Bug#979520: marked as done (chromium: Security upgrade to version 87.0.4280.141)

Sat, 16 Jan 2021 11:06:15 -0800 

Your message dated Sat, 16 Jan 2021 19:02:09 +0000
with message-id <e1l0qpt-000ftx...@fasolo.debian.org>
and subject line Bug#979520: fixed in chromium 87.0.4280.141-0.1~deb10u1
has caused the Debian Bug report #979520,
regarding chromium: Security upgrade to version 87.0.4280.141
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
979520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: chromium
Version: 87.0.4280.88-0.4
Severity: normal
X-Debbugs-Cc: sedat.di...@gmail.com

Dear Maintainer,

there is a security fixed version 87.0.4280.141 of chrome available.

Can you please provide an adapted chromium package.

Thanks in advance.

Regards,
- Sedat -

[1] 
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (99, 'buildd-unstable'), (99, 
'buildd-experimental'), (99, 'experimental'), (99, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.11.0-rc2-5-amd64-clang11-cfi (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chromium depends on:
ii  chromium-common      87.0.4280.88-0.4
ii  libasound2           1.2.4-1.1
ii  libatk-bridge2.0-0   2.38.0-1
ii  libatk1.0-0          2.36.0-2
ii  libatomic1           10.2.1-3
ii  libatspi2.0-0        2.38.0-2
ii  libavcodec58         7:4.3.1-5
ii  libavformat58        7:4.3.1-5
ii  libavutil56          7:4.3.1-5
ii  libc6                2.31-9
ii  libcairo2            1.16.0-5
ii  libcups2             2.3.3op1-4
ii  libdbus-1-3          1.12.20-1
ii  libdrm2              2.4.103-2
ii  libevent-2.1-7       2.1.12-stable-1
ii  libexpat1            2.2.10-1
ii  libflac8             1.3.3-2
ii  libfontconfig1       2.13.1-4.2
ii  libfreetype6         2.10.4+dfsg-1
ii  libgbm1              20.3.2-1
ii  libgcc-s1            10.2.1-3
ii  libgdk-pixbuf-2.0-0  2.42.2+dfsg-1
ii  libglib2.0-0         2.66.4-1
ii  libgtk-3-0           3.24.24-1
ii  libharfbuzz0b        2.6.7-1
ii  libicu67             67.1-5
ii  libjpeg62-turbo      1:2.0.5-2
ii  libjsoncpp24         1.9.4-4
ii  liblcms2-2           2.9-4+b1
ii  libminizip1          1.1-8+b1
ii  libnspr4             2:4.29-1
ii  libnss3              2:3.60-1
ii  libopenjp2-7         2.3.1-1
ii  libopus0             1.3.1-0.1
ii  libpango-1.0-0       1.46.2-3
ii  libpangocairo-1.0-0  1.46.2-3
ii  libpng16-16          1.6.37-3
ii  libpulse0            13.0-5
ii  libre2-9             20201101+dfsg-2
ii  libsnappy1v5         1.1.8-1
ii  libstdc++6           10.2.1-3
ii  libwebp6             0.6.1-2+b1
ii  libwebpdemux2        0.6.1-2+b1
ii  libwebpmux3          0.6.1-2+b1
ii  libx11-6             2:1.7.0-1
ii  libx11-xcb1          2:1.7.0-1
ii  libxcb1              1.14-2.1
ii  libxcomposite1       1:0.4.5-1
ii  libxdamage1          1:1.1.5-2
ii  libxext6             2:1.3.3-1.1
ii  libxfixes3           1:5.0.3-2
ii  libxml2              2.9.10+dfsg-6.3+b1
ii  libxrandr2           2:1.5.1-1
ii  libxslt1.1           1.1.34-4
ii  zlib1g               1:1.2.11.dfsg-2

Versions of packages chromium recommends:
ii  chromium-sandbox  87.0.4280.88-0.4

Versions of packages chromium suggests:
pn  chromium-driver  <none>
ii  chromium-l10n    87.0.4280.88-0.4
pn  chromium-shell   <none>

Versions of packages chromium-common depends on:
ii  libc6       2.31-9
ii  libstdc++6  10.2.1-3
ii  libx11-6    2:1.7.0-1
ii  libxext6    2:1.3.3-1.1
ii  x11-utils   7.7+5
ii  xdg-utils   1.1.3-2
ii  zlib1g      1:1.2.11.dfsg-2

Versions of packages chromium-common recommends:
ii  chromium-sandbox                        87.0.4280.88-0.4
ii  fonts-liberation                        1:1.07.4-11
ii  gnome-shell [notification-daemon]       3.38.2-1
ii  libgl1-mesa-dri                         20.3.2-1
ii  libu2f-udev                             1.1.10-1.1
ii  notification-daemon                     3.20.0-4
ii  plasma-workspace [notification-daemon]  4:5.20.5-1
ii  system-config-printer                   1.5.13-1
ii  upower                                  0.99.11-2

Versions of packages chromium-sandbox depends on:
ii  libc6  2.31-9

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: chromium
Source-Version: 87.0.4280.141-0.1~deb10u1
Done: Jan Luca Naumann <j.naum...@fu-berlin.de>

We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Luca Naumann <j.naum...@fu-berlin.de> (supplier of updated chromium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 Jan 2021 17:04:13 +0100
Source: chromium
Architecture: source
Version: 87.0.4280.141-0.1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Jan Luca Naumann <j.naum...@fu-berlin.de>
Closes: 979135 979520
Changes:
 chromium (87.0.4280.141-0.1~deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * New upstream security release (closes: 979520).
     - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang
       @Krace from Codesafe Team of Legendsec at Qi'anxin Group
     - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang
       Gong of 360 Alpha Lab
     - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous
     - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by
       Alesandro Ortiz
     - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee
       @ashuu_lee of Raon Whitehat
     - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu
     - CVE-2020-16043: Insufficient data validation in networking. Reported by
       Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis
     - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub
       Security Lab
     - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu
       @P4nda20371774 of Tencent Security Xuanwu Lab
     - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and
       Guang Gong of 360 Alpha Lab
     - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison
       Huffman, Microsoft Browser Vulnerability Research
   * Use desktop gl implementation as default. (closes: 979135)
Checksums-Sha1:
 20283425af744575e71c221b5868c8ceb55fa6cc 3608 
chromium_87.0.4280.141-0.1~deb10u1.dsc
 ef2fa29cf9558fc0afbd7791ea6ee8ef73ac37af 393840792 
chromium_87.0.4280.141.orig.tar.xz
 ea3f1e325cd767960b111a4b7991913cb1e34956 190032 
chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz
 692f96e5a8b5ed229a3e4db06a9f0bf6fd6c3ed2 14897 
chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo
Checksums-Sha256:
 66e5c7de3b32da717e59f92ff98b4c5f4c2f89ad88c289b29229d9030dbe1579 3608 
chromium_87.0.4280.141-0.1~deb10u1.dsc
 577a92da6e3caacd22b0b2aedc9dc7e895652f54ec3e0f615457357be099b2ae 393840792 
chromium_87.0.4280.141.orig.tar.xz
 b3c314153aa1e99b6d56fe642cd849182adc29c911256d122b9154147ae86e84 190032 
chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz
 19389ede5dfb4e869f7f75e29c32db52b9695a03e22a6a0a2b97268d6e094192 14897 
chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo
Files:
 b4081d34b6e8314279a02c4e691308a2 3608 web optional 
chromium_87.0.4280.141-0.1~deb10u1.dsc
 c7f87e38af9193a5889c48e7922ac5a0 393840792 web optional 
chromium_87.0.4280.141.orig.tar.xz
 1945a0f23f04c8ebeb64be8cfed8f4cd 190032 web optional 
chromium_87.0.4280.141-0.1~deb10u1.debian.tar.xz
 0578b84ec013fcc2fb86662f3995b647 14897 web optional 
chromium_87.0.4280.141-0.1~deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAl/9sTIACgkQCBa54Yx2
K63dmQ/+IOCzeFfUyJ6yJmnCPHE4wlHH1dB93/+4pN6L4fo/smmkudXyujRmDKH5
p5KcXIxGwosynAmDYz7NsLfh1K6ESVnUhwXHpCZH8fREjqPDe6X6P4qC3HYFZ2t+
+6yyDuz2owzwOmNpwn0dGK7MsCOsB2OneYSVCYjy4qKA4DZigB6S8//G4H+iq/uA
s9pJRKjCmmho9PrsN10r1QrsOizU3GBnT8myK+vtjKB9vFMkjCne58SKV2kXG/lf
pXOPmUze1r+2SlYm0eA9vs2lpzb70oJQas2WnvIwuW6OpHogSGybuT3hoOTR8pDF
LivsZz7UZOP4eWbhxhjLuJbyXZ+XM6/6lxP1NW1PlY+scoWcpr19vSOJecGPP0/b
21wjCGaFGA04M/ab4/Ubx8BhIWtqprc7ineKkz7QO5prd3TN/qkzVnaP/yLzs4vv
H9CO/20ebYqoTAgJT9nP/vCDKZ22mBN1NeCUPt/84qdO/AoXmibJGMGIsexYUGKR
t4+xg3vstUagEvRYoz1mIhYy8V+ID76jWsek/m5I1d0NZBNRCSmwq9w0W/hA1fYB
iWQa/kny3QLEEco0ul5reKkN5ZK9zNzaix20qoHJttJFp0lRi2ywJtZcpOqMh+TQ
mH5dZHaOuKYbjNG7ghqjn9HCKb1DeeCZFSe75Rs7PaSxyLYK840=
=IEn2
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to