-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 Sep 2022 14:14:44 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 106.0.5249.61-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (106.0.5249.61-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. Checksums-Sha1: 93e749529073acc7ef88453629a5ba19d2c83175 1016936 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 8b96211641e0720a1f349570723e8e598893055b 4837524 chromium-common_106.0.5249.61-1~deb11u1_amd64.deb c7c0a0eb9e580de1b8a9b628d42c519c7409ddcb 27683380 chromium-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 0bd375a35bbacff31dd579a2c19f9f9578634655 5061748 chromium-driver_106.0.5249.61-1~deb11u1_amd64.deb cccb71995655173fdc30e4fcf3822563c4739046 12236 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 697f20446aca5cfdf825dfae57eb2b0af28a5aad 126624 chromium-sandbox_106.0.5249.61-1~deb11u1_amd64.deb 168615c957e4ce73c5a04ec11335e64cfba7e6d8 23979756 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 50ac5e34da364e0d2b927c1c1ce55ae4547c143b 45842452 chromium-shell_106.0.5249.61-1~deb11u1_amd64.deb d8dd39d411e0ae45e0763eb17d41c4929bf78db7 23988 chromium_106.0.5249.61-1~deb11u1_amd64-buildd.buildinfo b1342902146242545ddd0a3a8a279fcfccc2e96f 65344492 chromium_106.0.5249.61-1~deb11u1_amd64.deb Checksums-Sha256: 93e68c2d8ce4034c6db0b1fe64ae7dfba58559afd4d8e94b6b01d8f01324488b 1016936 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb b97c5c61fc68161789740b7a524020d2d5c7be9ab39299e323944796a253e4cc 4837524 chromium-common_106.0.5249.61-1~deb11u1_amd64.deb 896001c183fdcc5ce52bc42b49e0cb449917c4c974406c861000b34527084ca0 27683380 chromium-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb e73dc3561f285ae04f436022c1efaed328a47aa8f1e346fa41179b5e50915664 5061748 chromium-driver_106.0.5249.61-1~deb11u1_amd64.deb 26bd5147ef563bb4fad5a77d9023f7d80e2261561f597f4d75b298ffd3539c31 12236 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 3df85883e34e42c49fa117c7751a89aad3bf072f9b6f3ba8ec616a9d68f23129 126624 chromium-sandbox_106.0.5249.61-1~deb11u1_amd64.deb 97157a4c3c43ea1e097281b22a06b2b595202e0dbe659566d2672df82632afab 23979756 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 9c9a1a40a7341b775bbbe0f14a29e9062c89d1079890bec8ba6a6abb8b50f050 45842452 chromium-shell_106.0.5249.61-1~deb11u1_amd64.deb 14eaff0e19817a9493f3b6d7d1cae66cfcf5b311dbe3394dd00caeb873f88ed9 23988 chromium_106.0.5249.61-1~deb11u1_amd64-buildd.buildinfo 4a19b19fb4757e7bf4f23f983b4cd6023d9b6faebfee4a8581629e58c7bc778e 65344492 chromium_106.0.5249.61-1~deb11u1_amd64.deb Files: f8eb7abe58f3a4e7e046022c134ed9a5 1016936 debug optional chromium-common-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 9be71fad69c9769785c1351dc09f9ecc 4837524 web optional chromium-common_106.0.5249.61-1~deb11u1_amd64.deb bd15c1f1cbb5bfe3d8b68ed8417e4e0d 27683380 debug optional chromium-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb a9c3d86c8344292d01d9c1a376592f22 5061748 web optional chromium-driver_106.0.5249.61-1~deb11u1_amd64.deb 27916d8c3da272bfb1786e8ff5e37757 12236 debug optional chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 6599f40f1cbe18337f248e3d0a5c73d4 126624 web optional chromium-sandbox_106.0.5249.61-1~deb11u1_amd64.deb 070540bfd2fa051ef25a0a100e7f6660 23979756 debug optional chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_amd64.deb 1f7fe7bd69654f2dbbbdbe39baf15af5 45842452 web optional chromium-shell_106.0.5249.61-1~deb11u1_amd64.deb df35f473d4774ae68c3119e6827079b2 23988 web optional chromium_106.0.5249.61-1~deb11u1_amd64-buildd.buildinfo 36ce39a22e8500a8334bb47e9d290c32 65344492 web optional chromium_106.0.5249.61-1~deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHhnKQNkF1LuwA8CntGhFlQFFlWsFAmMzuioACgkQtGhFlQFF lWv9VRAAsdURBwRHP+dpVOAEpr/KvW/vbJ0nE1jENX+oEmnyC1abSiX0vlVVfcjH lkeY95yHMQPEDAH76r77kii/scmT4QlX6Era5GFr/+TBbEygJhD5uUxLOJHLUs+g 28ONsoRbOwJTBdVaNuVHF6F5XzAGB/sAQI+tytFI7Q9NBle8qk+IujkgdiG68my9 GbTViEPujJST7+5nIq2y1bIKMFgezomWi/c9oQis7kZ6ARqBexndAH1rxTlZtCNZ kkhYgpHXmETrkHXlA1vtvpOMs751WX01AVPnjOPFj0dwl5N4PbnEr1o428xXeeFW q0C+YhWqheNiCfVN87Kyk5kAQEE6hX8Q0tQtqcc9ccsWZLSK4v+W+4VfSBDOiYal dbRc4VCDn3Gi8ZCPSvLB2gRH+DwLBrd8Z1gFYaGkw6FqCotjy9B37Tjn3yub/NjT 17+Gx06gCAm2CMugMbaUx0JJrwHnOIrsDnwwJoVsTgR6w9xPLW6iv5mLbEZurQKu 3OBE8InZaNe5T1zkFJIdGCI6sGELtVc67ATgEp7VQrcE7YMK9Fp8Ac+ktPSBPjBJ AZYak7qA0yX/kXC/CrKliMbZbF5qcqnDB69nknrnQRkVQoelpntXq4P8WsBKtYpv XXQxBmDp5b7ULsbs1+A0TP9Tcly2QIdp0Jp7AySn2fWsll2ZbsY= =AP0U -----END PGP SIGNATURE-----