Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

chromium: New 87.0.4280.141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116)

Related Vulnerabilities: CVE-2020-15995   CVE-2020-16043   CVE-2021-21106   CVE-2021-21107   CVE-2021-21108   CVE-2021-21109   CVE-2021-21110   CVE-2021-21111   CVE-2021-21112   CVE-2021-21113   CVE-2021-21114   CVE-2021-21115   CVE-2021-21116  

Source

Debian Bug report logs - #979533
chromium: New 87.0.4280.141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116)

version graph

Package: src:chromium; Maintainer for src:chromium is Debian Chromium Team <chromium@packages.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 7 Jan 2021 20:03:01 UTC

Severity: grave

Tags: security, upstream

Merged with 979520

Found in versions chromium/87.0.4280.88-0.4~deb10u1, chromium/87.0.4280.88-0.4

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Chromium Team <chromium@packages.debian.org>:
Bug#979533; Package src:chromium. (Thu, 07 Jan 2021 20:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Chromium Team <chromium@packages.debian.org>. (Thu, 07 Jan 2021 20:03:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: chromium: New 87.0.4280.141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116)
Date: Thu, 07 Jan 2021 21:01:43 +0100
Source: chromium
Version: 87.0.4280.88-0.4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 87.0.4280.88-0.4~deb10u1

Hi

Please see
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
here is a new round of CVE fixes for chromium accordingly.

CVE-2020-15995 seems a bit unclear, it was previously marked to affect
only Chrome on Android, but now appears to affect as well us.

Regards,
Salvatore

Marked as found in versions chromium/87.0.4280.88-0.4~deb10u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 07 Jan 2021 20:03:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Team <chromium@packages.debian.org>:
Bug#979533; Package src:chromium. (Thu, 07 Jan 2021 20:39:02 GMT) (full text, mbox, link).

Acknowledgement sent to Jan Luca Naumann <j.naumann@fu-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Team <chromium@packages.debian.org>. (Thu, 07 Jan 2021 20:39:02 GMT) (full text, mbox, link).

Message #12 received at 979533@bugs.debian.org (full text, mbox, reply):

From: Jan Luca Naumann <j.naumann@fu-berlin.de>
To: 979533@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>, Michel Le Bihan <michel@lebihan.pl>
Subject: Re: chromium: New 87.0.4280.141 (CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116)
Date: Thu, 7 Jan 2021 21:34:14 +0100
[Message part 1 (text/plain, inline)]
Michel is preparing an new version and I update the buster branch as
soon as the unstable version is uploaded.

Best,
Jan

On Thu, 07 Jan 2021 21:01:43 +0100 Salvatore Bonaccorso
<carnil@debian.org> wrote:
> Source: chromium
> Version: 87.0.4280.88-0.4
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
> Control: found -1 87.0.4280.88-0.4~deb10u1
> 
> Hi
> 
> Please see
> https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
> here is a new round of CVE fixes for chromium accordingly.
> 
> CVE-2020-15995 seems a bit unclear, it was previously marked to affect
> only Chrome on Android, but now appears to affect as well us.
> 
> Regards,
> Salvatore
> 
> 


[OpenPGP_signature (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Chromium Team <chromium@packages.debian.org>:
Bug#979533; Package src:chromium. (Fri, 08 Jan 2021 17:09:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michel Le Bihan <michel@lebihan.pl>:
Extra info received and forwarded to list. Copy sent to Debian Chromium Team <chromium@packages.debian.org>. (Fri, 08 Jan 2021 17:09:04 GMT) (full text, mbox, link).

Message #17 received at 979533@bugs.debian.org (full text, mbox, reply):

From: Michel Le Bihan <michel@lebihan.pl>
To: 979533@bugs.debian.org
Subject: chromium: New 87.0.4280.141
Date: Fri, 08 Jan 2021 18:08:13 +0100
Hello,

I'm working on the update, but I encountered an unexpected issue. The
update was easy. Patches did not require updating. The problem, is that
Chromium IU is frozen. Chromium itself isn't and the globe on
https://en.wikipedia.org/wiki/GIF spins, but Chromium doesn't react to
any UI input. I'm debugging that, but haven't made much progress.

Michel Le Bihan

Merged 979520 979533 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 08 Jan 2021 18:24:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jan 9 12:39:03 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started