Your message dated Mon, 15 Mar 2021 15:49:18 +0000
with message-id <[email protected]>
and subject line Bug#985142: fixed in chromium 89.0.4389.90-1
has caused the Debian Bug report #985142,
regarding chromium: CVE-2021-21193 (RCE) in Blink
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
985142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985142
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 89.0.4389.82-1
Severity: grave
Tags: upstream security
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Per [1] (or [2], and allegedly [3] which I cannot access):
> A use after free security issue was found in the Blink component of the
> Chromium browser before version 89.0.4389.90. Google is aware of reports
> that an exploit for this issue exists in the wild.
Does this also affect libqt5webengine5? I know that its upstream derives
in part from the Chromium source tree.
Antonio
[1]
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
[2] https://security.archlinux.org/CVE-2021-21193
[3] https://crbug.com/1186287
OpenPGP_0xB01C53D5DED4A4EE.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 89.0.4389.90-1
Done: Michel Le Bihan <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michel Le Bihan <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Mar 2021 12:57:00 +0100
Source: chromium
Architecture: source
Version: 89.0.4389.90-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Michel Le Bihan <[email protected]>
Closes: 984926 985142 985271
Changes:
chromium (89.0.4389.90-1) unstable; urgency=medium
.
* New upstream security release (closes: #985271).
- CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame
- CVE-2021-21192: Heap buffer overflow in tab groups. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2021-21193: Use after free in Blink. Reported by Anonymous
(closes: #985142)
* Fix build with libvpx 1.7.0 and libicu63 (closes: #984926).
* Change debian/rules to not leave debian/scripts/mk-origtargz
Checksums-Sha1:
aafb466a863c483b9bca0499e4cf10ca635941cd 3639 chromium_89.0.4389.90-1.dsc
e3617eeddf4ff5b4c3cf1c2f25a1efc1a9fc990f 427206432
chromium_89.0.4389.90.orig.tar.xz
cd245ccd72a533631949406a0fda536fe6697bb5 210592
chromium_89.0.4389.90-1.debian.tar.xz
9e0ecf51d18d414eb6582c483e48f14f6101d7c6 14738
chromium_89.0.4389.90-1_source.buildinfo
Checksums-Sha256:
512d90f02e6af04019a9271180a49ef9f5690b1fe2db2f25c69d99ae00e647c0 3639
chromium_89.0.4389.90-1.dsc
c0b9f344749d43cb700d771d3d4c7f041186acc264d779bd8157e98d9aff68f5 427206432
chromium_89.0.4389.90.orig.tar.xz
67a129dc9112ce92a1498da370f8c9b3c470835e442ed3a51c0619c2d219ef7c 210592
chromium_89.0.4389.90-1.debian.tar.xz
823a040fb48861ca2e37c7fe1a0132763fd46f3d8c2407a1840a7dff005a18c8 14738
chromium_89.0.4389.90-1_source.buildinfo
Files:
242ea3437490fbbf08f1e8ae8fa2ecb8 3639 web optional chromium_89.0.4389.90-1.dsc
e73b69040e219e40d8e9f89119e554b2 427206432 web optional
chromium_89.0.4389.90.orig.tar.xz
b1bdf4b7144ccca1bb85dd801260bbfe 210592 web optional
chromium_89.0.4389.90-1.debian.tar.xz
9a3a3f838e1987ff2db5fe8d1f804ced 14738 web optional
chromium_89.0.4389.90-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmBPfv8ACgkQCBa54Yx2
K629Jg/9EC4ir4Ds408AAbaunD/APqi9X/G3kRAd6nBIPz7Pw8lll9ESCxuFKTt+
hf8rbPb9OQISYX5tSQSt1OtqqiDldFBXgQEPr/Eo7VwqD7it5kynpBUruLs54VKe
9lp7AiyIfXQU0O90dB8nPGCh8Mwyau5FYN4V9Dxn2n6qYinahYnUnLBEb+yi6L9F
2pTwxhb0JkwpHJF3y21k6H8VoPrxQUMwkl5Yix6R9OsItyfDX1daUB94rjZwWD5w
1CAOqPitIsc7xKl8zOlCjeXoDuf61AZqfbHr/KpbGxkvsiTT08WXBfAUrrfPeNOw
jh5J81oPo9BEyPTJuSXyiX1XrnYT6oXgdJpdxCWUKp9k0l0OXS5J3Vl9suW1hf/4
IwzAT1QXB0FLSL5kY3MdbZegWs0UqVRbw+4YWEtoNSuD9ec8kSMihi6g8btdR00d
pb6Z6g2HaqCz1vOH1AG+cP5NFJ8hxUrc5jLysJQuOTw1VnwnCR6vC6MJve2lto2u
uyaBDTadqLkCE35FPiknUzhOuiMsnxFnbF1A9Q45lqXHJLYFGvT0MASFHmS/yYeJ
TzT+nxx9Uqm/RWHIw22jT0u76vb3D5SeR18sxRBHPtnQvVBt8EID6u1s5yiIco+W
R6NvKIrTOhzrsxTH/eIrLhKj4Eit4cEsGpXWhfWEzhm0hZOA76o=
=iDbx
-----END PGP SIGNATURE-----
--- End Message ---
