-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 Sep 2022 14:14:44 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: i386 Version: 106.0.5249.61-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (106.0.5249.61-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. Checksums-Sha1: ac8ab6baf8a842abb44f0a8e03cc7bf393bc8948 965280 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_i386.deb fa6b6eaa80da9b811b51a1b590b3a8c623823b10 4832328 chromium-common_106.0.5249.61-1~deb11u1_i386.deb 0395a2fc44c89489811101db0c99dfc22492ad30 25217268 chromium-dbgsym_106.0.5249.61-1~deb11u1_i386.deb c9d597344b84299eec1d21ae87a7b021ab6d3b13 5662884 chromium-driver_106.0.5249.61-1~deb11u1_i386.deb 7f10f5cb83842025d7dfc4e342fee52efe40a01a 11668 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 3da25a55c5ec3bb8c7e8eafa2dc235d29a3ea909 126500 chromium-sandbox_106.0.5249.61-1~deb11u1_i386.deb 1779350106791fb512ece5121926dbd690371103 21496208 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 2818ce92b48778bd7603dc3a8fc57670f5b3d014 46115568 chromium-shell_106.0.5249.61-1~deb11u1_i386.deb 20420dc73855f1ccac9cda09721e5553576e5541 23953 chromium_106.0.5249.61-1~deb11u1_i386-buildd.buildinfo dbd6f70e18b65faf45c5bde6845c7ee399978777 66270544 chromium_106.0.5249.61-1~deb11u1_i386.deb Checksums-Sha256: 8f5a9252bad7cfa86c7414a23041e81f17212c6e1cc432dcbccabcf18a668887 965280 chromium-common-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 8817bf62df744e5f6ec014e4169ce97eb407054c86f647b7890dfeb39933fa81 4832328 chromium-common_106.0.5249.61-1~deb11u1_i386.deb be106e7df8b7b4ab5cc439f99157b5662f9309a7a3c641e082f060e38838e693 25217268 chromium-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 249404e3c24f71533980e17e316410578357450aab20b46b734dc68a5f5f0607 5662884 chromium-driver_106.0.5249.61-1~deb11u1_i386.deb a6bc7c464cc1ed4195c44878c92d218a8d80132a02ba63835199f5e9b26825e7 11668 chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 36469440908d0aa169208244f67ce9a5257a2c37861f53e9457e902610c38144 126500 chromium-sandbox_106.0.5249.61-1~deb11u1_i386.deb 7942216628a6a720221aa5a56516fab8280d34bf68f59dbc68cccc7a646e9c3e 21496208 chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 3944f9dc166634e607e60e769a6fd0e95c2777a5a1a3bcc53ad7c4e22f0d7c27 46115568 chromium-shell_106.0.5249.61-1~deb11u1_i386.deb 56c459b9c6d9702c6de5ac4ce64cefd26ff4f6e5d661f2b4f1a32392a49ca445 23953 chromium_106.0.5249.61-1~deb11u1_i386-buildd.buildinfo adcf86914175415cae05821c8cb7311f657e6e8f357c891fd9fcbec372797d7c 66270544 chromium_106.0.5249.61-1~deb11u1_i386.deb Files: 180827cada28162abd09a359c676f798 965280 debug optional chromium-common-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 48e256fca7b48f66b875940c0517e028 4832328 web optional chromium-common_106.0.5249.61-1~deb11u1_i386.deb 7121010ae1056d9b18c4444ed587e111 25217268 debug optional chromium-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 7b22fa3edaebc343489d36ffaa98174b 5662884 web optional chromium-driver_106.0.5249.61-1~deb11u1_i386.deb 1af9678175d4f2f7a8e99ffb48de93f5 11668 debug optional chromium-sandbox-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 67e3acc5058e6859d41451e5863aac1c 126500 web optional chromium-sandbox_106.0.5249.61-1~deb11u1_i386.deb f298c066a7cd285b90cb211c83df28bc 21496208 debug optional chromium-shell-dbgsym_106.0.5249.61-1~deb11u1_i386.deb 427ce174a2ffa8860b94c1049a3bd75c 46115568 web optional chromium-shell_106.0.5249.61-1~deb11u1_i386.deb 7f5b8ce991efe89c52baec7a4eaa3c6d 23953 web optional chromium_106.0.5249.61-1~deb11u1_i386-buildd.buildinfo 4cf377accb810f1cbff833100ef43f18 66270544 web optional chromium_106.0.5249.61-1~deb11u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2q+i4qaoTi/nmbi10RfxDyMLhSIFAmM0BkUACgkQ0RfxDyML hSLW2Q//Y2RS9E/JGO7o92Qa/5hKMWApYYQR09uyVM0mfOkCHvonYNfiJsPNr08a bhy5+bZwihmK0+pQ+kRQoXFg//dgwqtkCMB0KBkIScmO+tFjC+hkfn5dHJ/KlCkH JrAU0YI/n27V+SJmOcnNAfz0DW4NurJCtHxOHBpwTe3Rxzs7aU7SLSjHAdQugtQ4 0Y22YfGeRbVYGK+1BtORQ2NI7Fgl4X61SPdMh85X3UXONqgc4OgL3Q0PnEwqktLY qHhMvDw8jjqXQ6a35zF0N6XjviqXg7KCAqa4MDy/mATV+15Bpu46y5KV6QXuk356 avqG2CF3REcPYSZHtAO9VxHXSSriuugH09C7755YyiZNXcAnSqbgF2sMjTn629P/ XHKJtlC+XpxVW0YPlcbJ7bZaaviXOvjTyCh6aJCso7rJjWu/LBp0eZ2I6pIqM0L5 PEcZq91oBMY+GOulU4qDg7TuouvXHhlnurRoUJMxcQRxmo73GxB/Bl9pkOXVl3Oi hQG0PqcoUt1dpNAfii45fjeg7zaam/yfc0ngUBB8h2Y7IEIqO1qOyi2F5x/aygS/ S5z8c5MaS+K+C+LKWtavg3iJXUylotipSBUoWq6r6AnyyPbnJQsr+Nj7wL5Ku+vz MiwESVpPzsXIyKnPiGIKWvC4ntDivQUyGT1DJxxrM+C6qhbEEWs= =bvOS -----END PGP SIGNATURE-----