-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 Sep 2022 14:14:44 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: armhf Version: 106.0.5249.61-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (106.0.5249.61-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. Checksums-Sha1: 96e6227ad154dd8fca89536d87c637cb2c019f48 1073288 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 7d874d29620781b3131da0c7609dc56d2e880f0f 4760908 chromium-common_106.0.5249.61-1~deb11u1_armhf.deb 31ca9ef74c84c3cf80d4de81f3f8d445b0f2e1b2 25779020 chromium-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb d543a7f067795791b76f6519f332f439a6bc36c4 5208472 chromium-driver_106.0.5249.61-1~deb11u1_armhf.deb 2fc207fefab59161878f21f573dd1cf6ac193bde 11152 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 1f70be7b7aa24bfb48ac7e4abe18776088879c39 126076 chromium-sandbox_106.0.5249.61-1~deb11u1_armhf.deb 3e67e90c7adee81c2ae2b3c7799f0e415b18677a 20926980 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb b1ec3acf3e2a31e32c0ef494955ae4934de8f8fd 41052220 chromium-shell_106.0.5249.61-1~deb11u1_armhf.deb 70c1c4d45da638b7e93754fe09e22aaa6633b846 23900 chromium_106.0.5249.61-1~deb11u1_armhf-buildd.buildinfo 114b07a1694af525ef490ff94561105c0fc6612d 59196764 chromium_106.0.5249.61-1~deb11u1_armhf.deb Checksums-Sha256: 712a7c00a555ab2b9851f52515432155de10e4fa984b90e199d3be5ec567d70a 1073288 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 378458718ed21529593dd543c531eb8d8bfce55c268efef2a3746330101e326e 4760908 chromium-common_106.0.5249.61-1~deb11u1_armhf.deb 72c388431ba632f2e11961ed0a8815312f63682aee3f5d3d59ba05795b5690d5 25779020 chromium-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb fd05265d26d082b328fc7516e7797defcc4f3562a199740b8aa90357b39984e5 5208472 chromium-driver_106.0.5249.61-1~deb11u1_armhf.deb 1c21e7e760300c195df8c3d16c2ea600a9fb8e8132462aaecd6520957e64c87e 11152 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb a976d5ddd7dc71cfc23cf885f74d6185c9d6cb4039e5d420002e53c56c32b79d 126076 chromium-sandbox_106.0.5249.61-1~deb11u1_armhf.deb 949eefb424d57a191ca830013f289912312b4a0dd39eb0669eb3cb35e7a8ebb5 20926980 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 12b4c48cf3e3ed12b4cc8044d15fe769ed56882553410c179185b5ececb71201 41052220 chromium-shell_106.0.5249.61-1~deb11u1_armhf.deb 59d2683457b605b2daba138890946c7a69898f50410774383590fbb0ef40d249 23900 chromium_106.0.5249.61-1~deb11u1_armhf-buildd.buildinfo e4d109b6ba7617b97f1003c0ca3f8fd29552ec77616726917bb612540c3867b5 59196764 chromium_106.0.5249.61-1~deb11u1_armhf.deb Files: 1a322e4c5aa8cbcdcf5bd2465bf19d7f 1073288 debug optional chromium-common-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 728f6df1670d32f3d0ec735cdd89260d 4760908 web optional chromium-common_106.0.5249.61-1~deb11u1_armhf.deb 188d1e1f1fb5ac431ce0143998780c51 25779020 debug optional chromium-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 3e8dfaec7d8a02a9dc2f084879476490 5208472 web optional chromium-driver_106.0.5249.61-1~deb11u1_armhf.deb b0d0bb26fda35fd634c7d42a6576ef00 11152 debug optional chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb ce50ec9821c5b1532e72173a26a0f37c 126076 web optional chromium-sandbox_106.0.5249.61-1~deb11u1_armhf.deb aad34e20afaf3422b46f492f7ecff071 20926980 debug optional chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_armhf.deb 0b84f46ffbf049a2354c9294644a15f2 41052220 web optional chromium-shell_106.0.5249.61-1~deb11u1_armhf.deb 4610277bbfa69d1a414667d954a87533 23900 web optional chromium_106.0.5249.61-1~deb11u1_armhf-buildd.buildinfo da9b39d440acdde42cd5dfb422baf5ec 59196764 web optional chromium_106.0.5249.61-1~deb11u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQFXxoklRUh1v2q+Cr4sS911++cFAmMz9lwACgkQCr4sS911 ++eX5w//ZzjwTsyNwQY4XcwKx9XnLcn3CjkgkYaN7k/B8jCXeKhiHUZlp+L0neOW V5/GvTSAkKSxD+wIJBCdqDpKmd5BfzspH4qpYF6qfHLiWdJpFVSKo65hFkR25qqv hXidphY6EnUPyQqnz55fGp/SmMekOlsMuNPboe9jCyeUkbBb5S7K5Wf1CitJlwWu p0MBsHnUo2d9qtp0uAVndNEuMxkTrWOcf5/AI1Wdt73mhrA5Y7OjoKwDHn//cRI0 9IoFfYqrfTL7saIV3tdl3rVy6c9wnh/+qAohOwCiKmO/oGpZ5fCyQtVvzvTLxfxu PkVRx6RNGylL/ZoxS1gm4rmDxsOxf7zrj2wqzxgNksgrLwhDb17zGl+PNg/QgkhQ J7yjVXfWzs6UwCksVvnW2nd+rhto7uHjXUmh7Sc0ZSmd2hcHR9c1az0FthgefDUb TMCmVztFPkKrU/6z8/aN3bNVTGYywectj3UG09EKCtCqv4Ky8kKcO4p364xANqND fzK8vOBTW1Omtp370dNZtUz1qTpmwfm7d3Yy3KpzMnGfPP71O46HAGXK5dVaHZVM x5lBGc+3Djh7rOX8feDqSuZsAy8iVZ0od6kh+8AoTkAZTlE7/1tvdE1DJrZLfcOT P2/nf+B2UcFdH7ufbly1szybeDSNA7UpS0ftK9ycMRcxq2agADc= =LZpX -----END PGP SIGNATURE-----