Your message dated Mon, 15 Mar 2021 15:49:18 +
with message-id
and subject line Bug#985142: fixed in chromium 89.0.4389.90-1
has caused the Debian Bug report #985142,
regarding chromium: CVE-2021-21193 (RCE) in Blink
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
985142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 89.0.4389.82-1
Severity: grave
Tags: upstream security
Justification: user security hole
X-Debbugs-Cc: aeru...@aerusso.net, Debian Security Team
Per [1] (or [2], and allegedly [3] which I cannot access):
> A use after free security issue was found in the Blink component of the
> Chromium browser before version 89.0.4389.90. Google is aware of reports
> that an exploit for this issue exists in the wild.
Does this also affect libqt5webengine5? I know that its upstream derives
in part from the Chromium source tree.
Antonio
[1]
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
[2] https://security.archlinux.org/CVE-2021-21193
[3] https://crbug.com/1186287
OpenPGP_0xB01C53D5DED4A4EE.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 89.0.4389.90-1
Done: Michel Le Bihan
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 985...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michel Le Bihan (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 15 Mar 2021 12:57:00 +0100
Source: chromium
Architecture: source
Version: 89.0.4389.90-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team
Changed-By: Michel Le Bihan
Closes: 984926 985142 985271
Changes:
chromium (89.0.4389.90-1) unstable; urgency=medium
.
* New upstream security release (closes: #985271).
- CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame
- CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21193: Use after free in Blink. Reported by Anonymous
(closes: #985142)
* Fix build with libvpx 1.7.0 and libicu63 (closes: #984926).
* Change debian/rules to not leave debian/scripts/mk-origtargz
Checksums-Sha1:
aafb466a863c483b9bca0499e4cf10ca635941cd 3639 chromium_89.0.4389.90-1.dsc
e3617eeddf4ff5b4c3cf1c2f25a1efc1a9fc990f 427206432
chromium_89.0.4389.90.orig.tar.xz
cd245ccd72a533631949406a0fda536fe6697bb5 210592
chromium_89.0.4389.90-1.debian.tar.xz
9e0ecf51d18d414eb6582c483e48f14f6101d7c6 14738
chromium_89.0.4389.90-1_source.buildinfo
Checksums-Sha256:
512d90f02e6af04019a9271180a49ef9f5690b1fe2db2f25c69d99ae00e647c0 3639
chromium_89.0.4389.90-1.dsc
c0b9f344749d43cb700d771d3d4c7f041186acc264d779bd8157e98d9aff68f5 427206432
chromium_89.0.4389.90.orig.tar.xz
67a129dc9112ce92a1498da370f8c9b3c470835e442ed3a51c0619c2d219ef7c 210592
chromium_89.0.4389.90-1.debian.tar.xz
823a040fb48861ca2e37c7fe1a0132763fd46f3d8c2407a1840a7dff005a18c8 14738
chromium_89.0.4389.90-1_source.buildinfo
Files:
242ea3437490fbbf08f1e8ae8fa2ecb8 3639 web optional chromium_89.0.4389.90-1.dsc
e73b69040e219e40d8e9f89119e554b2 427206432 web optional
chromium_89.0.4389.90.orig.tar.xz
b1bdf4b7144ccca1bb85dd801260bbfe 210592 web optional
chromium_89.0.4389.90-1.debian.tar.xz
9a3a3f838e1987ff2db5fe8d1f804ced 14738 web optional
chromium_89.0.4389.90-1_source.buildinfo
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBPfv8ACgkQCBa54Yx2
K629Jg/9EC4ir4Ds408AAbaunD/APqi9X/G3kRAd6nBIPz7Pw8lll9ESCxuFKTt+
hf8rbPb9OQISYX5tSQSt1OtqqiDldFBXgQEPr/Eo7VwqD7it5kynpBUruLs54VKe
9lp7AiyIfXQU0O90dB8nPGCh8Mwyau5FYN4V9Dxn2n6qYinahYnUnLBEb+yi6L9F
2pTwxhb0JkwpHJF3y21k6H8VoPrxQUMwkl5Yix6R9OsItyfDX1daUB94rjZwWD5w
1CAOqPitIsc7xKl8zOlCjeXoDuf61AZqfbHr/KpbGxkvsiTT08WXBfA
