Changelog
chromium (107.0.5304.68-1) unstable; urgency=high
* New upstream stable release.
- CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at
S.S.L Team.
- CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park
(SeHwa).
- CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of
Google Project Zero.
- CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by
koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2022-3656: Insufficient data validation in File System. Reported by
Ron Masas, Imperva.
- CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari,
Talon Cyber Security.
- CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported
by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research
Institute.
- CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel.
- CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported
by Irvan Kurniawan (sourc7).
- CVE-2022-3661: Insufficient data validation in Extensions. Reported by
Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University.
* Disable building against QT5 (for now).
https://groups.google.com/a/chromium.org/g/chromium-packagers/c/-2VGexQAK6w
* debian/copyright:
- delete third_party/dawn/tools/golang binaries.
* debian/patches:
- upstream/armhf-ftbfs.patch: drop, merged upstream.
- upstream/fix-nullptr-qual.patch: drop, merged upstream.
- disable/catapult.patch: delete add'l blink reference to catapult.
- bullseye/clang13.patch: refresh for minor upstream changes.
- ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
- disable/clang-version-check.patch: added to fix build failure. Needs
to go upstream.
- ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch:
drop, upstream skia stopped using clang::musttail.
- upstream/re-fix-tflite.patch: re-add a build fix that upstream lost.
[ Timothy Pearson ]
* regenerate libaom configuration on ppc64el systems.
-- Andres Salomon <email address hidden> Tue, 25 Oct 2022 17:40:14 -0400