-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 Sep 2022 14:14:44 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: arm64 Version: 106.0.5249.61-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (106.0.5249.61-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. Checksums-Sha1: c721468079fedb30e7d43625204ac67d7e2c9822 1042108 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 083316ef0dca1b11f8596d28dbd09e07d40eff93 4682112 chromium-common_106.0.5249.61-1~deb11u1_arm64.deb 7c00c00cd38d09fba3d8bea3d80caa917c9f31ba 26124992 chromium-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 44b59020cc53c920f49df367d9f724e740c4b5fb 4581680 chromium-driver_106.0.5249.61-1~deb11u1_arm64.deb 3721665387459c640b116089afe9af8011879819 12320 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb d8046c9ef265d813382b088d4f8778d678f04122 126392 chromium-sandbox_106.0.5249.61-1~deb11u1_arm64.deb bf24f3a82e8994b0a4918215e998f64e470e5a48 21662844 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb c441db3517d11be0fe26900cef6c940e134ab91d 39991784 chromium-shell_106.0.5249.61-1~deb11u1_arm64.deb f6ada9ace7e11940fcd2e79ebb1d0320a80453c2 23909 chromium_106.0.5249.61-1~deb11u1_arm64-buildd.buildinfo 8fe0c06233b64ae509fa149ae1f8df2fa46d7fd1 57536856 chromium_106.0.5249.61-1~deb11u1_arm64.deb Checksums-Sha256: 9901e8e9498080366319dc7b1fe351cbdb7d004202ffaba1acb7128d5e1f6b3f 1042108 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 7a72df92cc99598051ee08f17b9a6f810e7e5c45f910e63d83de2677a4603322 4682112 chromium-common_106.0.5249.61-1~deb11u1_arm64.deb e756343f36a8346e0ee3b46831de713ff7c2fa7ea482c1e10010a4337610cffa 26124992 chromium-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 677573bae7fd567fe707e7d7652502aceaf24d50cbbd1890fa51dca58bf00703 4581680 chromium-driver_106.0.5249.61-1~deb11u1_arm64.deb 1cfa4b6973d08832a28d81ff5ef30f2c09fb9b73dd04fd29f25a4e0d3e197d9e 12320 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb bd60568cfdd4e8bde64792f3f31845deeed1a16c752fd60d4550ca1e5fa57682 126392 chromium-sandbox_106.0.5249.61-1~deb11u1_arm64.deb 565817b02f7a0198fbe8f91f38590e3cd6e416c27e793806f54fe0b45b9bf230 21662844 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 06cd01b5482744d478e69ffeeea146525f4d74b5f5d22d9689c673ec6dc2894c 39991784 chromium-shell_106.0.5249.61-1~deb11u1_arm64.deb b2c2776055d87103408f98fddf05456a38c15e92f01a4f911b3ba7c99d036f94 23909 chromium_106.0.5249.61-1~deb11u1_arm64-buildd.buildinfo cfd8037a59e60e99c28241a628b2bc6351733d98b4f8b86df887ad79fc299f71 57536856 chromium_106.0.5249.61-1~deb11u1_arm64.deb Files: 51bd2e2d7a7c5fc1be38c3fe854e06f4 1042108 debug optional chromium-common-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 1b8381d88b1efe1e442da1c8ff2324e9 4682112 web optional chromium-common_106.0.5249.61-1~deb11u1_arm64.deb 7df2e552ea13d2eeda0a3d4a033c4a0e 26124992 debug optional chromium-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb acd889a60fffe473931b4fc926b2e30f 4581680 web optional chromium-driver_106.0.5249.61-1~deb11u1_arm64.deb c73949b0a6cc54ec3501c17dc2d100c5 12320 debug optional chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb 49ce2bdd599d33fa98fffd4f65ce053a 126392 web optional chromium-sandbox_106.0.5249.61-1~deb11u1_arm64.deb 2acb51ca8eaeff361e619045c1d7446f 21662844 debug optional chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_arm64.deb ee98e06b1ef05bc2c6e6875a93f9c610 39991784 web optional chromium-shell_106.0.5249.61-1~deb11u1_arm64.deb 1db08c84b6e53799b3ddf974bcead3e3 23909 web optional chromium_106.0.5249.61-1~deb11u1_arm64-buildd.buildinfo f6d64c5c453a750054a8302f85984da0 57536856 web optional chromium_106.0.5249.61-1~deb11u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEESci2tuHVjnVg+JfKML9+8CeT6cYFAmM09OgACgkQML9+8CeT 6cbrBw//fVoDD2KfBCmSVkgMl0TgSZ3V4SeJg3zqJiiMM47EuZcQduqcPziYPKn4 IC5cnqs5TRgMI4umAVAxWDFnzn1f76xV+ZVs5to0/73ic/N8SPCIRQGuUE/VHLCG 2JGWBWsKEy0W70MOp6zPaf09syN8c4pDqwVXvKBvL06ZfIaOptu24dU36b+LGix5 BJesKffxabCuKugH5kE/h40IB7LhtEMjHCkfZSQL+nCLav5kCmZrXpaNFp7dDUuT CDT/TqnGnUxSghxLCC34TNiVns8WJmEH+YTyjaB5+OC3dtlSX5U8xvZWu/qk7TOx 5l+5SCpI3eHSaJP0NXoBHZE/iuHziZF+dE5ZuOUmf+oZvw0Gb2I/TiFoXAl7GNWI 9NanJpoWWkIcmkzsm+Fh2jAljII9TRNpADCZILUwz6XEri+qDlvKukAp1zZUIhXZ Ibo1ii7Dh05QYMTATCwRetM1P5Kqrw+Z8y67n0xmXzr8a9D2uh54C21Q8Vv2xu5s 0CqqMX8kmh5xaGfBJFDs9rzV6QlSaSEtYyn3aV6ETwV2tAYSi9qDecJL43LLWT+C /mE5mIPmsKQQotLQu4GUGGTrDv/nEuvE49/9cPpKaTwkqHpojum6sR3GIT1mHAXI OMZwNX8MPtSrTbtmUxJt6rZXQUDTue/Pn6h3lXwgC8Fs8bLYQhc= =CGpe -----END PGP SIGNATURE-----