.com/1060925 Daniel Thompson wrote: > 1. Install chromium > 2. Navigate to https://chrome.google.com/webstore > 3. Try to install an extension (I tested primarily with bitwarden >but I also checked a couple of "random" ones from the suggestions >list (Zoom, Dark Mode, Visor and saw the same results). > 4. Chromium reports "An error has occured: Could not unzip extension". Could you try a version of chromium before 67? This may be a known upstream bug [0]. Best wishes, Mike [0] http://crbug.com/1060925
Bug#980020: chromium: "undefined command" when printing to postscript printer
control: tag -1 moreinfo control: severity -1 minor Karl O. Pinc wrote: > Package: chromium > Version: 87.0.4280.88-0.4~deb10u1 > Severity: normal > > I find that trying to print to a postscript printer with chromium > prints instead: > > ERROR NAME; >undefined > COMMAND; >Invalid > OPERAND STACK; > > This did not always happen, but seems to be due to a security update. Are the latest chromium stable updates affected by this? The 87.0.4280.88-0.4~deb10u1 security upload was built incorrectly. Best wishes, Mike
Bug#988246: wine-development: not intended for a stable release
package: src:wine-development severity: serious This package is not intended to be released in a debian stable release. This bug serves to prevent migration of the package to testing. Best wishes, Mike
Bug#988246: wine-development: not intended for a stable release
package: src:wine-development severity: serious This package is not intended to be released in a debian stable release. This bug serves to prevent migration of the package to testing. Best wishes, Mike
Bug#988246: wine-development: not intended for a stable release
package: src:wine-development severity: serious This package is not intended to be released in a debian stable release. This bug serves to prevent migration of the package to testing. Best wishes, Mike
Bug#973240: chromium: APNGs flicker
control: severity -1 minor control: forwarded -1 http://crbug.com/1142228 control: retitle -1 chromium: APNGs flicker when built with system libpng This is only a problem when chromium is built using the libpng shared system library. Best wishes, Mike
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b2754f2 by Michael Gilbert at 2021-05-04T02:59:20+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[03 May 2021] DSA-4911-1 chromium - security update
+ {CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230
CVE-2021-21231 CVE-2021-21232 CVE-2021-21233}
+ [buster] - chromium 90.0.4430.93-1~deb10u1
[02 May 2021] DSA-4910-1 libimage-exiftool-perl - security update
{CVE-2021-22204}
[buster] - libimage-exiftool-perl 11.16-1+deb10u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
condor
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2754f2c5a86c2870ec9faaa6dcf8a1bde2b057
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b2754f2c5a86c2870ec9faaa6dcf8a1bde2b057
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DSA 4906-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4906-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 27, 2021https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue. CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions. CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit. CVE-2021-21204 Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a use-after-free issue in Blink/Webkit. CVE-2021-21205 Alison Huffman discovered a policy enforcement error. CVE-2021-21207 koocola and Nan Wang discovered a use-after-free in the indexed database. CVE-2021-21208 Ahmed Elsobky discovered a data validation error in the QR code scanner. CVE-2021-21209 Tom Van Goethem discovered an implementation error in the Storage API. CVE-2021-21210 @bananabr discovered an error in the networking implementation. CVE-2021-21211 Akash Labade discovered an error in the navigation implementation. CVE-2021-21212 Hugo Hue and Sze Yui Chau discovered an error in the network configuration user interface. CVE-2021-21213 raven discovered a use-after-free issue in the WebMIDI implementation. CVE-2021-21214 A use-after-free issue was discovered in the networking implementation. CVE-2021-21215 Abdulrahman Alqabandi discovered an error in the Autofill feature. CVE-2021-21216 Abdulrahman Alqabandi discovered an error in the Autofill feature. CVE-2021-21217 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21218 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21219 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21221 Guang Gong discovered insufficient validation of untrusted input. CVE-2021-21222 Guang Gong discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21223 Guang Gong discovered an integer overflow issue. CVE-2021-21224 Jose Martinez discovered a type error in the v8 javascript library. CVE-2021-21225 Brendon Tiszka discovered an out-of-bounds memory access issue in the v8 javascript library. CVE-2021-21226 Brendon Tiszka discovered a use-after-free issue in the networking implementation. For the stable distribution (buster), these problems have been fixed in version 90.0.4430.85-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmCIvYEACgkQmD40ZYkU ayg9fCAAjphN4kZAOT12EphLMxc0GLIgweQjU9fg9kWba4JlkqevuhI87qfBb1xn ENC4pz6CDpWExt2qFuSPxHDE88B2EcHVKiCHgKPN4Lxwjd7/WNCskhlOyvEwVDW1 +vylgXzwFem/8aJWSms3Iun/VBpVV0/c9XFTcTzzJtqPaddnQyh2EO1sJJy9sa1R r030G/KBJtWk3Ng7eoqCZi1ecj+Dnp2YIEXkjruDYo2oX545qsCEkQDFJcpOcApD oB9g4B696apIhb44th94WjCgfIEGsbNd1b8AKvc/KNNL6vuBH3HGQD0kntOINOXG xOPEVPWT60jywYfaW6FUxsi/n5TzS3QhTZwymoDD/DiN2RMEx46SaPTo+bjhv54X JW0avcqXA2qvR5XPb+Y/wqe/XGWg8YOHU+sTXJ58qWZ/q35MK3u7yjpODIXAWSJS GymgwV7d+T6nl2WIHv9Lmg5M0Dm2qhWtkMss1OdKbYiBqmmYjndZZZByxtMbv+e6 7/2/uyu3iHOC6MLnnCP2Dq9ccXMILsC8TrYkg5tciKRoWAvP/v9z04HXWteM/7zI 6D3u1ZUarSJZPImBOJoqz/1p5rlWSN121jCHyP75a0I62UxU11E36UBQhOS6MAPb fXj06hkRRZs9pNXBGpBvy9bHRtmtRGm8PfGNUEzCEhwP5CW4YOvjXgV9SqPAJX5i UitrTmnsTLC4UNjKzoZBXSw+uM/Cw61088vR8IDzT/CsqI8kM400L0o1gNhU0ozZ GiKzF1Ay/8eFUL7Olt7kUqeinkgc4TidKOsl6DMvOjQBhsK6MtqK4YcHfJ/fRlix gTWYjbe1leT2ViMRO51E3DjrkPfoFqfqTw4M2V1ba30Gfhy/tFLiIzq5ROnO4eWu iIviq6rrvCgIKdNg7iNTkws+GoVann+aqnqsYkpO/q+xI2YoxSkDfat+lqbvi4ii HLzqOD/JeeODu7IjfEga95iGAEEgpCzWuraYJpjoqM37NV6uFrRTiUyuQOHJGcCG nC6tQK6WZQ9t1V8hV5Sy0DjgmshY61XyYqwawUxzmlhltYsJ3kQbj2+rrtCsJc4p ePosM1+FvwtE
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14f592e0 by Michael Gilbert at 2021-04-28T01:45:33+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[27 Apr 2021] DSA-4906-1 chromium - security update
+ {CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204
CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210
CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215
CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21221
CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226}
+ [buster] - chromium 90.0.4430.85-1~deb10u1
[27 Apr 2021] DSA-4905-1 shibboleth-sp - security update
{CVE-2021-31826}
[buster] - shibboleth-sp 3.0.4+dfsg1-1+deb10u2
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
condor
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f592e06678a5599622c210f9d7b1d0d1bf9900
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14f592e06678a5599622c210f9d7b1d0d1bf9900
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DSA 4886-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4886-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 06, 2021https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 Several vulnerabilites have been discovered in the chromium web browser. CVE-2021-21159 Khalil Zhani disocvered a buffer overflow issue in the tab implementation. CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio. CVE-2021-21161 Khalil Zhani disocvered a buffer overflow issue in the tab implementation. CVE-2021-21162 A use-after-free issue was discovered in the WebRTC implementation. CVE-2021-21163 Alison Huffman discovered a data validation issue. CVE-2021-21165 Alison Huffman discovered an error in the audio implementation. CVE-2021-21166 Alison Huffman discovered an error in the audio implementation. CVE-2021-21167 Leecraso and Guang Gong discovered a use-after-free issue in the bookmarks implementation. CVE-2021-21168 Luan Herrera discovered a policy enforcement error in the appcache. CVE-2021-21169 Bohan Liu and Moon Liang discovered an out-of-bounds access issue in the v8 javascript library. CVE-2021-21170 David Erceg discovered a user interface error. CVE-2021-21171 Irvan Kurniawan discovered a user interface error. CVE-2021-21172 Maciej Pulikowski discovered a policy enforcement error in the File System API. CVE-2021-21173 Tom Van Goethem discovered a network based information leak. CVE-2021-21174 Ashish Guatam Kambled discovered an implementation error in the Referrer policy. CVE-2021-21175 Jun Kokatsu discovered an implementation error in the Site Isolation feature. CVE-2021-21176 Luan Herrera discovered an implementation error in the full screen mode. CVE-2021-21177 Abdulrahman Alqabandi discovered a policy enforcement error in the Autofill feature. CVE-2021-21178 Japong discovered an error in the Compositor implementation. CVE-2021-21179 A use-after-free issue was discovered in the networking implementation. CVE-2021-21180 Abdulrahman Alqabandi discovered a use-after-free issue in the tab search feature. CVE-2021-21181 Xu Lin, Panagiotis Ilias, and Jason Polakis discovered a side-channel information leak in the Autofill feature. CVE-2021-21182 Luan Herrera discovered a policy enforcement error in the site navigation implementation. CVE-2021-21183 Takashi Yoneuchi discovered an implementation error in the Performance API. CVE-2021-21184 James Hartig discovered an implementation error in the Performance API. CVE-2021-21185 David Erceg discovered a policy enforcement error in Extensions. CVE-2021-21186 dhirajkumarnifty discovered a policy enforcement error in the QR scan implementation. CVE-2021-21187 Kirtikumar Anandrao Ramchandani discovered a data validation error in URL formatting. CVE-2021-21188 Woojin Oh discovered a use-after-free issue in Blink/Webkit. CVE-2021-21189 Khalil Zhani discovered a policy enforcement error in the Payments implementation. CVE-2021-21190 Zhou Aiting discovered use of uninitialized memory in the pdfium library. CVE-2021-21191 raven discovered a use-after-free issue in the WebRTC implementation. CVE-2021-21192 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation. CVE-2021-21193 A use-after-free issue was discovered in Blink/Webkit. CVE-2021-21194 Leecraso and Guang Gong discovered a use-after-free issue in the screen capture feature. CVE-2021-21195 Liu and Liang discovered a use-after-free issue in the v8 javascript library. CVE-2021-21196 Khalil Zhani discovered a buffer overflow issue in the tab implementation. CVE-2021-21197 Abdulrahman Alqabandi discovered a buffer overflow issue in the tab implementation. CVE-2021-21198
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b42e575 by Michael Gilbert at 2021-04-06T13:34:50+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[06 Apr 2021] DSA-4886-1 chromium - security update
+ {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162
CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168
CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173
CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178
CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183
CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188
CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198
CVE-2021-21199}
+ [buster] - chromium 89.0.4389.114-1~deb10u1
[05 Apr 2021] DSA-4885-1 netty - security update
{CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612
CVE-2021-21290 CVE-2021-21295 CVE-2021-21409}
[buster] - netty 1:4.1.33-1+deb10u2
=
data/dsa-needed.txt
=
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
condor
--
-chromium
- Package was prepared by Michel Le Bihan (already uploaded), needd review for
DSA release
---
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b42e575970ab2a544933c78d7d86670865dda0b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: Bullseye plans for wine
On Thu, Feb 25, 2021 at 8:22 AM Sean Ho wrote: > it would be nice if maintainers make efforts to let wine-5.0 to > buster-backports first. Jens Reyer was solely responsible for wine's backports for a very long time. Since he has stepped back, there is no one currently pursuing this. > If making related new bug report are required, please let me know, thx. A bug report is not very useful. Someone interested in producing backport packages is what is needed. Best wishes, Mike
Re: Bullseye plans for wine
On Mon, Feb 22, 2021 at 7:34 AM Maxime Lombard wrote: > Do you think, after the freeze, to work on Wine-Staging at same time > than Wine-development ? I am willing to potentially sponsor someone else working on such a thing but can't commit to maintaining it myself. > I already try with wine-development-5.6 and i did some changes. > > This idea is to use wine-development as base, applied all Staging > patchset and finally refresh debian/* > > Wine-Staging on salsa gitlab : https://salsa.debian.org/Odelpasso/wine-staging Interesting, however a debian centric approach whould use multiple upstream source tarballs [0]. Best wishes, Mike [0]https://raphaelhertzog.com/2010/09/07/how-to-use-multiple-upstream-tarballs-in-debian-source-packages/
[SECURITY] [DSA 4858-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4858-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 19, 2021 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 Several vulnerabilities have been discovered in the chromium web browser. CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation. CVE-2021-21150 Woojin Oh discovered a use-after-free issue in the file downloader. CVE-2021-21151 Khalil Zhani discovered a use-after-free issue in the payments system. CVE-2021-21152 A buffer overflow was discovered in media handling. CVE-2021-21153 Jan Ruge discovered a stack overflow issue in the GPU process. CVE-2021-21154 Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21155 Khalil Zhani discovered a buffer overflow issue in the Tab Strip implementation. CVE-2021-21156 Sergei Glazunov discovered a buffer overflow issue in the v8 javascript library. CVE-2021-21157 A use-after-free issue was discovered in the Web Sockets implementation. For the stable distribution (buster), these problems have been fixed in version 88.0.4324.182-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmAwc/AACgkQmD40ZYkU ayhBuh//b8m6CI7rJyrqcrz+kZfrqLcTtYXv3o5GHPMW2yFDIikG8v3GfPoTfioP zEbkJjwaj50/jfGrIWFXOdvsXvSrwGOSOaEGujOkm6uKdRL/6WJfrIMmRfABylot dzYYeBhKQD9J3pfCAa9i3GG3HtH7QU8HnA/ixh+CHFbBfkgHqzVudPA9GoEtislq bH8hfjBM+WDYMv2Fjq3BmzFOiBne4SQXQDrOTYIjZ8yLEm6AsjvMoU/fe5kQx00M 6e7cePle65/QCMKk6ETxnuRBLA5FGdtuFtGaRKIv85J0gSzuZxyS/Ni6k0NiRZhr XznAVbNxcbB+J/EQBb1braWnRVjHEQxyaUZkPbDHD4GU2nOk99SM6gTlE9w0JW1Y pyXTgKj8osW3oJdNLYEjXxppt5VDiyBTnRkcAIvFzyfyVORPlxhT1CyUX4ZTig+6 lZQkgO4Los2kZY7vjAYS1+/BHh01x14+Z8Gywzr6+A1Pk2ccBr3TQOWJQLHtWYkR BOWKVUVzWl91DiznEGsnpQYcxhCjc4KhRk+NQjcI5m6IbmZ7CyN2oSlnIZDzCCyn EHrLMSYp0YYz+XygbdqrkxkliCdZn8X2H0e1xFBoS04yxAeNgY/3BySKUexHqW8O GJlRjKYaSXkEgaQfKliCjf3PIN7CY/OdtWMgnhNyykTOE8ufYk7JAmcvelHol1Wz 3I93lBt3jjGuv/wzbjiNgT14TC+Zj/iqOBkDD14qPDsYw7jL1mNxNprcFDJFV7Ox 0Vo/lzt6PMNdQdEcw0ArB47UvwtbaFq+CpPT/BmmNDbqjqgS6bxWPspNtnwYz1BS smFAfMO0fi2ZpaPORawL9ZDRw6L80zDGc9RBIRtTrHI1GfV80G1GRorJTqf0al0n TQmDHj2SSRZhZ7F43TYvUABO9UCzni6Ixr4SjEg7d7r3szSSKR/xFAEAkOq6YvAM sVIGgTOmKLsKtFzDGn0DgtBfF9oAKAnn4DV4V+NwKZwdSrupIbJGJMMfSF/j+xiq dEYItBYIFNQNdX6FuODZcfhAJxZ66iVQSwMNC+FvSsazyp73HKPwukveCSs6wnXg WzWDUSk8LyQlm43xDTwily7FViJfq45H6ZXLSnmSp8Lp3XuTFRBauyzls08tIoCk Fi6oExwdIvX2INZ4Z5N07iL0jZLzvQVDq8/KxRKUCpPR+f25fI+I+d9Kc89dODfc j9vPzWI0DCCpOtJNQYoN1zSsjP5c1VRdVZo0Nx3ptcmROMD7oj2UI/TLiiylXCil TDI8EEXwm0ucMRbNv0vk5SBhhw7xYP65MUx3kVvBZlJFCE77i+9GUZLsWXYOHPGr CjIYDti1IBO/aNh3sYiz8RqlkM4VAw== =Du/1 -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ccc58e0 by Michael Gilbert at 2021-02-20T02:25:17+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Feb 2021] DSA-4858-1 chromium - security update
+ {CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157}
+ [buster] - chromium 88.0.4324.182-1~deb10u1
[18 Feb 2021] DSA-4857-1 bind9 - security update
{CVE-2020-8625}
[buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u3
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ccc58e08bbf9cc6d1caf62abb9f3caff408d2d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ccc58e08bbf9cc6d1caf62abb9f3caff408d2d8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#982275: debianutils: add-shell depends on non-essential package
On Sat, Feb 13, 2021 at 5:01 AM Andreas Henriksson wrote: > > For systems where awk is not yet installed (chroots), installation of > > dash will currently fail since it's postinst calls add-shell from > > debianutils. > > Please share details about how to reproduce this situation! > > You say you don't have awk when dash postinst runs, but that would also > mean you don't have base-files (since it pre-depends on awk), which > means you're lacking essential packages while you're configuring > dash! > > Sounds to me like you're doing something very peculiar and likely > completely unsupported to be able to trigger this issue. Atleast I can't > think of any obvious way how to trigger it. Yes, I am doing something quite peculiar. I am trying to install the absolute minimal system possible, just enough to be able to run a shell (dash). In fact without even base-files. # mmdebstrap --verbose --variant=custom --include=sed,grep,libc-bin,dash,diffutils,coreutils unstable unstable [...] /usr/sbin/add-shell: 20: awk: not found Either another instance of /usr/sbin/add-shell is running, or it was previously interrupted. Please examine /etc/shells.tmp to see if it should be moved onto /etc/shells. dpkg: error processing package dash (--install): installed dash package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: dash I can add mawk to the list of packages to make it work, but that isn't quite so minimal ;) # mmdebstrap --verbose --variant=custom --include=sed,mawk,grep,libc-bin,dash,diffutils,coreutils unstable unstable > Replacing using awk with cat whenever possible sounds like a good thing > to do, so for the record I'm not against that. My skepticism is more > at why this is not a wishlist bug report (that would be much better to > adress early in a development cycle, rather than when we're already in > the bullseye freeze). Given the peculiarity and simple work around, I am ok with any severity. Best wishes, Mike
Bug#982275: debianutils: add-shell depends on non-essential package
On Sat, Feb 13, 2021 at 5:01 AM Andreas Henriksson wrote: > > For systems where awk is not yet installed (chroots), installation of > > dash will currently fail since it's postinst calls add-shell from > > debianutils. > > Please share details about how to reproduce this situation! > > You say you don't have awk when dash postinst runs, but that would also > mean you don't have base-files (since it pre-depends on awk), which > means you're lacking essential packages while you're configuring > dash! > > Sounds to me like you're doing something very peculiar and likely > completely unsupported to be able to trigger this issue. Atleast I can't > think of any obvious way how to trigger it. Yes, I am doing something quite peculiar. I am trying to install the absolute minimal system possible, just enough to be able to run a shell (dash). In fact without even base-files. # mmdebstrap --verbose --variant=custom --include=sed,grep,libc-bin,dash,diffutils,coreutils unstable unstable [...] /usr/sbin/add-shell: 20: awk: not found Either another instance of /usr/sbin/add-shell is running, or it was previously interrupted. Please examine /etc/shells.tmp to see if it should be moved onto /etc/shells. dpkg: error processing package dash (--install): installed dash package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: dash I can add mawk to the list of packages to make it work, but that isn't quite so minimal ;) # mmdebstrap --verbose --variant=custom --include=sed,mawk,grep,libc-bin,dash,diffutils,coreutils unstable unstable > Replacing using awk with cat whenever possible sounds like a good thing > to do, so for the record I'm not against that. My skepticism is more > at why this is not a wishlist bug report (that would be much better to > adress early in a development cycle, rather than when we're already in > the bullseye freeze). Given the peculiarity and simple work around, I am ok with any severity. Best wishes, Mike
Bug#963176: Additional information.
control: tag -1 -moreinfo control: severity -1 minor control: forwarded -1 https://bugs.winehq.org/show_bug.cgi?id=39439 On Mon, Jun 22, 2020 at 12:54 AM Gong S. wrote: > 10538.908:000a:000b:exception c005 in PE entry point > (proc=0x7b02d8c0,module=0x7b00,reason=PROCESS_ATTACH,res=0x32fb00) This error probably indicates that your wine installation path is mounted noexec. https://forum.winehq.org/viewtopic.php?t=2112 https://forum.winehq.org/viewtopic.php?t=7209 https://forum.winehq.org/viewtopic.php?f=2=20562 https://forum.endeavouros.com/t/setting-noexec-nodev-nosuid-mount-parameters-for-home-partition/7618 https://github.com/dnschneid/crouton/issues/528 Best wishes, Mike
Bug#963176: Additional information.
control: tag -1 -moreinfo control: severity -1 minor control: forwarded -1 https://bugs.winehq.org/show_bug.cgi?id=39439 On Mon, Jun 22, 2020 at 12:54 AM Gong S. wrote: > 10538.908:000a:000b:exception c005 in PE entry point > (proc=0x7b02d8c0,module=0x7b00,reason=PROCESS_ATTACH,res=0x32fb00) This error probably indicates that your wine installation path is mounted noexec. https://forum.winehq.org/viewtopic.php?t=2112 https://forum.winehq.org/viewtopic.php?t=7209 https://forum.winehq.org/viewtopic.php?f=2=20562 https://forum.endeavouros.com/t/setting-noexec-nodev-nosuid-mount-parameters-for-home-partition/7618 https://github.com/dnschneid/crouton/issues/528 Best wishes, Mike
Re: Bullseye plans for wine
On Sun, Feb 7, 2021 at 4:34 PM Maxime Lombard wrote: > No objection but why do not ship Wine-6.0 as stable version for > Bullseye instead of 5.0 ? Because milestone 1 in the freeze policy [0] requires no large/disruptive changes. Best wishes, Mike [0] https://release.debian.org/bullseye/freeze_policy.html
Bug#982275: debianutils: add-shell depends on non-essential package
package: src:debianutils
severity: serious
version: 4.11.2
tag: patch
debianutil's add-shell script uses awk, but awk is not an
Essential:yes package. For systems where awk is not yet installed
(chroots), installation of dash will currently fail since it's
postinst calls add-shell from debianutils.
A simple fix seems possible, just change add-shell to use cat, which
is in coreutils (Essential:yes). Proposed update attached.
Best wishes,
Mike
--- debianutils-4.11.2/add-shell 2020-05-22 20:00:40.0 -0400
+++ debianutils-4.11.3/add-shell 2021-02-07 21:47:27.0 -0500
@@ -17,7 +17,7 @@
}
trap cleanup EXIT
-if ! awk '{print}' "$file" > "$tmpfile"
+if ! cat "$file" > "$tmpfile"
then
cat 1>&2 <
Bug#982275: debianutils: add-shell depends on non-essential package
package: src:debianutils
severity: serious
version: 4.11.2
tag: patch
debianutil's add-shell script uses awk, but awk is not an
Essential:yes package. For systems where awk is not yet installed
(chroots), installation of dash will currently fail since it's
postinst calls add-shell from debianutils.
A simple fix seems possible, just change add-shell to use cat, which
is in coreutils (Essential:yes). Proposed update attached.
Best wishes,
Mike
--- debianutils-4.11.2/add-shell 2020-05-22 20:00:40.0 -0400
+++ debianutils-4.11.3/add-shell 2021-02-07 21:47:27.0 -0500
@@ -17,7 +17,7 @@
}
trap cleanup EXIT
-if ! awk '{print}' "$file" > "$tmpfile"
+if ! cat "$file" > "$tmpfile"
then
cat 1>&2 <
Bullseye plans for wine
Given some of the discussion on this list recently, it seems there is a need for plans to be clarified. My intent is for wine-development to no longer ship in stable releases. I don't see the value of a mid-cycle version of wine to be in debian stable any more. It made sense when the time between wine stable releases was very long, but that is no more. In conclusion, there is no objective to get wine-development ready in time for the freeze. Also, the plan is to ship wine 5 as the stable version of wine for bullseye. Work on wine 6 will pick up after the freeze. Best wishes, Mike
Re: Push vkd3d 1.2 to unstable
On Wed, Feb 3, 2021 at 3:34 PM Maxime Lombard wrote: > After the freeze, it will be possible to push the last version of vkd3d ? > This version is needed for >=wine-6.0 to use the Vulkan renderer with wined3d. The freeze is irrelevant. It could be pushed to experimental immediately if someone were inclined to do the work. Best wishes, Mike
Bug#982062: chromium: Google is limiting private api availability for all chromium builds
control: severity -1 minor On Sat, Feb 6, 2021 at 3:09 AM jim_p wrote: > This means that sync and some other features will stop working from that day > on > and users that use them will complain and file bug reports. None of this is relevant to running chromium as a web browser, which is its intended purpose. Best wishes, Mike
Bug#969557: chromium: "clear browsing data" never completes
On Fri, Sep 4, 2020 at 4:57 PM Rory Campbell-Lange wrote: > Kernel: Linux 5.7.0-3-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Chromium on tainted kernels is not supported. Best wishes, Mike
[SECURITY] [DSA 4846-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4846-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert February 07, 2021 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation. CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome. CVE-2021-21118 Tyler Nighswander discovered a data validation issue in the v8 javascript library. CVE-2021-21119 A use-after-free issue was discovered in media handling. CVE-2021-21120 Nan Wang and Guang Gong discovered a use-after-free issue in the WebSQL implementation. CVE-2021-21121 Leecraso and Guang Gong discovered a use-after-free issue in the Omnibox. CVE-2021-21122 Renata Hodovan discovered a use-after-free issue in Blink/WebKit. CVE-2021-21123 Maciej Pulikowski discovered a data validation issue. CVE-2021-21124 Chaoyang Ding discovered a use-after-free issue in the speech recognizer. CVE-2021-21125 Ron Masas discovered a policy enforcement issue. CVE-2021-21126 David Erceg discovered a policy enforcement issue in extensions. CVE-2021-21127 Jasminder Pal Singh discovered a policy enforcement issue in extensions. CVE-2021-21128 Liang Dong discovered a buffer overflow issue in Blink/WebKit. CVE-2021-21129 Maciej Pulikowski discovered a policy enforcement issue. CVE-2021-21130 Maciej Pulikowski discovered a policy enforcement issue. CVE-2021-21131 Maciej Pulikowski discovered a policy enforcement issue. CVE-2021-21132 David Erceg discovered an implementation error in the developer tools. CVE-2021-21133 wester0x01 discovered a policy enforcement issue. CVE-2021-21134 wester0x01 discovered a user interface error. CVE-2021-21135 ndevtk discovered an implementation error in the Performance API. CVE-2021-21136 Shiv Sahni, Movnavinothan V, and Imdad Mohammed discovered a policy enforcement error. CVE-2021-21137 bobbybear discovered an implementation error in the developer tools. CVE-2021-21138 Weipeng Jiang discovered a use-after-free issue in the developer tools. CVE-2021-21139 Jun Kokatsu discovered an implementation error in the iframe sandbox. CVE-2021-21140 David Manouchehri discovered uninitialized memory in the USB implementation. CVE-2021-21141 Maciej Pulikowski discovered a policy enforcement error. CVE-2021-21142 Khalil Zhani discovered a use-after-free issue. CVE-2021-21143 Allen Parker and Alex Morgan discovered a buffer overflow issue in extensions. CVE-2021-21144 Leecraso and Guang Gong discovered a buffer overflow issue. CVE-2021-21145 A use-after-free issue was discovered. CVE-2021-21146 Alison Huffman and Choongwoo Han discovered a use-after-free issue. CVE-2021-21147 Roman Starkov discovered an implementation error in the skia library. For the stable distribution (buster), these problems have been fixed in version 88.0.4324.146-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmAgOWAACgkQmD40ZYkU aygtGyAArkdhz8ru3JqXZGrt7jACotBh/lrS/U5piVuIpwViRCRaKRHtYq2HaSb0 //1heoKDmCreKZ1v1511sGFTlfNaHSgHm1Jlh+U/gnFAM2oSFbNZy2iT+TSJv8AP 7KJIF3Eifh+hDbPTgiRxJOIhWIpu+UpSLD5jYAz+xY0rHWE3QJubALC1vlqC2fRv zpv9zWpXZAXf4n15RjnKSr2iB7vKHiNCJQF+oLQeZIjGwYQP5lfgeza0QyZon33K JV7kCXOAy86PHd2q9IYXGT3VheGw9aPq6/fGdSOpIEwLSlawtoA4b2yQoI9OoDPO rd7BsY0x4jZqU6JtF4a2cTo6Pl3QJM49Chmcr1JMYJvShDvmYNcpt0ll6h53cYBM VOPKAMEHo8nns2wPwl
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ac34b79 by Michael Gilbert at 2021-02-07T19:04:31+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[07 Feb 2021] DSA-4846-1 chromium - security update
+ {CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119
CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124
CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129
CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134
CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139
CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144
CVE-2021-21145 CVE-2021-21146 CVE-2021-21147}
+ [buster] - chromium 88.0.4324.146-1~deb10u1
[03 Feb 2021] DSA-4845-1 openldap - security update
{CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229
CVE-2020-36230}
[buster] - openldap 2.4.47+dfsg-3+deb10u5
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac34b79abcd5a74dd76068d5b289be4fc8187e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ac34b79abcd5a74dd76068d5b289be4fc8187e7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Re: access to wine-team in salsa
On Tue, Nov 10, 2020 at 8:09 PM Phil Morrell wrote: > I have taken on the backport of faudio and subscribed to the team list, > please can you grant me access on salsa so that I can push the branch? Hi, Sorry for the delay. I've added you to the wine-team salsa group. Best wishes, Mike
[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-6558 is ios specific
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe5df2bd by Michael Gilbert at 2021-02-02T02:15:57+00:00
CVE-2020-6558 is ios specific
- - - - -
7dfbbc65 by Michael Gilbert at 2021-02-02T02:32:52+00:00
debian package not-affected by chromium installer issues
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -51313,8 +51313,7 @@ CVE-2020-16008 (Stack buffer overflow in WebRTC in
Google Chrome prior to 86.0.4
[stretch] - chromium (see DSA 4562)
CVE-2020-16007 (Insufficient data validation in installer in Google Chrome
prior to 86 ...)
{DSA-4824-1}
- - chromium 87.0.4280.88-0.1
- [stretch] - chromium (see DSA 4562)
+ - chromium (debian package disables the installer)
CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to
86.0.4240 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
@@ -77436,8 +77435,7 @@ CVE-2020-6575 (Race in Mojo in Google Chrome prior to
85.0.4183.102 allowed a re
[stretch] - chromium (see DSA 4562)
CVE-2020-6574 (Insufficient policy enforcement in installer in Google Chrome
on OS X ...)
{DSA-4824-1}
- - chromium 87.0.4280.88-0.1
- [stretch] - chromium (see DSA 4562)
+ - chromium (debian package disables the installer)
CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to
85.0.4183 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
@@ -77499,8 +77497,7 @@ CVE-2020-6559 (Use after free in presentation API in
Google Chrome prior to 85.0
[stretch] - chromium (see DSA 4562)
CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on
iOS prio ...)
{DSA-4824-1}
- - chromium 87.0.4280.88-0.1
- [stretch] - chromium (see DSA 4562)
+ - chromium (ios specific)
CVE-2020-6557 (Inappropriate implementation in networking in Google Chrome
prior to 8 ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
@@ -77547,8 +77544,7 @@ CVE-2020-6547 (Incorrect security UI in media in Google
Chrome prior to 84.0.414
[stretch] - chromium (see DSA 4562)
CVE-2020-6546 (Inappropriate implementation in installer in Google Chrome
prior to 84 ...)
{DSA-4824-1}
- - chromium 87.0.4280.88-0.1
- [stretch] - chromium (see DSA 4562)
+ - chromium (debian package disables the installer)
CVE-2020-6545 (Use after free in audio in Google Chrome prior to 84.0.4147.125
allowe ...)
{DSA-4824-1}
- chromium 87.0.4280.88-0.1
@@ -111503,8 +111499,7 @@ CVE-2019-13703 (Insufficient policy enforcement in
the Omnibox in Google Chrome
[stretch] - chromium (see DSA 4562)
CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on
Windows ...)
{DSA-4562-1}
- - chromium 78.0.3904.87-1
- [stretch] - chromium (see DSA 4562)
+ - chromium (debian package disables the installer)
CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior
to 78.0. ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
=
data/DSA/list
=
@@ -62,7 +62,7 @@
{CVE-2020-24386 CVE-2020-25275}
[buster] - dovecot 1:2.3.4.1-5+deb10u5
[01 Jan 2021] DSA-4824-1 chromium - security update
- {CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514
CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519
CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529
CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534
CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539
CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544
CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549
CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554
CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6558 CVE-2020-6559
CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564
CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569
CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575
CVE-2020-6576 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962
CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967
CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982
CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE
[Git][security-tracker-team/security-tracker][master] CVE-2019-8075 is specific to Adobe Flash
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5f923bc by Michael Gilbert at 2021-02-02T02:07:30+00:00
CVE-2019-8075 is specific to Adobe Flash
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -62,7 +62,7 @@
{CVE-2020-24386 CVE-2020-25275}
[buster] - dovecot 1:2.3.4.1-5+deb10u5
[01 Jan 2021] DSA-4824-1 chromium - security update
- {CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513
CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518
CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523
CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528
CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533
CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538
CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543
CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548
CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553
CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6558
CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563
CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568
CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574
CVE-2020-6575 CVE-2020-6576 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961
CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976
CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981
CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986
CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991
CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002
CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007
CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013
CVE-2020-16014 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018
CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023
CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028
CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033
CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038
CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042}
+ {CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514
CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519
CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529
CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534
CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539
CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544
CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549
CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554
CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6558 CVE-2020-6559
CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564
CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569
CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6574 CVE-2020-6575
CVE-2020-6576 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962
CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967
CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972
CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982
CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003
CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16007 CVE-2020-16008
CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014
CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 CVE-2020-16019
CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024
CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029
CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034
CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039
CVE-2020-16040 CVE-2020-16041 CVE-2020-16042}
[buster] - chromium 87.0.4280.88-0.4~deb10u1
[01 Jan 2021] DSA-4823-1 influxdb - security update
{CVE-2019-20933}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit
Bug#972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
On Tue, Dec 22, 2020 at 3:45 AM Michel Le Bihan wrote: > I my NMU 87.0.4280.88-0.2 has just been uploaded to unstable and I'm > interested in joining and helping with the package. My work is in > https://salsa.debian.org/mimi8/chromium/ . Please also see the > discussion under > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973848 . Hi Michel, Thank you for helping out with the package over the past couple months. Clearly I have not had time lately. I just added you to the salsa group. Please feel free to add yourself as an uploader. Best wishes, Mike
Bug#972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
On Tue, Dec 22, 2020 at 3:45 AM Michel Le Bihan wrote: > I my NMU 87.0.4280.88-0.2 has just been uploaded to unstable and I'm > interested in joining and helping with the package. My work is in > https://salsa.debian.org/mimi8/chromium/ . Please also see the > discussion under > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973848 . Hi Michel, Thank you for helping out with the package over the past couple months. Clearly I have not had time lately. I just added you to the salsa group. Please feel free to add yourself as an uploader. Best wishes, Mike
[SECURITY] [DSA 4714-3] chromium regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4714-3 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 13, 2020 https://www.debian.org/security/faq - - Package: chromium Debian Bug : 963548 The previous update for chromium released as DSA 4714-2 contained a flaw in the service worker implementation. This problem causes the browser to crash when a connection error occurs. Updated chromium packages are now available that correct this issue. For the stable distribution (buster), this problem has been fixed in version 83.0.4103.116-1~deb10u3. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl8MQ+gACgkQmD40ZYkU ayhA0R/+JjN3skUjyca8cLvH+Tiof/cRKkebVIzlXeX5eqNWc/YlC4TDiw3nKW7W yMOzUbGjh5p4GzBTHd3WD8p+M3WIcGlhQYCLe+KxsSvzeDnn4JIpFB+VYtGcrBlV 2vnlZGs8CCn1q8tkkDaPug54B/hY01b1Pmg3/vS7Fg+qCli+4YV/klqp6mPxPRNd dE6f/M3uZgM5of1/JsCbMFbtmRVjx2HCea596zDYG2doE82DGnAlBJulrtZc8Iu8 jAYeh/i7O/v4vZaQObzd2JB5QZDGGN1rT+ZvUQSZrn66/QdXSjufN/RVszyFCEVH pcEzBSMXetkSD2q97l7mGYbmQBi8fI5X9w5voNe/2vnM7+RrcMMpx/a/UMkVPTed rwqEZETi39EiRIMLgBNUJP/2wZHd50JPK6A/Wzwybj9SC8UqEXTPNDknblQh3g5e tC667uPvBBxvlVUANzt0ziSytroRFZF2CkJ5u+jVY+Cb7vUUo800kThh4f4PkPV7 Rikl/+AbaaHjnT3ZZbaPFoTmOsatk0KqAs6P8E1eSC60H/RS7WIJ0pKwH0SasasR f1knUdj6BqXNLnjKNsLhIVMYIgR4pZcuxUiz82DI+YSYJS+QKZHtVp2yfT+1ZLWf zHqcOuj/BTP2T0D5EgIhjmu6TzbNZrB82ZLML39La1e3JmQIGG//HpVmZI7/0IgO VADVvZW4c44M5x+9It0jRGlDekvvWhbl7SFgw+MpkubO3zScAEef+dddRJ3irCsR Ggvozd/RaLCtdQ/FRylPD43Rz19faWu0XhNdmnw0o/lt7dgPm9bxxVfE2GE84J34 Okwo0eOqZj+0CYzfRF5huZYozSCz2Mei6GQggu5SFkAhWz/MG/11DSLtHXusVbUe c/wo1AzMcD+ixSVc3Rv0vYIwtSYj+hnEy6KK38OEO0YokagE55WeC71nDyKBleId rQaB97eklQLp1Mf+ne96MriI343VId5f818UPoFVCw1Nes2Rsu3JVYTPTBZliRVP 2wmiBtiP93rTL5E2YIqgs3k6EwdwthksUbbm+ksJMSXrw62aFnk36h278dS/RayY 2z59RfNOUx+XflV/AuqxYdjnbiyCxa9snVqxYR5T8I6ezCs9r8ukmxCsR3Pj3S52 MjrIbbAUuKH8aWEEDcOJDcrv8O3j9YNffIL2LSjLjxvTt8A0/SsEYRkReghNfYPJ Igh6wlBi5CXOjPsU8fMH0X1PwOSP25qr0yY4pOp6A1OW4MGJp/yQK6bLUKnE8Xq2 iVUODsI2lK4Wpc1N+FGYIbDU9yfI/Qk4z9jtR1zqQjAQXVejd2EuuNm+v0FJn4gx s3yyCr7tuRTTJGhie2rVQBz6TJzGzQ== =MScf -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] chromium regression
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e521b177 by Michael Gilbert at 2020-07-13T11:25:14+00:00
chromium regression
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,5 @@
+[13 Jul 2020] DSA-4714-3 chromium - regression update
+ [buster] - chromium 83.0.4103.116-1~deb10u3
[12 Jul 2020] DSA-4723-1 xen - security update
{CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742
CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 CVE-2020-15566
CVE-2020-15567}
[buster] - xen 4.11.4+24-gddaaccbbab-1~deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e521b1775606be236abd5e929b02b3e5751941cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e521b1775606be236abd5e929b02b3e5751941cd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[SECURITY] [DSA 4714-2] chromium regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4714-2 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 04, 2020 https://www.debian.org/security/faq - - Package: chromium Debian Bug : 964145 The previous update for chromium released as DSA 4714-1 was mistakenly built without compiler optimizations. This caused high CPU load and frequent crashes. Updated chromium packages are now available that correct this issue. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), this problem has been fixed in version 83.0.4103.116-1~deb10u2. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl8BO8IACgkQmD40ZYkU ayifGR//dd8y4yK0J0kQ9c02SnpLJR9jHO9GSgG70alyNbXj0AYde7Ky6bn72KG8 D1TkZgVoGs74+zVPhRV7vOfJ58tTD6U3zqKJme+rF/YQ0FceeGTT/+TgwHuUub9P lNBvEeGcyesl72ncEpa8QEDgexHH3lV3pwxqJe/Ri8kl6uWc3GqapVFf4H6+NIVW BX8eNITG7/Rdo26RXSExAzQG2sL2x4P2HESUnhIlKIuHT3YlayllJpDHeb8FTipo WiuKJYIx3tJHj94dlgkp3CI4I+rn+3IGabRK4QIuknaNNGldDLHpDYhL6BYxnJSw 6qVl3IJ1cKwQ4b3thrSC7n2W6eta3eZTpEHlbfsdGQhzAn80pwJIEulY94jrESAH vttdu/llEzWLFztwNoG751HLxV+mWVJ+8zj5Qu3reCumSsG91I+KCSE786jSW3Fv L6mLZH62Oh0jSOB+WWVEqh6IxPi6dJKKElqpzBZNuMk+0mVNmT/Uo839zzFjZvcr Wewm0Z+hkW5Z5voTFT5e+WidObeZg4REqkaN32a4fuyp0wCWVCw2kWUknUzIblN1 0S/GVhsXNOKGcmOfYxlRMEliL0yl0CQhIc618w4ORWths0YOsDPyODjTuH/YEajT 5+lYtE74rW7eMil4WnRX2cyYnCwhbJjiHQCWRtNIy4Zfw7qS6BiPjaHzRpaRWm+C nEilBA7W5Eu1qEu2IwNOcPGYMX2ChQgI8Y6sNyZuNhlIKgY7lO/UYkYpXGmkTlKC LlOeUKkH47/0bAqQwJ4ASDMpcainsJX8uGZWzn+ozPXls84NWdhdWwRmGyhr15nB XKhvATg+7YDr8/WAKuDIkjT8YkugWwZ6n5uV7WbGCD0AV5jKsFqD5HCXz8EOoSAI LrhQhPjPGq3T8dCzvKPSf3E0BpKk4mTB2lnujx6XNovwSAq4d1oGBLM+9hweETzj whBvqQL+G66yrbFgsyUnxCsw8dH3g12bub8gvL4tMrhBa223s3+GicnN7ewVftER ZjyWWLJPsKrfE5kWa3f2NyiG+20IJeVGEZmcoDXdOGeMi5lY8jYH6WGI/X6JnMzu 8TlkQe0FYZBLXnp/8kXprbGsQjaG3tbD6iORQGUMIoi8VcrM6ot5IMRfdE57LMkh hdsg0EDK1i2sUWuu6U2MzGLGsXKKDyEA+Y9lrSohP8pf1kWz4ogMgPxapqkA/xWc 9r1NJgsMpLItHm9v1NycZG9Mu74hfg8k1WODK1bYMoPoe2c/6dWjLHw3CJKVX+S4 evYnWTK2Y0c99VTvk40Tj5uKsw/ZfjLkWyfMyJvqSsWQNXMxSRDBs3JyB1PH7FLh 7zt9MdiUDHk1kvs2eFV8Q2tx6Mc6QQ== =JPcp -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] chromium regression
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
32751dd9 by Michael Gilbert at 2020-07-05T02:30:03+00:00
chromium regression
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,5 @@
+[04 Jul 2020] DSA-4714-2 chromium - regression update
+ [buster] - chromium 83.0.4103.116-1~deb10u2
[02 Jul 2020] DSA-4716-1 docker.io - security update
{CVE-2020-13401}
[buster] - docker.io 18.09.1+dfsg1-7.1+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32751dd961f679d34e3bd287e6af59df5a82b2d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32751dd961f679d34e3bd287e6af59df5a82b2d0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#964177: chromium: high cpu load and frequent crashes
On Fri, Jul 3, 2020 at 3:39 AM Alexis Huxley wrote: > I've got Debian 10 and apply nightly updates as they become > available. I was running chromium version 80.0.3987.162 but > that was upgraded to 83.0.4103.116 a couple of nights ago. Since > then CPU load at page load time is very high, the interface is > generally sluggish and it crashes several times per day. The latest buster version was mistakenly built without optimization. I am working on an update. Best wishes, Mike
[SECURITY] [DSA 4714-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4714-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert July 01, 2020 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831 Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-6423 A use-after-free issue was found in the audio implementation. CVE-2020-6430 Avihay Cohen discovered a type confusion issue in the v8 javascript library. CVE-2020-6431 Luan Herrera discovered a policy enforcement error. CVE-2020-6432 Luan Herrera discovered a policy enforcement error. CVE-2020-6433 Luan Herrera discovered a policy enforcement error in extensions. CVE-2020-6434 HyungSeok Han discovered a use-after-free issue in the developer tools. CVE-2020-6435 Sergei Glazunov discovered a policy enforcement error in extensions. CVE-2020-6436 Igor Bukanov discovered a use-after-free issue. CVE-2020-6437 Jann Horn discovered an implementation error in WebView. CVE-2020-6438 Ng Yik Phang discovered a policy enforcement error in extensions. CVE-2020-6439 remkoboonstra discovered a policy enforcement error. CVE-2020-6440 David Erceg discovered an implementation error in extensions. CVE-2020-6441 David Erceg discovered a policy enforcement error. CVE-2020-6442 B@rMey discovered an implementation error in the page cache. CVE-2020-6443 @lovasoa discovered an implementation error in the developer tools. CVE-2020-6444 mlfbrown discovered an uninitialized variable in the WebRTC implementation. CVE-2020-6445 Jun Kokatsu discovered a policy enforcement error. CVE-2020-6446 Jun Kokatsu discovered a policy enforcement error. CVE-2020-6447 David Erceg discovered an implementation error in the developer tools. CVE-2020-6448 Guang Gong discovered a use-after-free issue in the v8 javascript library. CVE-2020-6454 Leecraso and Guang Gong discovered a use-after-free issue in extensions. CVE-2020-6455 Nan Wang and Guang Gong discovered an out-of-bounds read issue in the WebSQL implementation. CVE-2020-6456 Michał Bentkowski discovered insufficient validation of untrusted input. CVE-2020-6457 Leecraso and Guang Gong discovered a use-after-free issue in the speech recognizer. CVE-2020-6458 Aleksandar Nikolic discoved an out-of-bounds read and write issue in the pdfium library. CVE-2020-6459 Zhe Jin discovered a use-after-free issue in the payments implementation. CVE-2020-6460 It was discovered that URL formatting was insufficiently validated. CVE-2020-6461 Zhe Jin discovered a use-after-free issue. CVE-2020-6462 Zhe Jin discovered a use-after-free issue in task scheduling. CVE-2020-6463 Pawel Wylecial discovered a use-after-free issue in the ANGLE library. CVE-2020-6464 Looben Yang discovered a type confusion issue in Blink/Webkit. CVE-2020-6465 Woojin Oh discovered a use-after-free issue. CVE-2020-6466 Zhe Jin discovered a use-after-free issue. CVE-2020-6467 ZhanJia Song discovered a use-after-free issue in the WebRTC implementation. CVE-2020-6468 Chris Salls and Jake Corina discovered a type confusion issue in the v8 javascript library. CVE-2020-6469 David Erceg discovered a policy enforcement error in the developer tools. CVE-2020-6470 Michał Bentkowski discovered insufficient validation of untrusted input. CVE-2020-6471 David
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4995bed by Michael Gilbert at 2020-07-02T01:54:28+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[01 Jul 2020] DSA-4714-1 chromium - security update
+ {CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433
CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438
CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443
CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448
CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458
CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463
CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473
CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479
CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484
CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495
CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506
CVE-2020-6507 CVE-2020-6509 CVE-2020-6831}
+ [buster] - chromium 83.0.4103.116-1~deb10u1
[01 Jul 2020] DSA-4713-1 firefox-esr - security update
{CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420
CVE-2020-12421}
[stretch] - firefox-esr 68.10.0esr-1~deb9u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
docker.io (jmm)
Packages rejected due to Built-Using on golang-github-prometheus-common,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4995bed446dc18d41eb13dadcc18d620dfc8bcd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4995bed446dc18d41eb13dadcc18d620dfc8bcd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#963176: Additional information.
On Mon, Jun 22, 2020 at 12:54 AM Gong S. wrote: > The output is attached. Based on the trace, one of the places wine finds kernelbase.dll on your system is Z:\\usr\\home\\root\\kernelbase.dll. Could this be an out of date version of the dll? > I also used the root account with no ".wine" directory, so it should be > considered clean. It's not a great idea to run wine as root. Best wishes, Mike
Bug#956499: MESA-LOADER: failed to open i915
On Sun, Apr 12, 2020 at 12:18 AM 積丹尼 Dan Jacobson wrote:
> I'm now seeing
>
> MESA-LOADER: failed to retrieve device information
> MESA-LOADER: failed to open i915 (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> driver: i915
> MESA-LOADER: failed to open kms_swrast (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> driver: kms_swrast
> MESA-LOADER: failed to open swrast (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> swrast driver
These messages are output by mesa, so this is most likely a problem
with support for your hardware.
Best wishes,
Mike
Bug#956499: MESA-LOADER: failed to open i915
On Sun, Apr 12, 2020 at 12:18 AM 積丹尼 Dan Jacobson wrote:
> I'm now seeing
>
> MESA-LOADER: failed to retrieve device information
> MESA-LOADER: failed to open i915 (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> driver: i915
> MESA-LOADER: failed to open kms_swrast (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> driver: kms_swrast
> MESA-LOADER: failed to open swrast (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> swrast driver
These messages are output by mesa, so this is most likely a problem
with support for your hardware.
Best wishes,
Mike
Bug#963548: Received signal 11 SEGV_MAPERR
control: tag -1 moreinfo On Tue, Jun 23, 2020 at 10:27 AM 積丹尼 Dan Jacobson wrote: > Received signal 11 SEGV_MAPERR 7f0168b7a277 > #0 0x55e2011c3bf9 (/usr/lib/chromium/chromium+0x52b3bf8) > #1 0x55e201122e83 (/usr/lib/chromium/chromium+0x5212e82) > #2 0x55e2011c3781 (/usr/lib/chromium/chromium+0x52b3780) > #3 0x7f168c517110 (/lib/x86_64-linux-gnu/libpthread-2.30.so+0x1410f) > #4 0x7f16877e8d3c (/lib/x86_64-linux-gnu/libc-2.30.so+0x85d3b) > #5 0x7f16877eaf33 (/lib/x86_64-linux-gnu/libc-2.30.so+0x87f32) > #6 0x7f16877ecbf9 __libc_malloc > #7 0x55e2011db94e operator new() > #8 0x7f1687a73a2c std::__cxx11::basic_string<>::reserve() > #9 0x7f1687a69498 std::__cxx11::basic_stringbuf<>::overflow() > #10 0x7f1687a7204a std::basic_streambuf<>::xsputn() > #11 0x7f1687a64714 std::__ostream_insert<>() > #12 0x55e2011c3cc9 (/usr/lib/chromium/chromium+0x52b3cc8) > ... > #46 0x7f168b2cd24f event_base_loop > #47 0x55e2011e1421 (/usr/lib/chromium/chromium+0x52d1420) > ... > #53 0x7f168c50bf27 start_thread > #54 0x7f168786031f clone Please attach a backtrace and the standard info that reportbug generates. Otherwise, this kind of report is not particularly useful. Best wishes, Mike
Bug#963176: Unable to run any programs due to kernelbase.dll failed to initialize.
control: tag -1 moreinfo control: severity -1 important On Fri, Jun 19, 2020 at 11:09 PM Gong S. wrote: > The current version of wine-development cannot launch any Windows programs, > including built-in ones like "winecfg" and "wineconsole". I am not able to reproduce this on i386. Is this on an arm system? Either way, can you provide relevant output from $ WINEDEBUG=+all winecfg-development Best wishes, Mike
Bug#963176: Unable to run any programs due to kernelbase.dll failed to initialize.
control: tag -1 moreinfo control: severity -1 important On Fri, Jun 19, 2020 at 11:09 PM Gong S. wrote: > The current version of wine-development cannot launch any Windows programs, > including built-in ones like "winecfg" and "wineconsole". I am not able to reproduce this on i386. Is this on an arm system? Either way, can you provide relevant output from $ WINEDEBUG=+all winecfg-development Best wishes, Mike
Bug#962481: Printing to PDF makes files twenty million times bigger
control: severity -1 minor control: forwarded -1 http://crbug.com/1087707 control: retitle -1 print to pdf font subsetting issue I am not able to reproduce this with 81.0.4044.92-1 following the instructions in comment #13 from the upstream bug report. I get a 500K pdf file with only DejaVuSans,DejaVuSansMono embedded, not WenQuanYiZenHei,WenQuanYiZenHeiMono. Is there anything else about your configuration that would be relevant? Best wishes, Mike
Bug#963080: chromium dies in libva
control: severity -1 important On Thu, Jun 18, 2020 at 12:48 PM Harald Dunkel wrote: > libva-x11-2 is version 2.7.1-1. nvidia-graphics-drivers is version 440.82-2. > I cannot reproduce this using google-chrome 83.0.4103.106-1. This is caused by ffmpeg 4.3, see #963035. Best wishes, Mike
Bug#958103: chromium: Non-editable shortcuts on the new tab page
control: tag -1 moreinfo control: severity -1 minor On Sat, Apr 18, 2020 at 9:30 AM jim_p wrote: > I found it yesterday, when I made a new shortcut using the plus (+) icon > there. > I spelled something wrong and now I can not edit it nor remove it :D I just tested this, and it works for me. I created a new shortcut, then clicked the ... menu overlaying the top right of the shortcut icon, then clicked the Remove button in the dialog that popped up. This behaved exactly as expected, the shortcut was removed. Best wishes, Mike
Bug#956499: MESA-LOADER: failed to open i915
control: tag -1 moreinfo
On Sun, Apr 12, 2020 at 12:18 AM Dan Jacobson wrote:
> MESA-LOADER: failed to retrieve device information
> MESA-LOADER: failed to open i915 (search paths
> /usr/lib/x86_64-linux-gnu/dri:\$${ORIGIN}/dri:/usr/lib/dri) failed to load
> driver: i915
Do you have the libgl1-mesa-dri package installed? chromium already
recommends this.
Best wishes,
Mike
[SECURITY] [DSA 4654-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4654-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert April 07, 2020https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-6450 Man Yue Mo discovered a use-after-free issue in the WebAudio implementation. CVE-2020-6451 Man Yue Mo discovered a use-after-free issue in the WebAudio implementation. CVE-2020-6452 asnine discovered a buffer overflow issue. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.162-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl6NS4oACgkQmD40ZYkU aygZkB/+IyENFm0PRk9c9xjSJIN+ue10N98xjMQVcgksGYhXxlLuJ4rkcYbcnPte blShhcxpo7Ee+rfyOFKLeIebFbEg1HQxgCp8PYCv4Tc6c5PjTt6YHgsQBM4evLGF sj7lMfoHSKJ8yBlRK5X6e1sOEl/wwvJwGTdaR4ko8V26Q83j2tTJWlOd7aKABsTB OhPP7cTb8byaTBWjdx4sCgVq8TmxZTcaSUoPriHAhCj+ofgD02qybVMy+Iez9HJS l6MW6g4YSsGECbaUrvPN2XBoo9WYO0tVz76OJ7TklM2cwRCd4vJ4AoktMTgH225Z ymMUnwmqSzY+Vg+xUHDXvErgzRJgjglPj9vEO1yknvK0LbBID1fRBXbHq4G1mZ+G +shKWLRRbRKlILT3/M8RQqHdMCANwKuiz01Bb1pG3qP5LYhWkq3xoX+SGCa3YQIi LqYKognq5rouHXUXP2kMIwUzGzr+4IZKpAs+XRdT2BDPK240y8neDoR651FCzwby B1TajGC12GOvTQNNw9PD7D0VGZ9jYVA8DFnvaCyLdoC8LNtu21TG92KHKSpnejit a8xBxtH+1AY74DqJgA1EOnDHZMe4+hCCShjzb3MivYDIb0hMVn5czRKehwzEklJ2 gOXnoW3T/Y4XT+J7e5cZ5MPLpRXlwiS/5ffNa0UnbTKs04G5q4iy1+IBN3j8XC8j YF027iDy/pkpWeI9APLL7VLLpwjk0GZcV7cKEdnrpzadwbS69yTaaNO2ehiyBHKH Y/vKJ3A7tU83D/PsPUiUoPf088N8sIMF95ZilTHOAJSoC3SoTB5hwbNzYzs+9ECl jIVS9FVqH/UCdt73RvQHiL6HqGublRw552hFoPY2WUjts+Wau9WiBcGSs6bwFHIw mWprA6hAeIYmjlRd52ocht911l2DbrT9JGSEMAz8UaNwInSCB+oW0sX4c1qS4MDt pnhjXcxAtluJxGkMIvXgEmnROqND4DYXM4ZxehIBjpM6pKcSZRzpMSI3HMRCArsk OPQfNOARL0jamqU8xH/6EWmqhLxTF92PTtJu3lx4gnk7bMY77STTQFcTlkNA3w9n v3s6pMtzZWdbHlc+4u3/Cn3E6MUt/nqeFnZiYWF8JDGonZxQguXeVNxgfVmFO9Ty L64ValuBciq8K5ckTzYKzUn/Nr+3jG7zI4yUFrXlBkgqENxCOY4yPcC+Q0DmKO8B 8CrFTWX59b9h9+e8nsHQ0EdKokDI61pyZtSSN1XmxYS0sFt0Aw+Pcp+29icpr3cC +L1Q4CUS5lEstH1lO4TN71E9wi4/IUjgZD4Zc/E8yvPIHfoH3LZgHibXw0JCwqxQ VEcVDKJrrO6qxdZdX7pgrl6FKTe1RA== =2+U5 -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fbc4d3a by Michael Gilbert at 2020-04-08T03:58:22+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[07 Apr 2020] DSA-4654-1 chromium - security update
+ {CVE-2020-6450 CVE-2020-6451 CVE-2020-6452}
+ [buster] - chromium 80.0.3987.162-1~deb10u1
[04 Apr 2020] DSA-4653-1 firefox-esr - security update
{CVE-2020-6819 CVE-2020-6820}
[stretch] - firefox-esr 68.6.1esr-1~deb9u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
firefox-esr (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbc4d3a104118822b2cc212f7fc17f1e6fe184e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fbc4d3a104118822b2cc212f7fc17f1e6fe184e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#956181: zlib: provide minizip binary packages
package: src:zlib
severity: wishlist
tags: patch
I've been maintaining minizip as a separate source package for the
last few years. It has become clear that the version included in
zlib/contrib is a more definitive upstream (zlib upstream has done
updates in recent years, minizip upstream has not), so it would make
more sense to provide minizip as part of src:zlib [0].
A few years ago, you were concerned about minizip's ABI changing too
much [1]. That does not seem to have happened. I diffed minizip 1.1
with the version in zlib/contrib. The meaningful changes are small
and there is no ABI difference.
Anyway, here is a patch for src:zlib that adds minizip binary
packages. Please let me know what you think.
Best wishes,
Mike
[0] http://bugs.debian.org/843617
[1] http://bugs.debian.org/574978
diff -Nru zlib-1.2.11.dfsg/debian/changelog zlib-1.2.11.dfsg/debian/changelog
--- zlib-1.2.11.dfsg/debian/changelog 2020-02-24 16:07:12.0 -0500
+++ zlib-1.2.11.dfsg/debian/changelog 2020-04-07 21:50:15.0 -0400
@@ -1,3 +1,9 @@
+zlib (1:1.2.11.dfsg-2.1) UNRELEASED; urgency=medium
+
+ * Build minizip packages.
+
+ -- Michael Gilbert Wed, 08 Apr 2020 01:50:15 +
+
zlib (1:1.2.11.dfsg-2) unstable; urgency=low
* Acknowledge previous NMUs (closes: #949388).
diff -Nru zlib-1.2.11.dfsg/debian/control zlib-1.2.11.dfsg/debian/control
--- zlib-1.2.11.dfsg/debian/control 2020-02-24 16:07:12.0 -0500
+++ zlib-1.2.11.dfsg/debian/control 2020-04-07 21:50:15.0 -0400
@@ -4,7 +4,7 @@
Maintainer: Mark Brown
Standards-Version: 3.9.8
Homepage: http://zlib.net/
-Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] , dpkg-dev (>= 1.16.1)
+Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] , dpkg-dev (>= 1.16.1), autoconf
Package: zlib1g
Architecture: any
@@ -118,3 +118,50 @@
This package should ONLY be used for building packages, users who do
not need to build packages should use multiarch to install the relevant
runtime.
+
+Package: minizip
+Section: utils
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Replaces:
+ zlib-bin,
+Conflicts:
+ zlib-bin,
+Description: compression library - minizip tools
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip and miniunzip tools.
+
+Package: libminizip1
+Architecture: any
+Multi-Arch: same
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: compression library - minizip library
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip library.
+
+Package: libminizip-dev
+Architecture: any
+Multi-Arch: same
+Section: libdevel
+Depends:
+ ${misc:Depends},
+ libminizip1 (= ${binary:Version})
+Replaces:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Breaks:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Description: compression library - minizip development files
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes development support files for the minizip library.
diff -Nru zlib-1.2.11.dfsg/debian/libminizip-dev.install zlib-1.2.11.dfsg/debian/libminizip-dev.install
--- zlib-1.2.11.dfsg/debian/libminizip-dev.install 1969-12-31 19:00:00.0 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip-dev.install 2020-04-07 21:50:15.0 -0400
@@ -0,0 +1,4 @@
+usr/include/minizip
+usr/lib/*/libminizip.a
+usr/lib/*/libminizip.so
+usr/lib/*/pkgconfig/minizip.pc
diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.install zlib-1.2.11.dfsg/debian/libminizip1.install
--- zlib-1.2.11.dfsg/debian/libminizip1.install 1969-12-31 19:00:00.0 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip1.install 2020-04-07 21:50:15.0 -0400
@@ -0,0 +1 @@
+usr/lib/*/libminizip.so.*
diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.symbols zlib-1.2.11.dfsg/debian/libminizip1.symbols
--- zlib-1.2.11.dfsg/debian/libminizip1.symbols 1969-12-31 19:00:00.0 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip1.symbols 2020-04-07 21:50:15.0 -0400
@@ -0,0 +1,68 @@
+libminizip.so.1 libminizip1 #MINVER#
+ LoadCentralDirectoryRecord@Base 1.1
+ Write_EndOfCentralDirectoryRecord@Base 1.1
+ Write_GlobalComment@Base 1.1
+ Write_LocalFileHeader@Base 1.1
+ Write_Zip64EndOfCentralDirectoryLocator@Base 1.1
+ Write_Zip64EndOfCentralDirectoryRecord@Base 1.1
+ call_zopen64@Base 1.1
+ call_zseek64@Base 1.1
+ call_ztell64@Base 1.1
+ fill_fopen64_filefunc@Base 1.1
+ fill
Bug#955690: wine-development: FTBFS: configure: error: MinGW compiler not found, cross-compiling PE files won't be supported.
On Fri, Apr 3, 2020 at 5:28 PM Stephen Kitt wrote: > Thanks for the report, the package is missing a build-dependency on > gcc-mingw-w64-x86-64. There is more to it than this. I am working on it now. > Michael, I can take care of fixing this, doing a rebuild to make sure and > uploading, if you could push your git repo ;-). Done. Best wishes, Mike
Bug#955690: wine-development: FTBFS: configure: error: MinGW compiler not found, cross-compiling PE files won't be supported.
On Fri, Apr 3, 2020 at 5:28 PM Stephen Kitt wrote: > Thanks for the report, the package is missing a build-dependency on > gcc-mingw-w64-x86-64. There is more to it than this. I am working on it now. > Michael, I can take care of fixing this, doing a rebuild to make sure and > uploading, if you could push your git repo ;-). Done. Best wishes, Mike
Bug#955690: wine-development: FTBFS: configure: error: MinGW compiler not found, cross-compiling PE files won't be supported.
On Fri, Apr 3, 2020 at 5:28 PM Stephen Kitt wrote: > Thanks for the report, the package is missing a build-dependency on > gcc-mingw-w64-x86-64. There is more to it than this. I am working on it now. > Michael, I can take care of fixing this, doing a rebuild to make sure and > uploading, if you could push your git repo ;-). Done. Best wishes, Mike
Bug#955540: chromium: Using ozone
control: tag -1 help On Thu, Apr 2, 2020 at 5:15 AM Bastian Germann wrote: > This requires chromium to build with the ozone interface in the > first place. Would it be possible to switch to using that (with the X11 > backend)? Would you take patches for it? Yes. Best wishes, Mike
[SECURITY] [DSA 4645-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4645-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 22, 2020https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-20503 Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library. CVE-2020-6422 David Manouchehri discovered a use-after-free issue in the WebGL implementation. CVE-2020-6424 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6425 Sergei Glazunov discovered a policy enforcement error related to extensions. CVE-2020-6426 Avihay Cohen discovered an implementation error in the v8 javascript library. CVE-2020-6427 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6428 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6429 Man Yue Mo discovered a use-after-free issue in the audio implementation. CVE-2020-6449 Man Yue Mo discovered a use-after-free issue in the audio implementation. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed in version 80.0.3987.149-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl54E4IACgkQmD40ZYkU ayiRMh//bTOibqPJBCxe0AqDuKGNi4xZ9E0fImuxB9Zi+oE+nEZPB5TxQm5id2aT 19Mqq2MNc1+Z2Ac0yn/j7kTTQ/fJ55olg57SWZ4H9k9ArI/jXZzqRPbzgHZg5wWs ssB7eabIotkXWYM76ANLjSlXSpPx34Hjo0SUMSL5emh2V42QM/4RmCIEIeIMh2q6 jf2xkhYFqcAuK9p5wWChTIZEwM1aEiKtbW24t9J6/h7I6rwiglRhtb3LCgcsga7e LkiNQLLiJmSIdJ1GkV4ly7NlBr2c8CQnx82PFj1atNJoEqEBaZEPIGhr2Wyen4K2 dwAmZ0T35ONwXpkxk71MxRRbJFDEDX6gWEKpkCU29LV9LMKpcVK826nhdwP0W8Ss 4zJMqQx0yiUSYGTYMxY7uELc278iXaNuHgy8OWP4uNMZ4pqjPzyvBOlRAAd0Lvhg nU53dsaoInJW/MywLhJQ0UKIxrn0a6HrezhsNIENbIe+0MBlbNRDl1GtKyjE5rsS DYUxqHUKlYuk4OinO0Xc0DabncFVuLWoiN5XptyBy51+ALh7PtnB+sTwzM98XICb fp2vEIIcfk5WMqArhLoN5GNJHLurWl3heYqHdAB8K5V8G2fvW4ZFylUqeyRgNhze FlQD21iwPChYTVtf1sLrhYq7L0QmvVaoG5bIBZe+laOyPeMGI7MP5UUhgf1J9kPl OSUxu7OLv2asUD/rKxepIY9w7kI6l+TwtTO+s+uCkWKs+Gw0aDzwLbhNh1dpF+q7 ZNMqd8yqaodITNEI9ULpwhpFvABtYkB5DgttSA2gs2+fXjU7LnGavCDvWLb08ywa vRhu6lTGnpfzVyOf5G4tCgnpNgdnKi7FO0nu2mlT8igVAXrVPQWAST25i1zUJjfX GL0LZGATZvgNeRhIftbEd8ti2PsePwza699DDLqnoq3Ac3VXoKeX59M3UzIDHkuM Hc8DuP9P6cd6+FtrYEzGcH+bqeKL29c8ucY6R1HkPkzifSXqkfTfRZE04Atqly+j CdL0FWSl9SXJ8lI5oDp7M2FxuS6KDA0ynrM29ZEgg76FWYDaxQcohmqPu+uMvbPq /miJM1HitgptmQuV9ThUpX0YsC8QoUTwZMk+uKbTmxoNQVzpaGrQaiBKD/RwZ4EN AFqP/Fx+mSwBm2ExGPOz4HFichkNLYX5GZWHC33unecVSHP9QD75ciggnvDtSmea tLA/Lpu9BjAuosa0YOIaK1Y+P9fOvL3jiAIVAbCOFOxoL0dsBPTxd6TJlVJVabeh +edgot6YUfpc2JKLLrvDTZYKM4WBTbk50N6dhUDuWbQJ0j7n9NMqtsaHOl8x6yp7 TgA2OpXk0ntGnDTFDFHIuF8dpCS0jw== =F7t7 -END PGP SIGNATURE-
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0974afb2 by Michael Gilbert at 2020-03-23T01:35:29+00:00
chromium dsa
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -16766,7 +16766,7 @@ CVE-2019-19880 (exprListAppendList in window.c in
SQLite 3.30.1 allows attackers
[buster] - sqlite3 (Vulnerable code introduced later)
[stretch] - sqlite3 (Vulnerable code introduced later)
[jessie] - sqlite3 (Vulnerable code introduced later)
- - chromium 80.0.3987.149-1
+ - chromium 80.0.3987.106-1
[stretch] - chromium (see DSA 4562)
NOTE: Introduced in:
https://github.com/sqlite/sqlite/commit/08f6de7f314ad6b15d34cc5f27c3e737fcd99268
(3.29.0)
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
@@ -35238,7 +35238,7 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML
input could fool the parse
- expat 2.2.7-2 (bug #939394)
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- - chromium (unimportant)
+ - chromium (uses system libexpat)
- thunderbird 1:68.2.1-1
NOTE:
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
NOTE: https://github.com/libexpat/libexpat/issues/317
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[22 Mar 2020] DSA-4645-1 chromium - security update
+ {CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426
CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449}
+ [buster] - chromium 80.0.3987.149-1~deb10u1
[20 Mar 2020] DSA-4644-1 tor - security update
{CVE-2020-10592}
[buster] - tor 0.3.5.10-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0974afb27e9140622a4c40d7187b56b7d95f81ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0974afb27e9140622a4c40d7187b56b7d95f81ab
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#953982: wine-development: wine in Debian fails to start "Uru", but upstream wine works fine (regression)
On Thu, Mar 19, 2020 at 8:28 AM Diafero wrote: > Version 5.0-3 also seems affected. Was the version that worked 4.21-1 or 4.21-2? Best wishes, Mike
Bug#953982: wine-development: wine in Debian fails to start "Uru", but upstream wine works fine (regression)
On Thu, Mar 19, 2020 at 8:28 AM Diafero wrote: > Version 5.0-3 also seems affected. Was the version that worked 4.21-1 or 4.21-2? Best wishes, Mike
Bug#953982: wine-development: wine in Debian fails to start "Uru", but upstream wine works fine (regression)
control: tag -1 moreinfo control: severity -1 minor On Sun, Mar 15, 2020 at 7:21 AM Diafero wrote: > But with recent versions (I tried 5.1 and 5.2) Could you test whether wine 5.0-3 (not wine-development) works or not? This will help determine which patches are most likely the problem. Best wishes, Mike
Bug#953982: wine-development: wine in Debian fails to start "Uru", but upstream wine works fine (regression)
control: tag -1 moreinfo control: severity -1 minor On Sun, Mar 15, 2020 at 7:21 AM Diafero wrote: > But with recent versions (I tried 5.1 and 5.2) Could you test whether wine 5.0-3 (not wine-development) works or not? This will help determine which patches are most likely the problem. Best wishes, Mike
[SECURITY] [DSA 4638-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4638-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert March 10, 2020https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6418 CVE-2020-6420 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-19880 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19923 Richard Lorenz discovered an out-of-bounds read issue in the sqlite library. CVE-2019-19925 Richard Lorenz discovered an issue in the sqlite library. CVE-2019-19926 Richard Lorenz discovered an implementation error in the sqlite library. CVE-2020-6381 UK's National Cyber Security Centre discovered an integer overflow issue in the v8 javascript library. CVE-2020-6382 Soyeon Park and Wen Xu discovered a type error in the v8 javascript library. CVE-2020-6383 Sergei Glazunov discovered a type error in the v8 javascript library. CVE-2020-6384 David Manoucheri discovered a use-after-free issue in WebAudio. CVE-2020-6385 Sergei Glazunov discovered a policy enforcement error. CVE-2020-6386 Zhe Jin discovered a use-after-free issue in speech processing. CVE-2020-6387 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6388 Sergei Glazunov discovered an out-of-bounds read error in the WebRTC implementation. CVE-2020-6389 Natalie Silvanovich discovered an out-of-bounds write error in the WebRTC implementation. CVE-2020-6390 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6391 Michał Bentkowski discoverd that untrusted input was insufficiently validated. CVE-2020-6392 The Microsoft Edge Team discovered a policy enforcement error. CVE-2020-6393 Mark Amery discovered a policy enforcement error. CVE-2020-6394 Phil Freo discovered a policy enforcement error. CVE-2020-6395 Pierre Langlois discovered an out-of-bounds read error in the v8 javascript library. CVE-2020-6396 William Luc Ritchie discovered an error in the skia library. CVE-2020-6397 Khalil Zhani discovered a user interface error. CVE-2020-6398 pdknsk discovered an uninitialized variable in the pdfium library. CVE-2020-6399 Luan Herrera discovered a policy enforcement error. CVE-2020-6400 Takashi Yoneuchi discovered an error in Cross-Origin Resource Sharing. CVE-2020-6401 Tzachy Horesh discovered that user input was insufficiently validated. CVE-2020-6402 Vladimir Metnew discovered a policy enforcement error. CVE-2020-6403 Khalil Zhani discovered a user interface error. CVE-2020-6404 kanchi discovered an error in Blink/Webkit. CVE-2020-6405 Yongheng Chen and Rui Zhong discovered an out-of-bounds read issue in the sqlite library. CVE-2020-6406 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6407 Sergei Glazunov discovered an out-of-bounds read error. CVE-2020-6408 Zhong Zhaochen discovered a policy enforcement error in Cross-Origin Resource Sharing. CVE-2020-6409 Divagar S and Bharathi V discovered an error in the omnibox implementation. CVE-2020-6410 evil1m0 discovered a policy enforcement error. CVE-2020-6411 Khalil Zhani discovered that user input was insufficiently validated. CVE-2020-6412 Zihan Zheng discovered that user input was insufficiently validated. CVE-2020-6413 Michał Bentkowski discovered an error in Blink/Webkit. CVE-2020-6414 Lijo A.T discovered a policy safe browsing policy enforcement error. CVE-2020-6415 Avihay Cohen discovered an implementation error in the v8 javascript library. CVE-2020-6416 Woojin Oh discovered that untrusted input was insufficiently validated. CVE-2020-6418 Clement Lecigne discovered a type error in the v8 javascript library. CVE-2020-6420 Taras Uzdenov discovered a policy enforcement
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd9af921 by Michael Gilbert at 2020-03-11T00:51:39+00:00
chromium dsa
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -8928,8 +8928,7 @@ CVE-2020-6418 (Type confusion in V8 in Google Chrome
prior to 80.0.3987.122 allo
- chromium 80.0.3987.122-1
[stretch] - chromium (see DSA 4562)
CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome
prior to 80 ...)
- - chromium 80.0.3987.106-1
- [stretch] - chromium (see DSA 4562)
+ - chromium (debian package does not support the chromium
installer)
CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior
to 80.0 ...)
- chromium 80.0.3987.106-1
[stretch] - chromium (see DSA 4562)
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[10 Mar 2020] DSA-4638-1 chromium - security update
+ {CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926
CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385
CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390
CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395
CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400
CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405
CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410
CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
CVE-2020-6416 CVE-2020-6418 CVE-2020-6420}
+ [buster] - chromium 80.0.3987.132-1~deb10u1
[09 Mar 2020] DSA-4637-1 network-manager-ssh - security update
{CVE-2020-9355}
[stretch] - network-manager-ssh 1.2.1-1+deb9u1
=
data/dsa-needed.txt
=
@@ -18,8 +18,6 @@ amd64-microcode
NOTE: 20200224: The maintainer says version 3.20191218.1 can be
NOTE: 20200224: backported to all stable releases.
--
-chromium/stable
---
firefox-esr (jmm)
--
graphicsmagick (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd9af921db7783cf74f747e08cc8d198a7e490c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd9af921db7783cf74f747e08cc8d198a7e490c5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Bug#942962: chromium: Python2 removal in sid/bullseye
user debian-pyt...@lists.debian.org usertags 942962 py2keep usertags 942962 py3noport thanks
Bug#951915: wine32: Nearly impossible to install the package
control: tag -1 moreinfo On Sat, Feb 22, 2020 at 9:57 PM Jean-Philippe MENGUAL wrote: > 10 dependencies do not want to install: the install tries to replace > the /usr/share/doc/package directory, to change the changelog.Debian.gz > and, of course, refuses. I guess changelog.Debian.gz is different > between i386 and amd64. This should only be a problem if the i386 and amd64 packages have different version numbers [0]. For the packages you list, this is currently not the case for bullseye. I suppose this could be caused if the files in doc on your system had been modified from the as-shipped files from the original packages. > An alternate idea? Should I reportbug to each of these packages? On my system, there is no i386/amd64 mismatch with the packages you list. It is more likely a problem with your system, so please try to debug it first. Best wishes, Mike [0] http://bugs.debian.org/758616
Bug#951507: wine: please fix arm64 build failure with some gcc versions
control: retitle -1 wine: fails to build with clang 9 on arm64 On Mon, Feb 17, 2020 at 10:54 AM Gianfranco Costamagna wrote: > Hello, looks like wine is still failing on Ubuntu arm64, probably because of > new gcc or new glibc, or a combo of them both... The difference is that clang 9 is ubuntu's default and debian's default is clang 8. Best wishes, Mike
Bug#951507: wine: please fix arm64 build failure with some gcc versions
control: retitle -1 wine: fails to build with clang 9 on arm64 On Mon, Feb 17, 2020 at 10:54 AM Gianfranco Costamagna wrote: > Hello, looks like wine is still failing on Ubuntu arm64, probably because of > new gcc or new glibc, or a combo of them both... The difference is that clang 9 is ubuntu's default and debian's default is clang 8. Best wishes, Mike
Accepted wine 5.0~rc4-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 25 Jan 2020 14:12:35 + Source: wine Architecture: source Version: 5.0~rc4-1 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Changes: wine (5.0~rc4-1) unstable; urgency=medium . * New upstream release 5.0-rc4, released Jan 3, 2020. * Include more detail in README.debian about wine-binfmt. * Update standards version to 4.5.0 (no changes required). Checksums-Sha1: 1a235158bc643526c793cb9fb3a1929b1e8fffec 4637 wine_5.0~rc4-1.dsc ca65baa9cc954ca37c57868b57791b378a4dd052 20636728 wine_5.0~rc4.orig.tar.xz d2e305028c35ab97410b8c6777b3056fcf0ba93e 212164 wine_5.0~rc4-1.debian.tar.xz df92b91f18e91d05ab327685a8dd0df831ac50c4 19849 wine_5.0~rc4-1_source.buildinfo Checksums-Sha256: e19b773ff9194b4a0bc5ce524349369dd1926dc9ba89a28301b7b2aafec30900 4637 wine_5.0~rc4-1.dsc 7ae2a16a2cc9ff1f12037b8474b6d2a51f88f57399cdadbb3eff08a8da359d1a 20636728 wine_5.0~rc4.orig.tar.xz bed21fce5905e1bb429fd94fbc4c8b91bf01dfa1a8780a5a7ca65dc5ac068ed8 212164 wine_5.0~rc4-1.debian.tar.xz 8cb657b2062b379a811b06a097a35a3d286c2c4af9b7fd374344f9dd3eb5b8f3 19849 wine_5.0~rc4-1_source.buildinfo Files: 8313d5a07ae90786a7546e53aa54eaba 4637 otherosfs optional wine_5.0~rc4-1.dsc f79ee1be7d834c4770cc5cd2382f84dd 20636728 otherosfs optional wine_5.0~rc4.orig.tar.xz 8b08c0ed428cf169e2d7cbd56e51a39b 212164 otherosfs optional wine_5.0~rc4-1.debian.tar.xz bb7bed5d3df7d2133dc5df597d810614 19849 otherosfs optional wine_5.0~rc4-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4stMcACgkQmD40ZYkU ayhNLx//X8vhebvKmyZjgUgN9XFJjOk+tVnVORwP80NlwmwyUbALYoBPUErm6f7E S8Q/86GMKctku4Sf2tCHXcevYTXKr7qRTOeooYHzsmIOT5LQjuxLIL8IjHEZN/Hd 8MpCFnsI4VVOrF3mplCFAeKIiZbe7nKvbmi/ixs8JTjjXpTW2ro9OaiiuEejX68J ZTkuAsC7Jibbse9gZZHzzWdCrXE8DFVHijRe716rVBmHllM8uXcyCI1IYUoxcYe2 3HxRBx5UfwyOj27fVv2iMalRJo0xAsJH/M31JC6Ax21c9h/icV/oSoToa/eSVUZp Tty0W89pYKVgbXbjBAHyB1Fuk0GEFgnTM/B8xXOMIB6jqMKM4ZaTNl9FZ4Pv01C1 dE0WzF/0i7oxOYBzfKnZrUJ5ocF0rPsEdtAf38MUgtS6eb7NXJisnNvUynoUHomI wg+MhCOb9eMV6xZ9pDRvDMAk3kBKhYCjg3unJAMwJAj0YYjFHKDHrzcM25ionTuJ g5OX4SPdc9XgIOaUnwQTre2Ut1e/akPs1wXmcI2FfRHZ4hPaMF3HoYt3Rdx+E9Ey CLfhxkdFe+VyRJoU33zpMoFmJ+iYSEAK98KTHbM8aUrZvJQB2hjB5V94HhutPoJE OF86923GF/bwoisOTnCtTJHrPGxa1nNscFH97aDt1Yt7Jy8eBmGtuTtEJXAKFx5f fO5xwpVUcQYxTPyZ3TkXPIXMBI+e+EK9DWP90d4JglbJfgbCnWxJO9RAu7OVH9jf 5iHZFt72nOHuHJdVe2ogGUHNMjQW9a1XAW+sHaiFCmc9nE3bq5UzPHHP6yfc8P4t 6GOOhbTB/65KdzrkfGyeW0J5tlDY9uwtZPjE1891++BZqLNAJE5+7aPl8AFjgNEM JL86ukN1qc11iykFsKUcH3z3NZh9AK5HU4XZKlpN8+FoBQAMgFtD1wMjNNZAW1mw oJlVRuaH/Xu/SO7X4vVs519kBZgOx2B4hBnEGbHbs+D0jzDySuvi4wBhqBtqREie F2AoHyvRYjK0RQtIf+rKKgidjJJX3NS6BPYa1zABQAbR4ozPVaV7zuEv5FaWhPuh nN10nBOXX5g5ok/XhaaRkIThrmgxRPClmmY0K6zy8TV1/iGew0fpslAuYjmFW6jy up7LQr2zTljTetI+LrbiFNaYyD8m0L6EesxKRzU40BXiEg0KrCXEClUIjcdmEds8 aACd1thoXjFE14oDKuCDJTeFNtMdYakOX1nNYxaAyK0U6YDlXjqLfp30WoxbFDLt z16pWGaB7DiMCKL3tap0wcVVpyKYXZk350v5gRV7YdS9ivMW4iOVXQPaNBHUxt3s F6wm5X6Y9ClgyipaWWrs+hCZ9m2T+g== =5eev -END PGP SIGNATURE-
Accepted chromium 79.0.3945.130-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 19 Jan 2020 15:22:38 + Source: chromium Architecture: source Version: 79.0.3945.130-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Chromium Team Changed-By: Michael Gilbert Changes: chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and Jianyu Chen - CVE-2019-13726: Heap buffer overflow in password manager. Reported by Sergei Glazunov - CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu - CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and Guang Gong - CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin - CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov - CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian - CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and Zhen Feng - CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous - CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery - CVE-2019-13738: Insufficient policy enforcement in navigation. Reported by Johnathan Norman and Daniel Clark - CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr - CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani - CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng - CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by Prakash - CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera - CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by David Erceg - CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti - CVE-2019-13748: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13750: Insufficient data validation in SQLite. Reported by Wenxiang Qian - CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian - CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13754: Insufficient policy enforcement in extensions. Reported by Cody Crews - CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa - CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil Zhani - CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13758: Insufficient policy enforcement in navigation. Reported by Khalil Zhani - CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu - CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain - CVE-2019-13763: Insufficient policy enforcement in payments. Reported by weiwangpp93 - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov Checksums-Sha1: 09b49e7f84d9287f479c393e54857f25c7daf58c 4242 chromium_79.0.3945.130-1~deb10u1.dsc cab2484a4586d743ca9a6fd8507403cc710705d3 266756640 chromium_79.0.3945.130.orig.tar.xz d23c9ba9e7af79afbd379f782ee0bfd0b9856ce5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz eb33c7841ad6193dc047554eb85da7f3f5be30a8 21561 chromium_79.0.3945.130-1~deb10u1_source.buildinfo Checksums-Sha256: 41c5b7650e2b5d79d8d8affd420d13866cd0df298ae462c8eec44bc3298c100b 4242 chromium_79.0.3945.130-1~deb10u1.dsc 73d982161090d2c2af26f547cc6a8e1ef935a87d4d193789ced8c6ef07cf7a8d 266756640 chromium_79.0.3945.130.orig.tar.xz 1b71e851491c13cb82e60028e906a867db80f7d1d51448cce67979f82d50bde5 187468 chromium_79.0.3945.130-1~deb10u1.debian.tar.xz
[SECURITY] [DSA 4606-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4606-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue. CVE-2019-13727 @piochu discovered a policy enforcement error. CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library. CVE-2019-13729 Zhe Jin discovered a use-after-free issue. CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. CVE-2019-13737 Mark Amery discovered a policy enforcement error. CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. CVE-2019-13739 xisigr discovered a user interface error. CVE-2019-13740 Khalil Zhani discovered a user interface error. CVE-2019-13741 Michał Bentkowski discovered that user input could be incompletely validated. CVE-2019-13742 Khalil Zhani discovered a user interface error. CVE-2019-13743 Zhiyang Zeng discovered a user interface error. CVE-2019-13744 Prakash discovered a policy enforcement error. CVE-2019-13745 Luan Herrera discovered a policy enforcement error. CVE-2019-13746 David Erceg discovered a policy enforcement error. CVE-2019-13747 Ivan Popelyshev and André Bonatti discovered an uninitialized value. CVE-2019-13748 David Erceg discovered a policy enforcement error. CVE-2019-13749 Khalil Zhani discovered a user interface error. CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13754 Cody Crews discovered a policy enforcement error. CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. CVE-2019-13756 Khalil Zhani discovered a user interface error. CVE-2019-13757 Khalil Zhani discovered a user interface error. CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. CVE-2019-13759 Wenxu Wu discovered a user interface error. CVE-2019-13761 Khalil Zhani discovered a user interface error. CVE-2019-13762 csanuragjain discovered a policy enforecement error. CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6377 Zhe Jin discovered a use-after-free issue. CVE-2020-6378 Antti Levomäki and Christian Jalio discovered a use-after-free issue. CVE-2020-6379 Guang Gong discovered a use-after-free issue. CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed
[SECURITY] [DSA 4606-1] chromium security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4606-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq - - Package: chromium CVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378 CVE-2020-6379 CVE-2020-6380 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. CVE-2019-13726 Sergei Lazunov discovered a buffer overflow issue. CVE-2019-13727 @piochu discovered a policy enforcement error. CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 javascript library. CVE-2019-13729 Zhe Jin discovered a use-after-free issue. CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. CVE-2019-13737 Mark Amery discovered a policy enforcement error. CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. CVE-2019-13739 xisigr discovered a user interface error. CVE-2019-13740 Khalil Zhani discovered a user interface error. CVE-2019-13741 Michał Bentkowski discovered that user input could be incompletely validated. CVE-2019-13742 Khalil Zhani discovered a user interface error. CVE-2019-13743 Zhiyang Zeng discovered a user interface error. CVE-2019-13744 Prakash discovered a policy enforcement error. CVE-2019-13745 Luan Herrera discovered a policy enforcement error. CVE-2019-13746 David Erceg discovered a policy enforcement error. CVE-2019-13747 Ivan Popelyshev and André Bonatti discovered an uninitialized value. CVE-2019-13748 David Erceg discovered a policy enforcement error. CVE-2019-13749 Khalil Zhani discovered a user interface error. CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. CVE-2019-13754 Cody Crews discovered a policy enforcement error. CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. CVE-2019-13756 Khalil Zhani discovered a user interface error. CVE-2019-13757 Khalil Zhani discovered a user interface error. CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. CVE-2019-13759 Wenxu Wu discovered a user interface error. CVE-2019-13761 Khalil Zhani discovered a user interface error. CVE-2019-13762 csanuragjain discovered a policy enforecement error. CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 javascript library. CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. CVE-2020-6377 Zhe Jin discovered a use-after-free issue. CVE-2020-6378 Antti Levomäki and Christian Jalio discovered a use-after-free issue. CVE-2020-6379 Guang Gong discovered a use-after-free issue. CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. For the oldstable distribution (stretch), security support for chromium has been discontinued. For the stable distribution (buster), these problems have been fixed
[Git][security-tracker-team/security-tracker][master] chromium dsa
Michael Gilbert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5aaa66ac by Michael Gilbert at 2020-01-20T11:55:54+00:00
chromium dsa
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[20 Jan 2020] DSA-4606-1 chromium - security update
+ {CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728
CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735
CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740
CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745
CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750
CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755
CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761
CVE-2019-13762 CVE-2019-13763 CVE-2019-13764 CVE-2019-13767 CVE-2020-6377
CVE-2020-6378 CVE-2020-6379 CVE-2020-6380}
+ [buster] - chromium 79.0.3945.130-1~deb10u1
[19 Jan 2020] DSA-4605-1 openjdk-11 - security update
{CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604
CVE-2020-2654 CVE-2020-2655}
[buster] - openjdk-11 11.0.6+10-1~deb10u1
=
data/dsa-needed.txt
=
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-chromium
--
curl (ghedo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aaa66ac7553e1ca0d2b7d9c0eb6f362564ce717
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5aaa66ac7553e1ca0d2b7d9c0eb6f362564ce717
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
Accepted chromium 79.0.3945.130-2 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 19 Jan 2020 08:42:14 + Source: chromium Architecture: source Version: 79.0.3945.130-2 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team Changed-By: Michael Gilbert Changes: chromium (79.0.3945.130-2) unstable; urgency=medium . * Add libx11-xcb-dev as a build dependency. Checksums-Sha1: db04ef5c8ad3dc01ca3f40aea782c8047929ad59 4178 chromium_79.0.3945.130-2.dsc 204a4d9b2b013d579eb9a7470b6c59a193677843 189304 chromium_79.0.3945.130-2.debian.tar.xz 7c38b990492191c1fa0937b846c89efec3251994 20697 chromium_79.0.3945.130-2_source.buildinfo Checksums-Sha256: 7ade7de43e5f5bebf4c37e8073aab1628ba14284d3e59a752cd6e884f09de1b9 4178 chromium_79.0.3945.130-2.dsc 3be3d8101dafc7e1f3da3ef664ccf077d1a45637b751a14bf6f9008f7de7f236 189304 chromium_79.0.3945.130-2.debian.tar.xz e68ddc535b59a085e11a96473e6c059e5449e8819aa4613b7704fff6c129f0a6 20697 chromium_79.0.3945.130-2_source.buildinfo Files: fc07a6fa0a3fed6a1a8d263ca33d88b1 4178 web optional chromium_79.0.3945.130-2.dsc 85b4f9a67a10464e7437d8089c0753c8 189304 web optional chromium_79.0.3945.130-2.debian.tar.xz 45e450abccd73b8acac5192e2b21e7ac 20697 web optional chromium_79.0.3945.130-2_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4kF9EACgkQmD40ZYkU ayhu6CAAr/NKM2XHtw/CQhmFADxfwj93zfzjKebUVoVWLOV8mBCPUH3S68fEOezz vwNRo2WB3vfYuewNkcWbVJKkpc3JXhvjrn25hQM/s9tmvstcNC9COpEuIdNhXBSr L8fIOVn4zQ/ciLnf+o2aebVIILCpMuikdq70vm3jAlnhT8zIOhhvTn8AbmukfF/z oFNY6Lq0R4dD7dcCv7DBvM/FdDgK5IoDLzDogaKMEXTu5I2jQ8x3JYBUdcB2PVmt X+DBb4gMLrCKLXRiQauMOt8jhCb5h9F3XZ1+MWMRIHyCE9m58OuO6IaNiVnZFdt8 0duiuEJzzjYDUAOCRN1E4Gamjn+Ic5F3Axndin/PkBH9eXFvOQjKS9bwgbh9N9kc /3XH+IajoerGOqgLlGtpWimPgomvDjj9EEAcE62aDgxH9DFSimHxCyG9qMDe2uK7 6qPgzjoIB6LogESCNhb8NgxamZNAGIqBoNo8/1mrAE1rSwOQXMxXoxObRVydnTix mKgi8Zo8y1+hYaROW/fdzS9a/syCLOV5AbaI1XGdxdRMkCnN4fGv5e3r/ot0vl8y Kx84uF0m7Elt+4NP6uLPYyWKcHjdLOGOOUslUR5CgDvdecvv+ed/GriXAkQHIKU6 yyY0uq38ELLjy6NTWTSn0t5LTQTp54jX8PZXFGfmyB7UTVsWhX/gGtO7Qs02JF1J ctdh5JCvDTJOG1JVou38sOBaLbvqLk7vDmeONi/Ujnh6CdyMnc/sV7wQZhr03YY9 YGUScLoJ8tAvbpt3ACP1IHek/Ndxvl60MQ7/CQbSHqPTOZ9uPv59wLuh19MG410/ 7HiIj0LrrkXjPv86g3WuIBde+su+BBc3T4+76bZFXVF1l7i/byxN62mUJiiu9b5j 0e308w0ia4DH+MD1PSs0A+mGNDL2UUSoVnnfUHsVwUL7YxQVE4PGAHOAvk5YUnJL TLMo/fM/xCbZlW5X177oGbW/6GAu3kJ11qtXivrNwE/pfhanCF+7CLkrq05ZPz89 flnBax7e94gpBSm0cBztB2wSapGIgyaRVbns92s2SGxVfYzMI7lSYet7E3NF8pTI E/rBB5M8dkdE3rRH7vk7gysqkAlhAastI6SNmDSYmNKYZdzokLvDCPQHSx0hjLa+ 56EPYNdMV54lnsQRZLuLzIbQHBSrQKBFA8Re7eOXVxdYCY+JmbEojE7gmGfORiMR 816REmIFi9qsUKMn6GoXtLrwnHLuzzlLXSbVu0ZJeMLRjmYhg2b9oD/lHC3S+yH3 5e2IT0BruwQEoDtGQ4FQsKqLsO4bJ1KYXwkqDa/NeytnSaaoPrIIT7M9i8N6R/sl 1iwuxENnMZsCMaI06zkaZLTdtUTTMg== =PEC8 -END PGP SIGNATURE-
Bug#949246: wine32:i386: Running Fallout 1 or 2 under Wine 5.0~rc2-1 fullscreen results in black image [regression]
On Sat, Jan 18, 2020 at 11:05 PM Matti Hämäläinen wrote: > > On Sat, Jan 18, 2020 at 3:35 PM Matti Hamalainen wrote: > >> "virtual desktop" works, but is not a feasible option as on a 2560x1440 > >> screen > >> a 640x480 resolution game will be minuscule. > > > > winecfg can be used to change dimensions of the virtual desktop. > > True, but that does not make it actual fullscreen, and the game changes > the "virtual desktop" size anyway, because it has no windowed mode. A lower resolution mode of your monitor could be used before starting the game, but yes none of this is a solution. > >> Kernel: Linux 5.4.12-qcmm (SMP w/8 CPU cores) > > > > Can this be reproduced with a vanilla debian kernel? > > Yes. Exactly same symptom on linux-image-5.4.0-2-amd64 Please submit an upstream report [0]. The packages from snapshots could be used to determine which version introduced the problem [1]. Best wishes, Mike [0] https://bugs.winehq.org [1] https://snapshot.debian.org/package/wine-development
Bug#949246: wine32:i386: Running Fallout 1 or 2 under Wine 5.0~rc2-1 fullscreen results in black image [regression]
On Sat, Jan 18, 2020 at 11:05 PM Matti Hämäläinen wrote: > > On Sat, Jan 18, 2020 at 3:35 PM Matti Hamalainen wrote: > >> "virtual desktop" works, but is not a feasible option as on a 2560x1440 > >> screen > >> a 640x480 resolution game will be minuscule. > > > > winecfg can be used to change dimensions of the virtual desktop. > > True, but that does not make it actual fullscreen, and the game changes > the "virtual desktop" size anyway, because it has no windowed mode. A lower resolution mode of your monitor could be used before starting the game, but yes none of this is a solution. > >> Kernel: Linux 5.4.12-qcmm (SMP w/8 CPU cores) > > > > Can this be reproduced with a vanilla debian kernel? > > Yes. Exactly same symptom on linux-image-5.4.0-2-amd64 Please submit an upstream report [0]. The packages from snapshots could be used to determine which version introduced the problem [1]. Best wishes, Mike [0] https://bugs.winehq.org [1] https://snapshot.debian.org/package/wine-development
Bug#949246: wine32:i386: Running Fallout 1 or 2 under Wine 5.0~rc2-1 fullscreen results in black image [regression]
control: tag -1 moreinfo control: severity -1 minor On Sat, Jan 18, 2020 at 3:35 PM Matti Hamalainen wrote: > "virtual desktop" works, but is not a feasible option as on a 2560x1440 screen > a 640x480 resolution game will be minuscule. winecfg can be used to change dimensions of the virtual desktop. > Kernel: Linux 5.4.12-qcmm (SMP w/8 CPU cores) Can this be reproduced with a vanilla debian kernel? Best wishes, Mike
Bug#949246: wine32:i386: Running Fallout 1 or 2 under Wine 5.0~rc2-1 fullscreen results in black image [regression]
control: tag -1 moreinfo control: severity -1 minor On Sat, Jan 18, 2020 at 3:35 PM Matti Hamalainen wrote: > "virtual desktop" works, but is not a feasible option as on a 2560x1440 screen > a 640x480 resolution game will be minuscule. winecfg can be used to change dimensions of the virtual desktop. > Kernel: Linux 5.4.12-qcmm (SMP w/8 CPU cores) Can this be reproduced with a vanilla debian kernel? Best wishes, Mike
Accepted chromium 79.0.3945.130-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Jan 2020 20:26:26 + Source: chromium Architecture: source Version: 79.0.3945.130-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team Changed-By: Michael Gilbert Closes: 945920 Changes: chromium (79.0.3945.130-1) unstable; urgency=medium . * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov * Fix memory instrumentation singleton initialization errors caused by tracing patch included in the previous upload (closes: #945920). Checksums-Sha1: dd61c1104560c28b5cebb7d42c4ca6452fbbc014 4162 chromium_79.0.3945.130-1.dsc cab2484a4586d743ca9a6fd8507403cc710705d3 266756640 chromium_79.0.3945.130.orig.tar.xz c450c2ad615334a3c77acc9fb519420f767b29f4 189208 chromium_79.0.3945.130-1.debian.tar.xz 2e5cf021e4798a9a2ac23ce589ef8e37d772efce 20666 chromium_79.0.3945.130-1_source.buildinfo Checksums-Sha256: f939b337d2aba54218ab7653d6e368104e93077b05ae3742422f5a7ca7029288 4162 chromium_79.0.3945.130-1.dsc 73d982161090d2c2af26f547cc6a8e1ef935a87d4d193789ced8c6ef07cf7a8d 266756640 chromium_79.0.3945.130.orig.tar.xz 59428d97e67764d6d874f6d2b7655918abf1c9e61d24b5a3389764f2956107d9 189208 chromium_79.0.3945.130-1.debian.tar.xz b9e6d6c9e7bcbd62903965165c52e5dbd795ef8697a5ea92d401ae75dd7117d6 20666 chromium_79.0.3945.130-1_source.buildinfo Files: dfd9277f40854f207c64f7df0ac5b68a 4162 web optional chromium_79.0.3945.130-1.dsc b085e08af49bd9e9de7eef43e4d45886 266756640 web optional chromium_79.0.3945.130.orig.tar.xz 97bd816b296f2eb1455a78a2b44d045d 189208 web optional chromium_79.0.3945.130-1.debian.tar.xz 20461a76401001114c9dfddb03e4e47f 20666 web optional chromium_79.0.3945.130-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4jvjEACgkQmD40ZYkU ayhn6h//T/0rN+debIvm6Livm6HxHzKROAEfadDc/gC2Ye5GxcSZ1LT6FCMn90m8 folcSFbLPVUQkOMv2qwHm6pfJ09nGMJEBx/gkmlX4jrYsZRb9z8NHtssevD7rZgz pERpveYQnMVfz1xiijRNdy/iFGk2xEnJiBAQiOWCOP4JAL4okLZHkCxPwjlOXcQ0 g2q5bR7G1xcRMjE3wAs3LGT6Fx7eNfquo5uVjkyTe37pvG7zKr756xTn7i/07Goz kOlfTmIbsCMh4vrim6i3rrj2I3eTCRFMJb8U/RiLThDRoZNkkL0uPAWmGMSR4voz JowaTzDEAk19aZB295V9Z98U4/lyUpuoEyr+F8hr/myDygLe8ZOFqEU/x5//l9F3 LoDVCZFvC7+2UsmuzMGeBt7dAT7s9/WIKoGtA0HrTBa8ARrsur18sy0c6dqawVbE y4EMnSLt1x0ubQuiF11sRc8hLyMKFooKPzpWnjvANYGLl0lwvchMSkWL0AAjWptt 686IdONzBEYxGbcdM2DchXxjJbzggUIuDKz5C2rNRV2WoKlUL5miaxNf36PXJPbl 24Qy2HFZe9s81FXaXRswZmBjt94gcxiWj0Dwwe8ZW0IJ0DGvHPJkYddNh2gf3VKn 9m2KDlAnVDh0rE5p9W+TYcCxNIV+qSTez4+eXcD84RFeQfJ7QFHKTBNWi9aULbA9 NHxEWbcAWmShMIjaZVpe5gfhgcggqqRsIs80XLYCpbTH9KExF3PBFVf6m7s5ddAG Nq0a0NII5rZCANFFlRHBVCTsK1t9iihKlYzsyvK9Pmjw2z1MR/73lz5H4SL2Squt 9kxcVQiNJdRN0OiLZIp+UU/E+2BoZ2ovV8Ih/d4uYbHZhEGNMYwF7uFEh5dhexvL Nz4lu5rUAdlwoMnd26+zl7JVcGPSjvAaX6eQOk9MxcjmvidIC/lopb9Xy9S4tfoc VCN3iKnF5Ek12vlSHRL0jCdgrLIT4Y/VfJfR40acXfjmHaY7lcp3poxB3ut9iyiE QcCnfaQQ/VGYlp4YCbl4rvopIHAafnlLrAOwFGyUw4v6xITs1HIOWLy9MwmFIfy1 KL3c7WnGsgDUZ2SGJnj1dXWUxlfD3+nhgyyL8ww81ns0w5yGBftuRl9Mg/abzz0h w19pIhclg9I7H1AiRkCebWcRnLc8tFT3D3qPSl/7EzqpO/9AeGu1PVS4hklAhOZG iWjB7JxgzrhLjEpU1WbR2xWphPkDqVzTdTy6LN2Zp3v8b/FSrPTLVcH0xAg9UOi3 w/B07eY5ApAQlCoemR2h7d8sHpwpjJtAEQH/aMCxcO9T7QZgmrUq4KZ/iYzHbQ+r sSVssLMaqlArFpAN5JV9Tquh/5Uhyg== =MbeS -END PGP SIGNATURE-
Accepted wine 5.0~rc3-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 Jan 2020 18:46:51 + Source: wine Architecture: source Version: 5.0~rc3-1 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Changes: wine (5.0~rc3-1) unstable; urgency=medium . * New upstream release 5.0-rc3, released Dec 27, 2019. Checksums-Sha1: aa5026051cf1b0c5b102e1197d96125dcb480327 4637 wine_5.0~rc3-1.dsc 1591f38fe62b800af5b23f1cada0693416978338 20636212 wine_5.0~rc3.orig.tar.xz 245d474064f316f7b623e5e098665826a391a7a4 211796 wine_5.0~rc3-1.debian.tar.xz 668a4c45b72928fec8fc2636b322957a6f313f04 19792 wine_5.0~rc3-1_source.buildinfo Checksums-Sha256: 2fece1540d8032691bf0ed220d61066a7b6c59edc3c18e254327c6aca2164f70 4637 wine_5.0~rc3-1.dsc a299d3c45fd5acd772f12eb2a8294b7e97ffceaf83ba6c746c4cf7936205e9d8 20636212 wine_5.0~rc3.orig.tar.xz f3d292f8f9e76487fcdb5c47f33122806346e422b29aca60352d64cc320d1cb6 211796 wine_5.0~rc3-1.debian.tar.xz 87e66d776e477ea484e6331d4a8f6697a1b60324fa01b01e9b71592a9ff23ef5 19792 wine_5.0~rc3-1_source.buildinfo Files: ce7da8fd6c327046d0a077b0be72ec76 4637 otherosfs optional wine_5.0~rc3-1.dsc 106b4fed92f1852668fb5697ae44735f 20636212 otherosfs optional wine_5.0~rc3.orig.tar.xz a44b386f4706e606c53df31f30077bbb 211796 otherosfs optional wine_5.0~rc3-1.debian.tar.xz 46125380c87ad0d0b2f4e9196edb8c8f 19792 otherosfs optional wine_5.0~rc3-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4jXDEACgkQmD40ZYkU ayjv9iAAkIr9ZtoYoRatu7pidPaHsCqD+1uS1ObWcz3uUxAUFBYW/ex6iPRu4oRy 5g1r9UJqb9o1HnUjCAW7HrGljIdHDlvHiiTB46lsTND6roi/vl/vWx3YeEBdRE/Z Plttd0I9QuKYOWDPeVoUNGcu2vxSIZKlXfnleam67AtqOCI54es23Umg6gbHRKz1 3f3GWctMA/46nsUFuF5BT+oW4BzjBcRFhzZEeDyHrH3xds+9BRDRFCEeHe0dYVm4 nitMb+xctB6J9JuQ6RNPTjAs0+PHcQWjkKQPug4JCNDIhLivzLQ/1B77zVm8QQLV cHSryaUXelPNFiIqS3dR5qLuoBC4CaY4GnsmmvVpoUgkp1AwH4RBcyUSu5Z8v+l8 yradGX5E/LbTbRcUpdV3w4xDdQ5e/97xHwylT6jd72lgY1zdCcKt58YbL9ElZsiy y2vpVuHaa+BVX80RWIWh+PgX2RgmZcT28nu5qruWJFMjaYc4quq+31h/HsoLQOO6 NqT7Wsouuz8if33GRp5dTnNi11ncPR/tJc64UjSVMbtwRfOhrdij75aDhpXqTSTk BraBGoWEQ82qGRApVuHAsu19WkdzPOTAcGnX/dniycsE4Dsug2MbQnTMk/QLM7E1 VEUpmEj/NfwJVhBtVyYPSeC0xM+VOWAZKCKDoW3g93uEZ3A5x1rDehAgMFExVZMA aGdA3EvpikD+Ph3Zm8c606IFzDjphNUb2OzJMweRneSyEc4e+Rct7ECuUP8jEOy9 XyzBU7he7SjPFEcqjzRAKQuna9rrrSru75wmsMWP3nUTar3Qolae2gQH/lV6Uwbw IDmT7IYs9JALmaLNWydiGjHEmgarLbGDw36OjdWJI/Ub7wOaHc8ikCpUKOfseS3M tGHo0qV73aCF+tIkfn1oTXkga651yy/dUKC3E01bS/EagJXiBKEIbdbr7vesbyO7 9EIuoNDvUA21otQrGwRPz08Lw29cvFa2JY54Gu4KwquqLdWkVGVTH6CXbwddfhXR kt8CP5H5guCqCyULBLbX4kT2z50J0gxrU4uERmEpj8mNAlpYMBjWu6x9IZguXbDe koNZsbu1LSYbOjxpTuD7rqac2R+t0r+0RkhimKRTg/5eQWiy65sMHlytcH0IHNT5 MQfFTCcsiHrVituuRpzzhMx0SJPc8ckN4CvrwAMR8U/snmZTYMgqgAMRaKpmNEFF +Y0E5wSbNHcKBLZEhs4YfUSKdNL3VBoiXqmvZIKBXUq7qNr3WeB+PQbT+6/t/ivC jLl8XYRnNEi71DwiJmEAskFaLNlpSFcjkWCVGUcFrpGw3LPpmTINLZLRebat44QL +PmRWyYObM/nyUFRf+olsaVPwTJP8A== =CHHZ -END PGP SIGNATURE-
Accepted wine 5.0~rc2-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 12 Jan 2020 21:08:44 + Source: wine Architecture: source Version: 5.0~rc2-1 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Changes: wine (5.0~rc2-1) unstable; urgency=medium . * New upstream release 5.0-rc2, released Dec 20, 2019. * Build with support for libunwind. Checksums-Sha1: e9b540244aeb11fbb1ab6dcfd7305145b781b0d4 4637 wine_5.0~rc2-1.dsc d6f6c549c77839b064c1b59a12f80b8766f03d7c 20635136 wine_5.0~rc2.orig.tar.xz cfeb6fb8fd5ba3c37c14b5c7c62ad19cfa04b92d 211856 wine_5.0~rc2-1.debian.tar.xz 8cae46834a5a3dfe9f4fa5c50744d73a764e1b3d 19788 wine_5.0~rc2-1_source.buildinfo Checksums-Sha256: 38d140f8441c2d31b5dea9e454a597e827f43b400bc00e43f43daf7515253a1b 4637 wine_5.0~rc2-1.dsc 5df02d5e2f83b2b5a0ccf1166e2c0329a5ce5e2ad1d4f3d45fae08e69bfabee2 20635136 wine_5.0~rc2.orig.tar.xz 0e9cb92e5578d04b017393871e754b181e30db752f9d79675ba9e35a6d68c1a0 211856 wine_5.0~rc2-1.debian.tar.xz 7364a3f575a2f0fa92d5a759f658d834d3c8670a7198771eae4519f36428a030 19788 wine_5.0~rc2-1_source.buildinfo Files: 4596c5308761b535637e26909f7cf8f9 4637 otherosfs optional wine_5.0~rc2-1.dsc b76a96506e30c96ab07d7cd1a607678e 20635136 otherosfs optional wine_5.0~rc2.orig.tar.xz aeabf29634386c1b72f4dee00317332f 211856 otherosfs optional wine_5.0~rc2-1.debian.tar.xz 1f9323434da44ea642faf4c34749f276 19788 otherosfs optional wine_5.0~rc2-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4cZfQACgkQmD40ZYkU aygTnyAAvbtSHVKvWEPmHwvGQcqMM0dCFINI3TZrV6Np/DiHM5DHYnRxoT3IYHSH sJkhCpZSrULr7/R6F5ebzwgJuRHNKTYez9paAaWm89cjTwTzb7MloBk8WUsfVCB3 uBOx+YjeddZPt6TcosIpMbsPkQpAonyYOt/eDktUeWJrKRLQ71qrhYZqG5FYpJ0j mm/O4kvYoufOIqaBQCZnkvQRA+KfqmAIUc+luLrciHJmlwQ7+NNrjla0epPUNHB7 MGyo6RKwIwlZw/iPTS5XML/PqZWpS6hw+VCRKPpdLN4G0eA9aBlT9hz7vWk0FqCp 7dMrKLvmzVH1JzJmtc3aUuGHvofXvGcf35DkbvedHYxlnMjxoiYG/RsLCqKRLNIk H0+NOo2WOUt15XvQkb0yjq26hDwE4gjb1HuFAeiZtD30ffC9SnOtvkNcja8x1M7n 4sfgcRXG4oaQrDakTvQe6RuUwQ5naRGNX1/NHU/hs2UnzGuup84mM3srJeiODA/B R5x6Fwr5bwDEgO9F/0ZDUtSFHGh+zyou9iLncjULPQRU473PxWUsldCBXrM0SztT w6bq02TJuy+lfWKWLfCymrUjAHNes58OQhH6VwYozU0QMjU+XXl8hOnL2IoREyk8 vN9E64VzCxzSozdEOwKzJDyf4hY/u9iCm6LYhwbIUhf71ZqIIJR4RsdqlIyWWpS6 0K7koO/eXxsSPzr/M5+LZoYL6b4r1+25XKOHxCXn9aFXzabBQII8RdMOWJFNjQHV EL5Q0/MmjWWZvMDbZm2psWQD+UvBBo4qkzwf2k7bInuQOWFBzwdtJPbQ/yMfw4hP 4VtmWm+NbvbdOi+eDfHw1Jk6v/YAAqgL+6u9Dk/wYqF43D3SxniJwVpsniQ344k7 +QU/91SnnO3xyw0fTSh5v6iunh3i5Aeh0Vlnug/ekffKoK743a0mZBS8B5qBTDMy jjzJcQNdjfQ3vzzKauzXyWvG9K4Ocz5dFXOsS/RVYitBQSAlPwd8EOpfaJcZ/QLp rp9An6E6ZoNNBYmpK2g/ho7LLdqvn4SJAlP4wvYxGd7ZnvdyrR/8RlGcpXCLoGqA arKZo/Y3Rx+34ZxfEhhhUVOO1NrXFEJbtBls7okW9X+IlsDrQ07tMfgJYBg9rypT FMXZDwydmPkXaexP4LSvfs/LIqKqbnR3rD9Ni/N8WwMEI8BWtjWexegAdYoOBn7m 5WQwlUf+RAJupzbA81KFE0gIegKT5srW+jdPvUIsg5yp26gdkpf6pmZUbH/qcRMq onDnXyW4UNYSlJcVfXKIyrW5RrLqQvJleoiahSeqnf8j3O+gH2SwexgsldCF+Dm1 Ql2H+9UWLmhsdgHmv8H/LlE+FQpAzg== =I7u3 -END PGP SIGNATURE-
Accepted wine 5.0~rc1-2 (source all i386) into unstable, unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jan 2020 03:32:52 + Source: wine Binary: fonts-wine libwine libwine-dev wine wine-binfmt wine32 wine32-preloader wine32-tools Architecture: source all i386 Version: 5.0~rc1-2 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Description: fonts-wine - Windows API implementation - fonts libwine- Windows API implementation - library libwine-dev - Windows API implementation - development files wine - Windows API implementation - standard suite wine-binfmt - Register Wine as the interpreter for Windows executables wine32 - Windows API implementation - 32-bit binary loader wine32-preloader - Windows API implementation - prelinked 32-bit binary loader wine32-tools - Windows API implementation - 32-bit developer tools Closes: 946939 946951 Changes: wine (5.0~rc1-2) unstable; urgency=medium . * Build using system zlib. * Handle upstream temporary directory refactoring (closes: #946951). * Restore wine-binfmt and fonts-wine binary packages (closes: #946939). * Use debhelper compat 9 to avoid automatically rerunning autoreconf every time debian/rules binary is executed. Checksums-Sha1: d5fbfeba4c1fa00a4b00bf27358a35f89e314cf8 4622 wine_5.0~rc1-2.dsc b6924c1726d3e8e3a940e458c0ada27ee80a3ff4 20701516 wine_5.0~rc1.orig.tar.xz 906101d6d3ce130a73161edc87b8fc0e42e4693e 212008 wine_5.0~rc1-2.debian.tar.xz 2aa57f9283233238d189b4e3a6e48daa4e42fbcb 234348 fonts-wine_5.0~rc1-2_all.deb 4976df41fd80e6219c4374958d3aa4e768396890 3764988 libwine-dev_5.0~rc1-2_i386.deb 2c0b320629ea7b3b3f840b0ed647e24af831f9b5 71398736 libwine_5.0~rc1-2_i386.deb c3e3d5a2b2bd04882fa0da1013c6739b1e9bc9e3 93660 wine-binfmt_5.0~rc1-2_all.deb 152bd4044d74be44f11abc9578afb649a17d302a 108696 wine32-preloader_5.0~rc1-2_i386.deb bda5aab024fac82992710a8b4ecf4b9e3ed56059 1437556 wine32-tools_5.0~rc1-2_i386.deb dda47a886b7ab86758e20ac2d847b25d93c91fb1 926500 wine32_5.0~rc1-2_i386.deb d7cc084f4f65905f1a84263a8f43fe7bfc8ada48 141232 wine_5.0~rc1-2_all.deb 2905418fd2a6dc0d6e8329eb3d866baf24e3e25c 21613 wine_5.0~rc1-2_i386.buildinfo Checksums-Sha256: d9af696e9feb5091e0f19b1163cf5ceb4bd50ee0a168a7b580cbab85a99646fd 4622 wine_5.0~rc1-2.dsc d6f7312274409920f90cd50ce245e1c0c0a7187e5da9a359d91ff639bd6537b9 20701516 wine_5.0~rc1.orig.tar.xz 5d396f8f45f4f7e1731ed671bc282ffec8fbf748ee937f08e1f556ccc89b2cdf 212008 wine_5.0~rc1-2.debian.tar.xz af810faaf5cc75d1fe0d8f20126143e1eb93492c2fc4daf7f7e414e91871f368 234348 fonts-wine_5.0~rc1-2_all.deb 9008aeb79db6c722f9d9e95206a5836f16d7bb5661d256ffe8d07f69cb7567b3 3764988 libwine-dev_5.0~rc1-2_i386.deb 82090d54f11a471766943114a94d286bb33dc4d5ea566d4213945d3b36d9536a 71398736 libwine_5.0~rc1-2_i386.deb 9e0cec8672532b0ab8610f0bda1995315902a67a9ad621bace8a19811e6eb681 93660 wine-binfmt_5.0~rc1-2_all.deb 4ca278ad0672f00c3176fef74d269012a411eff7f27f3863d60903cfc39b6c62 108696 wine32-preloader_5.0~rc1-2_i386.deb 66034c584743a7f34be4ad99a6aa91d95817f0952d06ecf34f8c5ea52ece35bb 1437556 wine32-tools_5.0~rc1-2_i386.deb bd53fcf594ba62ced29d212d43c2916de329a58b5c5eb7f8c1628f0aac79b941 926500 wine32_5.0~rc1-2_i386.deb 9fade8be41fa86c7d706a3d478022a686b2c11f0adfb99d2bde9d31e9b411109 141232 wine_5.0~rc1-2_all.deb 0565265dd2baba3e91491cf74fdd2eb2ad5192482960cc7fd6cbcc7472e2ef23 21613 wine_5.0~rc1-2_i386.buildinfo Files: 25f2714fabf275ef21423d2ea7a7fd2b 4622 otherosfs optional wine_5.0~rc1-2.dsc 7ddb56e6e06af831f33865187a3b14aa 20701516 otherosfs optional wine_5.0~rc1.orig.tar.xz 959631c006c0562eea6bb6e9fb0561d3 212008 otherosfs optional wine_5.0~rc1-2.debian.tar.xz 0b2e08de0353a2b37e4c99589f8558cf 234348 fonts optional fonts-wine_5.0~rc1-2_all.deb 6003bfeb1edd28e28c1a2d800e901ce2 3764988 libdevel optional libwine-dev_5.0~rc1-2_i386.deb 489878b7cb3cfc5e7a844f5c19b76f89 71398736 libs optional libwine_5.0~rc1-2_i386.deb f61544cc22a39510b7dc2adad1603e51 93660 otherosfs optional wine-binfmt_5.0~rc1-2_all.deb 6ef23b7fe037da01ef402d60d7d479f3 108696 otherosfs optional wine32-preloader_5.0~rc1-2_i386.deb c0387178647a97ce81b5840d3c719c39 1437556 libdevel optional wine32-tools_5.0~rc1-2_i386.deb 91878d3294efd8672868566e612973e1 926500 otherosfs optional wine32_5.0~rc1-2_i386.deb 1939096c017c7f504fdc05072f2d4c26 141232 otherosfs optional wine_5.0~rc1-2_all.deb 439c226bb46eae76f5eb2ac73c0df0c6 21613 otherosfs optional wine_5.0~rc1-2_i386.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl4SvHUACgkQmD40ZYkU aygD2h//bNpmpeBbx6GGvEg/aE35OHMlMPbTooeDpqI1RULx7jft3iETe06JXClO xihMAEOOcjSXULVp8Iq4F2WUp85R9EgQb/fnTIuHcQOcKFRBrwl6h4f6tUbiCa7L Kz3IJudX8Ixxa7RlaE1C/vB7IsVPpi0mTuH2gSEeenlt6JhkT0pivJPj6ZED8lfT EL8xzOS5CAWmrq9/vN53kESQ9HxD/wZXkqyAHPG5Bo056jVxKBhOxLZ7aS8n1wHn QtIVnYwdgsNZJVMlkcjXp7a5Fw/CtiP8kMGVwnHArBRRE7oFjAHwC2ai5WbdNn+L DVzSbcgL0Lh/X1NPDep3Et2gpSdlIRhaljrLWzbD3WsuvwdVLHCAdg2pGKL3F7op
Accepted wine 5.0~rc1-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 18 Dec 2019 04:29:59 + Source: wine Architecture: source Version: 5.0~rc1-1 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Changes: wine (5.0~rc1-1) unstable; urgency=medium . * New upstream release 5.0-rc1, released Dec 13, 2019. - Initial version of the MSADO (ActiveX Data Objects) library. - Update installation support in the WUSA (Windows Update Standalone) tool. - More progress on the kernel32/kernelbase restructuring. - Support for signing with ECDSA keys. - Various bug fixes. * Switch to the stable branch. Checksums-Sha1: d5fcaa9bfb612a431f18fdda400b6b7fd2935ae3 4518 wine_5.0~rc1-1.dsc b6924c1726d3e8e3a940e458c0ada27ee80a3ff4 20701516 wine_5.0~rc1.orig.tar.xz c7f848a8f9fa46debc35491d8b037063d4e65f11 194088 wine_5.0~rc1-1.debian.tar.xz a6a472f1185e7443f36ebcec6569ed9ad516b2b0 20086 wine_5.0~rc1-1_source.buildinfo Checksums-Sha256: cd4bd442eeef1ac77fc9cddc79da25c67f8106f9257b72401f5a2d90fa8a9101 4518 wine_5.0~rc1-1.dsc d6f7312274409920f90cd50ce245e1c0c0a7187e5da9a359d91ff639bd6537b9 20701516 wine_5.0~rc1.orig.tar.xz b2ae19ee1148ddad6de5866909ceb0d6a473a3a7636f119bc82d1b0c64d009df 194088 wine_5.0~rc1-1.debian.tar.xz 91463bb827993177550fcd321cd712c9f04417fb561b8ac2ee3c8aa1e9311027 20086 wine_5.0~rc1-1_source.buildinfo Files: 5712709de1294b94d4e2b6ebec7c2296 4518 otherosfs optional wine_5.0~rc1-1.dsc 7ddb56e6e06af831f33865187a3b14aa 20701516 otherosfs optional wine_5.0~rc1.orig.tar.xz 946135c762121049a8d788334226 194088 otherosfs optional wine_5.0~rc1-1.debian.tar.xz 45a2dbaa4c1667bc2e656bc1ebb0fca0 20086 otherosfs optional wine_5.0~rc1-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl35u0YACgkQmD40ZYkU ayguEB//SxY8YNrJyCktd1UIRd5w6IVLDvaiBltsS4cYKq/LTYYhUMPpg4jelN7B jnJCHZke+FK/t5OFZA+FPKzFudaIARWTXoxg3Bv8od/qe9TcUX3eoUiMHV+MOfBd G9TdnCxBX0w2lhJ2YUdyCjeqmF0NvF4KIAmN5BaPueWnOHXG2r7MRK4XykZ/EjM4 pIlsiJEhqYjYQP+7L1Ega0+XDxgftmdDqtPhhdYjjrQL+mxtwXD+5ArNSNOmNuRs OhpjLQNDL/6gqMBrkwcAbDiOXHF6raJFok6/thFq369pwFsjkvkMtSIHhwsq26tg 9LYTZp8gTeVzn3kfBSYlwR8M7/0OVj6DxhpzUN1zMZ9X1Fib+F8qIkdgt4fi62RN OSRvthpXh9nTjxCU4FUWr4q1A2K7uIgxkdnm6pJh5v1Ef3P8syG+4qpyIUi3Blok vap8553Ga1s7e7tIIEq7RoUSrZxvhVWa72naHJFczT5roN8gYAL+2g7u1O7D7m3q WMMxY9bzkbrMP2o6tdcj498utfcJ6oQUNwehrxPsBz7VDnFlxyElB20yfd+DdFa7 V6A5bXrY6KxbZCBnrUztC5h+e6YWxHmdDh2rThiQxM+VkjdW0wi3TIloaWKP0kyT akNcXFnHw/imDGd03TwGmeiALsSZTZqZPkwVuY+6RUVVYCviH+QNh7O/A0ngOTvc B5iLTmGju0hsErNowaswvvGJrQvao7BdTan/JXotUa7Rzf4uIFJGNyBObmER3bf2 e60Au11SBQxdxm6/uxqtSS6JoRC9Qgxq0qa4jPmpKnq0DF4tSa0J7Nasi7Gxj+3G HJfJ51e6yTll04998DpBqzS6D5s8YY61kXZhgCzIeSUOqWNqYkKu+rznIJr2udaQ ABwNQppNUwE4+3KB0L3mLX+wUD1u9Jjn5cSRlzHLugeXxEwhzod94CxTBtbAxWCF 7m0WIvy2Fq8yRactRecNGKmktd/nSypi9wlaB6uJ2Dh+tiJEAirh2+CMuPlBA6CC xH+hFBLEEQPZ/wpqeL6RDknBdwVIc+gCfT5EaCm0Mr/0+QmJrtqI8RZywBLgsRFl zQZvbGHvjxQl0hdv5hvwAgOfA0+XtmiL/JZGi5ULT09CDBW99kbtnrJ1s3FTp/t9 zSIP0R9N+9XYpMVMJKU4Ti7N/EZI2VdFaixgMD+1qutNyV1uLKi39adjdrqGx5ym GnNcbwOKqKSYcmQ0iTsY+YVyWzaj96RmUslDdBHBqzhwvsT2lGdaU2A3GJ69Xes9 tn7OZLP8aoAMwWai04scv0Hj/bVPrQjQ6qnfb3P/J+/rzicIrz6QlIeI3Ahi94h5 IwfcMwuBTgVTPMDbKcLpjYhLOVaTMA== =W0wI -END PGP SIGNATURE-
Accepted wine-development 4.21-2 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 14 Dec 2019 18:58:33 + Source: wine-development Architecture: source Version: 4.21-2 Distribution: unstable Urgency: medium Maintainer: Debian Wine Party Changed-By: Michael Gilbert Changes: wine-development (4.21-2) unstable; urgency=medium . * Fix compiler warnings on arm64. Checksums-Sha1: 9e22c88643eb67d515b2113bbf578df77db132e1 4797 wine-development_4.21-2.dsc d469843a32833f01ebf0aab521686798b54870cd 194008 wine-development_4.21-2.debian.tar.xz 50a50b655d494a1efa33f3a8e0319ba3dab36d91 20204 wine-development_4.21-2_source.buildinfo Checksums-Sha256: dd02ee2f4780ef8a6803956d663545462c1eeabfd03164347847a426935154d3 4797 wine-development_4.21-2.dsc ca11194e7090ae3877a345c2e80e1ec44eed49b9bfbbdcc6b8258370d9864ad6 194008 wine-development_4.21-2.debian.tar.xz eb1f4b619865d98e42c5ec76e95c08f29591c1fc1077f63e70764aee0ed7e3c4 20204 wine-development_4.21-2_source.buildinfo Files: 410d2ce072514cce6f3c8d7e32fe1f09 4797 otherosfs optional wine-development_4.21-2.dsc 3eb450ef0759f74acf650dd20316330d 194008 otherosfs optional wine-development_4.21-2.debian.tar.xz bd15d2a6e945f36c51a0c873154915bf 20204 otherosfs optional wine-development_4.21-2_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl31TD0ACgkQmD40ZYkU ayjB7iAAwEDfhmIdkol2WILWPpq33QswFhR+lW2fvZcBhQkX17l9j05T0Y1208xF HBb5XjE0d1/fZ1AYIB4ohxn5RhVxUdueVMhNIH49rGXz4NfJSNzv9QIlFgj5yZpT OpyVIJrgE5cPTGaAJysixdeHoMTWxcIf3VMocqpVFjn1+Wf+8BcUUE7/nCjve94Q MfUPn1xf/F8LRjVoYqtw3KIYRNeMTeTSUZONLAfEtCuBUFr5s4L90nCIZI1eGaTe 9IvgXcHnHn4ISl50tSzBE5V01uolnVrrpby7iJGJgAQJn2hRG36vXUn9sZSFDY7h XPdaZrwj6H9jTi1wUZvB8KgcPbXwE6CxDajTJxTTHHJmzwYB6ezY45pvb/CCa15e iH7c2pkgHzhQebUdRK1e8hI832u+7O2aic5oX4nHtoQYLpSOmXm8/xyfL+6Ma96D 4BowH3BysXi25p4Ta/q5OWXDFGqpACmhpeNamGZN2f3rdwCIE0T9ArLFRHFwZwdP /iC840AqlVwIrOoJ1mOD3Tx3HjzlnxCo/8MvNc/+m+Qe3NPjDU3sKpKJD00qPHLd B09MQjNlVx8cTS6lkze1futa0+kzPJAk8Z9Mykii2y6S73FC081u+03hYyEV3+On SdGEqjgjZY0StRmF3h3xHtrR/8fxEb/IVTAnwfaBMxaikuM/njV8d2bvxMBQllM0 eFd9I6hZYlsfs5TR5cu63O4YOpnrnsn2Dc/t5Ucja4dZ227NvGxjiDsEdhgX/fSu q8fqXnpW6r0Kl2LoUscaDSX6d0eWiWHyCDyuIG0vS335j+gcw0/bQcsVtZu/sK+W VDU7LlvkkMHdS+rxxDHIVyjKdbsTETe57GZLPgNcd8bZDettIenO408ymJao2WSc 0V9KiGNKHwH2r43l12pH5tXUw9qUNDTBOqfTtwP0cvTpZTRL3djwJRmrtCOyLT2+ 7UvecnUNQnYnOBWNAz6JrX2gqq8Opb+An8KkFVtDM6JJGi5It8+NoVwnMjYpkvNc TPmlJXCC4h889mo3bSkv74aArGihbNUfyoIkdUhuIThZgSWGy7ZY5Z3tRpUtWbu9 xGW77iSIwfilLEwUsB69MGBMWnrhElsazSYpZG+1KdufU0QCvbqLutsme1hMmgEX 8W4xfO5Bwsl5QhScQH/DKqHC2PFg/UxcuZ3KgwXPBCtrQjGSF9+XDOeZhZAVceFP OTxd+NMNjGeJYEZbaBLu2DYf2WGo1uTyLoFItz/dUDoZNPD+3dAR0y45fvGZfCHT RaPNWMAIBVdTZDi7ChO2gl/E8I3c3V/JnWCg2SSkpLFPEffTeHG3uNlLXQfN7wcn 7xFmjULsIXTCOyX+X4hE09QZuWXxHQ== =Xqjj -END PGP SIGNATURE-
Accepted chromium 79.0.3945.79-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 12 Dec 2019 04:36:09 + Source: chromium Architecture: source Version: 79.0.3945.79-1 Distribution: unstable Urgency: medium Maintainer: Debian Chromium Team Changed-By: Michael Gilbert Changes: chromium (79.0.3945.79-1) unstable; urgency=medium . * New upstream stable release. Checksums-Sha1: a291c33d06b10346d83e7b23d102ecd72defff9c 4188 chromium_79.0.3945.79-1.dsc 9ce3ca0de2fbbbda6518fd3666afc2e4ee00feb1 266958392 chromium_79.0.3945.79.orig.tar.xz bd6e01dbf47df5e3c29087fe3d66bd67841aa53c 188956 chromium_79.0.3945.79-1.debian.tar.xz ec5507f4ad36c4cbc06fa9031e7a8d707476ea09 21071 chromium_79.0.3945.79-1_source.buildinfo Checksums-Sha256: c2f507acc4065245b3fcae7f8e4af39966936d77b84493cf9decbc9196355ebc 4188 chromium_79.0.3945.79-1.dsc a55c4dc57411cdcf3ffbb6c45477fb98f86c284ab0aa2449b4daf7c40a34dcba 266958392 chromium_79.0.3945.79.orig.tar.xz 34d3e9f9f73459321182a42a7d46b719fecba48716cd7902b47e88116d6120ca 188956 chromium_79.0.3945.79-1.debian.tar.xz 0774d180799c8a20bfd16265bf47c2e54701a216777b66fb9152f931a1b2c842 21071 chromium_79.0.3945.79-1_source.buildinfo Files: 0174bcd025350c1414a4d3e749013b2f 4188 web optional chromium_79.0.3945.79-1.dsc 24708f5118ab6078f038cf16b4c806a6 266958392 web optional chromium_79.0.3945.79.orig.tar.xz 7d2480fbfea775cd534a52a3f4c38079 188956 web optional chromium_79.0.3945.79-1.debian.tar.xz 21aa090f89de7269c2a677c32b9e7484 21071 web optional chromium_79.0.3945.79-1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl3xztIACgkQmD40ZYkU ayhOVh/+JhjSgxraayAcnJZwMbtk6hLEtC+fLekmNdjRvZZO4ZeRoqv/bWPJM8Bm E4ykkfVZ2IZZ8HP+KTbHMEoFuS/enBonFMK50prDgkaofyNi/R88GAnnVEggvtug BRXQDtVgXDN5Zz4OzbybC4XQVK3gFVcymPAtrQUUmgkMSNaP87Xtn8iSnKhtz5nj bNzI1/rmxv8iiOfF86JxzoF7o5U0eYmWFKJgHpnf5pg5apk/4chj7lKhNthhrdwA nqOvzaUFbn2n1jvFCeTXTf8EjqR7My/ToC9F3SQmXBcFsvhCAhPI3JWXnuEYouz2 Mf/jKHlqJMsiM2K6LtQ1r/NhJaCe1ZIJkk76KDvCm9Wf7d1PgGm6vSao4awBtJAO 2yy5O9ySAdChM9WsfWBCvWyqjCxBt7lvg+TlhzUbmw2GEY1lpDL3Ky0WvMvACNgN 3ssFLG6xinB6MVQx23MjCZGfmkSV8VLB/VwCXBbXB39VnFOdxrX88pzvoLYimdLH 8jtLRhUAHqxS3cSZFBTKRRD8hOjBYH2y40lRFrREDXSbIP0rWHFBedocU+tTcRee v/wRKoroPLSPQTcTV1qF0UrvWqkCB0T61vaoETzNYu4M0mly32/dAZ21jrIHhBMZ C7x5JTCJp1Aq1OPC28n/IlLy0bMScljcG8hG563mb4UytikJRRhnI81hv2Po+/Lr nj7nUA/V5iEpwXM7ZVVtSCjYk2x7bNHzFfaf5xQHlc/LHIEoP7ub2yjiUOdk1ZNP eunCsIDAdfHSo3VazvJ9tflNQlOZB+4aw4e5MXSYHCx5TBz2MQHHxquHlVqJ77bK ZF42DOCHmKN5ZqPA0lR8IbqeveEbCOyBugpapEQj8VlniYMhN209Fg9DSsdd584d Di0RuhOeCT+5wYlJ0N+U1HOIzBuN5XFz2+3inBbDcb/yCkw0tlaWl7VPWxZX09TE bOXv+bek7R/P5p4fJ6Il7fnsbuCOrjQcHO5oS6D6Vl+aFXcYwrTCkjgsdSTvRqs9 5JtrB69sqjm6rxv6d2ITNnC/thCM2GmqHiCK+wEwTM0bzsH0BNk1fFDQ4spepk+B YMG9fi0bjP2y5FQyBo6Ks9WK6uVhxcut0jxM9jq+vsrKCFtk1BHkvtuwr6qS0ZhM K7EBWyu22/9qgOFuZeMXilPzPGZCO1pshKtbx6GK4gXW+PrDG/0T7UimAe6frpqU Dbl6KlWwuYVfhFWCiV7wIQz4z5xmYjLB3ubxBcZP4YbZPlfoHVUyuD1ujHqWs3GI zkNVhUkcrj5cRICsoHKxkdz4pwAzAmgBLvymPeoJE9Zutnk2p43imr27S7AsLPDK MclBhUj1GXQ0b6IVir8sDJX+goxFUg== =UrwP -END PGP SIGNATURE-
Accepted chromium 78.0.3904.108-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 22 Nov 2019 01:09:41 + Source: chromium Architecture: source Version: 78.0.3904.108-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Chromium Team Changed-By: Michael Gilbert Changes: chromium (78.0.3904.108-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li - CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li Checksums-Sha1: 27d2e56e85e80b71c1bd54533070a54aea604b37 4242 chromium_78.0.3904.108-1~deb10u1.dsc 777b4ef4cd47896115c266986d77d57ac78cb2a2 261632228 chromium_78.0.3904.108.orig.tar.xz 8e31dfcb04ed2bb23fe2d9a55007f2e843e99869 188236 chromium_78.0.3904.108-1~deb10u1.debian.tar.xz 740d21226b4929a2570eb704ed0b1e59eb4b8be6 21529 chromium_78.0.3904.108-1~deb10u1_source.buildinfo Checksums-Sha256: 3267c547b51ac70741f348662ac2955629b55060a12c13ea7597586c28d574f0 4242 chromium_78.0.3904.108-1~deb10u1.dsc 6538d15f4961d2f3ed18e0004231fd5e40b976d7807266dcd317f95c4e6d8d18 261632228 chromium_78.0.3904.108.orig.tar.xz 0aa640b83bb48948c9a930053f1876551db730a09b6c49acb83df01480126d5a 188236 chromium_78.0.3904.108-1~deb10u1.debian.tar.xz 1cc0b22c159010b3213b11ffb0c66c549dc0e37a709a9656febc041119b3538d 21529 chromium_78.0.3904.108-1~deb10u1_source.buildinfo Files: 47a55705a3eacc27a0423bdef3a1c8c7 4242 web optional chromium_78.0.3904.108-1~deb10u1.dsc 78553f8d90ea768263a9c5762ff53df9 261632228 web optional chromium_78.0.3904.108.orig.tar.xz 804d91d6f5ff92f0bb500499a9b82e8b 188236 web optional chromium_78.0.3904.108-1~deb10u1.debian.tar.xz 2560da48ec37597ae68e3d261b478c06 21529 web optional chromium_78.0.3904.108-1~deb10u1_source.buildinfo -BEGIN PGP SIGNATURE- iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAl3XlJMACgkQmD40ZYkU ayjnNiAA21Zlu+UADZShUuiAVLEZxTwU4QZdjRyS2V33oruK7qTPMRt0l+e7LIF3 EAZmgppR8mx5FpCN1pScw/x/R2mq2CqTiNMrPI6EXRqIg21Y7/omqM2kgAmN/D8P zsMhiXv3y+OW45vu1yFCfCrYmpJX39wltvt/Lzx8e0lJ8Um8qNO9RCtuC/Sz5L2V l2+MStrIuF9NusmB+LH6qD31QRmkTOvJityu5HN1GmgZHHdQztJl1WkAZzWwjCP2 4SkBH7duoUA0ZFnVdCrNv2Lm2TBbQTSY9gvhYiA4CQEGzA/DMXYC6IZISJwihfvp jUqsoiaWIvCgxAn+MujzaYPrfMZhVylRINnfElycof3gugyzny8SetZUdK6cVyYu 5PcmN47qmNi/B9Ny+SyOgoxEC65SXJVDUMRr79OMASV6FXcMXgCgwFgRCxzCMN8p AZGrKBfD0d8vaKYsAQ9bMzZ4M9Hu1NAEunrE82CY8ehGwtblXoWDAbLNtBiSIoZW GY5FJE2gHh4+NgrNRUIBKJOy6GwEucDdUe3v4RqsvciGT0TlcrRJN9BBXKk6vjnT 4DI0ciZ3h0CSZQLNVdrKrqlHMejuZUDvM4SAcu0GGUXic+snV6FykaDcW3qEYSat b/NCtrLyn5S/noJFq9Ira7Fog9E7Oyk7yafdFozj2cpPqb0+OiqkRh0PQdYaeGc+ TU6+srBLA/XxQfm9+pg6Z7SGHgnt5JoLig/obRgRObwP9X2yad6jaipO+c2P73yj +g9qQenJN1Bn/497YFHWTwfXkRaIGGJOh4f2hTnAYLNB0Nv3ssExduF+vvm2UKy9 bwZHXKtpTilT71yrPHWSC/v31pgb/zeosuvcuE23ZcVadZ8kVNjPV9xNgL8MyrTn l5nAq+wUT/Esh5uSE3wqMHok4ugGA/v+XCk84s1VepFKM/e84C+MZbthI5vxBu2z FbdZk0WM7b6nAxFxzsREtZhRzk5OZH6T1Kn96PXz74oNOqmpPOvPcOZ7Rbuqsoa/ Lyw0etaM56UuxEZH/RV7BqdbNw/CG/2HyzGejKZPiydU08mKsxEjBac7HwlAlHvh VrPM8pvTh0wJfw4bWKowN4BdHDvLVxPEnRACzM9ioZ1Kvs3jHB/pwFr16jasPnr9 pZCc1GQLSGUU8A9HXSr98/plV9VGLfPbIz4NH1OrkdzfybkGzTs3vKUWVdlwskzp ms8cEdo2Y2699YrtyOyeTPx5MO577AE7xQeOCdE+W2xleY4Co4Zr9MTuC8QmhPq0 jG/gXEvcKSjvuWbZUf/y7M9nbr6Jk+lKpba9k947bruQsfwUxjTa9/fVeROucPfd FSLSVCMFgfFoXkD0St0yFg2S3qqNWQ== =XdYB -END PGP SIGNATURE-
