Debian
chromium package

chromium 99.0.4844.51-1 source package in Debian

Changelog

chromium (99.0.4844.51-1) unstable; urgency=high

  * Embed harfbuzz instead of using the system harfbuzz. Debian doesn't
    yet package harfbuzz-subset (see #988781). Once it is packaged, we
    can go back to using it.
  * Build against Debian's rapidjson-dev package instead of ANGLE's
    bundled rapidjson.
  * Adjust patches:
    + system/harfbuzz.patch - drop, we're using bundled harfbuzz now.
    + upstream/quiche-include.patch - drop, merged upstream.
    + upstream/restrict.patch - drop, merged upstream.
    + upstream/sequence-point.patch - drop, merged upstream.
    + disable/installer.patch - use new BUILDFLAG() macro.
    + disable/unrar.patch - use new BUILDFLAG() macro.
    + disable/welcome-page.patch - use new BUILDFLAG() macro.
    + disable/widevine-cdm.cu.patch - use new BUILDFLAG() macro.
    + disable/tests.patch - drop unnecessary parts of the patch (which ends
      up being most of it).
    + disable/angle-perftests.patch - drop config disabling ANGLE's rapidjson.
    + disable/swiftshader.patch - drop removal of rapidjson dependency.
  * New upstream stable release.
    - CVE-2022-0789: Heap buffer overflow in ANGLE.
      Reported by SeongHwan Park (SeHwa).
    - CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous.
    - CVE-2022-0791: Use after free in Omnibox.
      Reported by Zhihua Yao of KunLun Lab.
    - CVE-2022-0792: Out of bounds read in ANGLE.
      Reported by Jaehun Jeong(@n3sk) of Theori.
    - CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita.
    - CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani.
    - CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960.
    - CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim
      of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd.
    - CVE-2022-0797: Out of bounds memory access in Mojo.
      Reported by Sergei Glazunov of Google Project Zero.
    - CVE-2022-0798: Use after free in MediaStream.
      Reported by Samet Bekmezci @sametbekmezci.
    - CVE-2022-0799: Insufficient policy enforcement in Installer.
      Reported by Abdelhamid Naceri (halov).
    - CVE-2022-0800: Heap buffer overflow in Cast UI.
      Reported by Khalil Zhani.
    - CVE-2022-0801: Inappropriate implementation in HTML parser.
      Reported by MichaƂ Bentkowski of Securitum.
    - CVE-2022-0802: Inappropriate implementation in Full screen mode.
      Reported by Irvan Kurniawan (sourc7).
    - CVE-2022-0803: Inappropriate implementation in Permissions.
      Reported by Abdulla Aldoseri.
    - CVE-2022-0804: Inappropriate implementation in Full screen mode.
      Reported by Irvan Kurniawan (sourc7).
    - CVE-2022-0805: Use after free in Browser Switcher.
      Reported by raven at KunLun Lab.
    - CVE-2022-0806: Data leak in Canvas. Reported by Paril.
    - CVE-2022-0807: Inappropriate implementation in Autofill.
      Reported by Alesandro Ortiz.
    - CVE-2022-0808: Use after free in Chrome OS Shell.
      Reported by @ginggilBesel.
    - CVE-2022-0809: Out of bounds memory access in WebXR.
      Reported by @uwu7586.

 -- Andres Salomon <email address hidden>  Wed, 02 Feb 2022 21:53:14 -0500

Upload details

Uploaded by:
Debian Chromium Team
Uploaded to:
Sid
Original maintainer:
Debian Chromium Team
Architectures:
i386 amd64 arm64 armhf all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
chromium_99.0.4844.51-1.dsc 3.5 KiB 2a08f338ab589c7280f5927afd79ca3404a961d88189a02a684c3c6e19a74f43
chromium_99.0.4844.51.orig.tar.xz 516.0 MiB 2d3f14764bb2216c6bfdf52dd6da53af256f15860a501467ace9a4af7e2eb593
chromium_99.0.4844.51-1.debian.tar.xz 208.2 KiB b7dcd7e6dc276da220d1146cbff04f6cfbc2257d4ed6d953de51bcabc5ca7cb6

No changes file available.

Binary packages built by this source