Debian Bug report logs -
#987715
chromium: Update to version 90.0.4430.93 (security-fixes)
Reported by: Sedat Dilek <sedat.dilek@gmail.com>
Date: Wed, 28 Apr 2021 09:27:02 UTC
Severity: normal
Tags: fixed-upstream, security, upstream
Found in version chromium/90.0.4430.85-1
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, sedat.dilek@gmail.com, Debian Chromium Team <chromium@packages.debian.org>:
Bug#987715; Package chromium.
(Wed, 28 Apr 2021 09:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sedat Dilek <sedat.dilek@gmail.com>:
New Bug report received and forwarded. Copy sent to sedat.dilek@gmail.com, Debian Chromium Team <chromium@packages.debian.org>.
(Wed, 28 Apr 2021 09:27:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: chromium
Version: 90.0.4430.85-1
Severity: normal
X-Debbugs-Cc: sedat.dilek@gmail.com
Dear Maintainer,
Google's chrome version 90.0.4430.93 ships several CVEs fixed (see [1] for details):
[1199345] High CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab on 2021-04-15
[1175058] High CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-05
[1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair on 2021-02-26
[1139156] Medium CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu on 2020-10-16
[1198165] Medium CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
[1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul on 2021-04-13
[1198696] Low CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-04-13
These CVEs are also listed in Debian's security-tracker (see [2]).
Can you please upgrade chromium to the same version?
Thanks.
Regards,
- Sedat -
[1] https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
[2] https://security-tracker.debian.org/tracker/source-package/chromium
[3] https://www.heise.de/news/Sicherheitsluecken-in-Chrome-Aktuelles-Browser-Update-bessert-nach-6029565.htm (German)
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing'), (99, 'buildd-unstable'), (99, 'buildd-experimental'), (99, 'experimental'), (99, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.12.0-1-amd64-clang12-lto (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 90.0.4430.85-1
ii libasound2 1.2.4-1.1
ii libatk-bridge2.0-0 2.38.0-1
ii libatk1.0-0 2.36.0-2
ii libatomic1 10.2.1-6
ii libatspi2.0-0 2.38.0-4
ii libavcodec58 7:4.3.2-0+deb11u1
ii libavformat58 7:4.3.2-0+deb11u1
ii libavutil56 7:4.3.2-0+deb11u1
ii libc6 2.31-11
ii libcairo2 1.16.0-5
ii libcups2 2.3.3op2-3
ii libdbus-1-3 1.12.20-2
ii libdrm2 2.4.104-1
ii libevent-2.1-7 2.1.12-stable-1
ii libexpat1 2.2.10-2
ii libflac8 1.3.3-2
ii libfontconfig1 2.13.1-4.2
ii libfreetype6 2.10.4+dfsg-1
ii libgbm1 20.3.5-1
ii libgcc-s1 10.2.1-6
ii libglib2.0-0 2.66.8-1
ii libgtk-3-0 3.24.24-3
ii libharfbuzz0b 2.7.4-1
ii libicu67 67.1-6
ii libjpeg62-turbo 1:2.0.6-4
ii libjsoncpp24 1.9.4-4
ii liblcms2-2 2.12~rc1-2
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.29-1
ii libnss3 2:3.63-1
ii libopenjp2-7 2.4.0-3
ii libopus0 1.3.1-0.1
ii libpango-1.0-0 1.46.2-3
ii libpng16-16 1.6.37-3
ii libpulse0 14.2-2
ii libre2-9 20210201+dfsg-1
ii libsnappy1v5 1.1.8-1
ii libstdc++6 10.2.1-6
ii libvpx6 1.9.0-1
ii libwebp6 0.6.1-2+b1
ii libwebpdemux2 0.6.1-2+b1
ii libwebpmux3 0.6.1-2+b1
ii libx11-6 2:1.7.0-2
ii libxcb1 1.14-3
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.5-2
ii libxext6 2:1.3.3-1.1
ii libxfixes3 1:5.0.3-2
ii libxml2 2.9.10+dfsg-6.3+b1
ii libxrandr2 2:1.5.1-1
ii libxshmfence1 1.3-1
ii libxslt1.1 1.1.34-4
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium recommends:
ii chromium-sandbox 90.0.4430.85-1
Versions of packages chromium suggests:
pn chromium-driver <none>
ii chromium-l10n 90.0.4430.85-1
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.31-11
ii libstdc++6 10.2.1-6
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1.1
ii x11-utils 7.7+5
ii xdg-utils 1.1.3-4.1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages chromium-common recommends:
ii chromium-sandbox 90.0.4430.85-1
ii fonts-liberation 1:1.07.4-11
ii gnome-shell [notification-daemon] 3.38.4-1
ii libgl1-mesa-dri 20.3.5-1
ii libu2f-udev 1.1.10-3
ii notification-daemon 3.20.0-4
ii plasma-workspace [notification-daemon] 4:5.21.4-1
ii system-config-printer 1.5.14-1
ii upower 0.99.11-2
Versions of packages chromium-sandbox depends on:
ii libc6 2.31-11
-- Configuration Files:
/etc/chromium.d/default-flags changed [not included]
-- no debconf information
Added tag(s) fixed-upstream, security, and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 28 Apr 2021 19:12:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Apr 29 08:07:59 2021;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon