Bug#1042111: marked as done (chromium: Web Environment Integrity)

Sat, 07 Oct 2023 14:21:17 -0700 

Your message dated Sat, 07 Oct 2023 21:17:32 +0000
with message-id <[email protected]>
and subject line Bug#1042111: fixed in chromium 117.0.5938.62-1~deb11u1
has caused the Debian Bug report #1042111,
regarding chromium: Web Environment Integrity
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1042111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042111
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: chromium
Version: 115.0.5790.102-2

Engineers working for Google have proposed a standard named

   Web Environment Integrity

details available at
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
There have been hundreds of articles, social media posts, etc discussing this, here is a page that gives a good summary of the events so far: 

https://interpeer.io/blog/2023/07/google-vs-the-open-web/
Initially it was a standards proposal, but now it looks that it's already implemented 

https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd
Debian needs to figure out if this is something we want in chromium (at all, disabled at build time, disabled at runtime, etc). 

Thanks,

--
Matt Taggart
[email protected]

--- End Message ---
--- Begin Message --- 
Source: chromium
Source-Version: 117.0.5938.62-1~deb11u1
Done: Andres Salomon <[email protected]>

We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andres Salomon <[email protected]> (supplier of updated chromium package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 14 Sep 2023 19:16:28 -0400
Source: chromium
Architecture: source
Version: 117.0.5938.62-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Andres Salomon <[email protected]>
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb11u1) bullseye-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bullseye's older gn.
     - bullseye/default-equality-op.patch: refresh.
     - bullseye/lerp.patch: add a new build fix for libstdc++ 10.
     - bullseye/downgrade-typescript.patch: drop parts of patch that don't
       apply and simply update typescript node dependencies.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: 
#1042111)
Checksums-Sha1:
 b746449da714e196d7046376d62d38dc09be2c42 3762 
chromium_117.0.5938.62-1~deb11u1.dsc
 698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 
chromium_117.0.5938.62.orig.tar.xz
 487320c3c65cbbcbb121521f3921f3086a6709a5 1513876 
chromium_117.0.5938.62-1~deb11u1.debian.tar.xz
 67dd7b0b2265b5354412174c29da2972a2072e33 22997 
chromium_117.0.5938.62-1~deb11u1_source.buildinfo
Checksums-Sha256:
 bab0c23954740ec6ac83696256a7d85a4f0ffcb6557dc66ca32b856c7cbd4a39 3762 
chromium_117.0.5938.62-1~deb11u1.dsc
 f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 
chromium_117.0.5938.62.orig.tar.xz
 a7f38a60b30707c511c723cf527425411c91566eacf68ddcf2068ad99d2feac5 1513876 
chromium_117.0.5938.62-1~deb11u1.debian.tar.xz
 01d82d38b690ef4b00dc1da7051525a4bf51b8f50738c1bddcbb0f83b04e7676 22997 
chromium_117.0.5938.62-1~deb11u1_source.buildinfo
Files:
 ff0a73ff8a92fe0c848c7c719752a5d3 3762 web optional 
chromium_117.0.5938.62-1~deb11u1.dsc
 e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional 
chromium_117.0.5938.62.orig.tar.xz
 f11f3460b4d159359f9cbfde46db080a 1513876 web optional 
chromium_117.0.5938.62-1~deb11u1.debian.tar.xz
 786342732371472d57cdb08756f466ae 22997 web optional 
chromium_117.0.5938.62-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUDpaUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjdm8w//Wy7701Gaqj2lz4TDhEjbGJO37akR
tYaNSMX5Hd3K4hna2N9SHvGKBoLY39/sSWjsgVs9R80cd2jdO7ACUDk4+glgPI+v
XojMloe8z8XZ0dVaSIEiEEDF0roo9E+iqQ/8hQXbShhkuIniLXSRJOdZXAGr0nrI
b9cC3Ca9r2qSvd8Tigzr2GhRSRJ+OfckrVv1sW/tzZKCTQKcYxeknkPhB14nz0FO
yyCsC+M4nBTOy3EuaONh4urmn+CEN0x7DXY3aR3lOsjkFA6VCJzzl11xsMc7fyYg
HbLSMsIp7R50O2IxX8cExUula7oQsiLuk5o4tbvcDZgh/AgFNsjYFG7ol6z6ZVQ/
xlsneG3DiySJCo1rtIWyvcs8unoo61NzOmV5NbqnV1dxiG1SbxZdVJt0oZVB9XVa
YD9kNdClJCWi+cumJvRwK5KrdLSK3pBOC3nhoH+mC/8zaFB1Al4+oYuJlDo4NhUE
47Ojk0Jtb9QYWX2zKiYM6f7wITCrHRQm+L8saeOZDZePDo0WRns6oi8WEYEPSEOz
H18qTGkqVsRcdKr3UF6cSLhItnYjU3cF0J2N7FQW3/NlXt8ymQcaqc8Br1l0QRdk
PzauOin3Rr0iWMK1lOH6X1IleVgEkE5Pc5aa8LCHObQ11bzfjxHHgJPO8IMltcJ7
IeMKJeTI2UoQ5Gs=
=9oD9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to