Your message dated Wed, 22 May 2024 10:18:13 +0000
with message-id <[email protected]>
and subject line Bug#1068096: fixed in chromium 125.0.6422.76-1
has caused the Debian Bug report #1068096,
regarding chromium: --temp-profile has no effect if it appears after
--ozone-platform=wayland
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1068096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium
Version: 122.0.6261.57-1
Severity: normal
X-Debbugs-Cc: Daniel Kahn Gillmor <[email protected]>
I regularly launch chromimum with --temp-profile to have a completely
isolated, throwaway browsing session.
I am experimenting with switching to wayland. To use chromium with
wayland, i need to launch it with --ozone-platform=wayland.
Surprisingly, i discovered that if i launch it this way:
chromium --ozone-platform=wayland --temp-profile
Then it launches with the primary chromium profile, *not* an ephemeral
profile.
But if i launch it this way:
chromium --temp-profile --ozone-platform=wayland
then it does in fact use an ephemeral profile. I discovered this by
using the former invocation to visit a site where i have a login, and
noticed that i was already logged in as soon as i visited it.
I consider this a pretty serious privacy violation: my entire client
side state was mapped in to a process that i expected to be otherwise
anonymous.
--dkg
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages chromium depends on:
ii chromium-common 122.0.6261.57-1
ii libasound2 1.2.10-3
ii libatk-bridge2.0-0 2.50.0-1+b1
ii libatk1.0-0 2.50.0-1+b1
ii libatomic1 14-20240201-3
ii libatspi2.0-0 2.50.0-1+b1
ii libc6 2.37-15
ii libcairo2 1.18.0-1+b1
ii libcups2 2.4.7-1+b1
ii libdbus-1-3 1.14.10-4
ii libdouble-conversion3 3.3.0-1+b1
ii libdrm2 2.4.120-2
ii libevent-2.1-7t64 [libevent-2.1-7] 2.1.12-stable-8.1+b1
ii libexpat1 2.5.0-2+b2
ii libflac12 1.4.3+ds-2+b1
ii libfontconfig1 2.15.0-1.1
ii libfreetype6 2.13.2+dfsg-1+b1
ii libgbm1 23.3.5-1
ii libgcc-s1 14-20240201-3
ii libglib2.0-0 2.78.4-1
ii libgtk-3-0 3.24.41-1
ii libjpeg62-turbo 1:2.1.5-2+b2
ii libjsoncpp25 1.9.5-6+b2
ii liblcms2-2 2.14-2+b1
ii libminizip1 1:1.3.dfsg-3+b1
ii libnspr4 2:4.35-1.1+b1
ii libnss3 2:3.99-1
ii libopenh264-7 2.4.1+dfsg-1
ii libopenjp2-7 2.5.0-2+b2
ii libopus0 1.4-1+b1
ii libpango-1.0-0 1.52.0+ds-1
ii libpng16-16t64 [libpng16-16] 1.6.43-5
ii libpulse0 16.1+dfsg1-3
ii libsnappy1v5 1.1.10-1+b1
ii libstdc++6 14-20240201-3
ii libwebp7 1.3.2-0.4
ii libwebpdemux2 1.3.2-0.4
ii libwebpmux3 1.3.2-0.4
ii libwoff1 1.0.2-2+b1
ii libx11-6 2:1.8.7-1
ii libxcb1 1.15-1
ii libxcomposite1 1:0.4.5-1
ii libxdamage1 1:1.1.6-1
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2
ii libxkbcommon0 1.6.0-1
ii libxml2 2.9.14+dfsg-1.3+b2
ii libxnvctrl0 530.41.03-1
ii libxrandr2 2:1.5.4-1
ii libxslt1.1 1.1.35-1
ii xdg-desktop-portal-gtk [xdg-desktop-portal-backend] 1.15.1-1
ii xdg-desktop-portal-wlr [xdg-desktop-portal-backend] 0.7.1-1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium recommends:
ii chromium-sandbox 122.0.6261.57-1
Versions of packages chromium suggests:
ii chromium-driver 122.0.6261.57-1
pn chromium-l10n <none>
pn chromium-shell <none>
Versions of packages chromium-common depends on:
ii libc6 2.37-15
ii libjsoncpp25 1.9.5-6+b2
ii libstdc++6 14-20240201-3
ii libx11-6 2:1.8.7-1
ii libxnvctrl0 530.41.03-1
ii x11-utils 7.7+6
ii xdg-utils 1.1.3-4.1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium-common recommends:
ii awesome [notification-daemon] 4.3-7
ii chromium-sandbox 122.0.6261.57-1
ii dunst [notification-daemon] 1.9.2-1
ii fonts-liberation 1:2.1.5-3
ii libgl1-mesa-dri 23.3.5-1
pn libu2f-udev <none>
ii notification-daemon 3.20.0-4+b1
pn system-config-printer <none>
ii upower 1.90.2-8
Versions of packages chromium-driver depends on:
ii libatomic1 14-20240201-3
ii libc6 2.37-15
ii libdouble-conversion3 3.3.0-1+b1
ii libevent-2.1-7t64 [libevent-2.1-7] 2.1.12-stable-8.1+b1
ii libglib2.0-0 2.78.4-1
ii libjsoncpp25 1.9.5-6+b2
ii libminizip1 1:1.3.dfsg-3+b1
ii libnspr4 2:4.35-1.1+b1
ii libnss3 2:3.99-1
ii libstdc++6 14-20240201-3
ii libxcb1 1.15-1
ii zlib1g 1:1.3.dfsg-3+b1
Versions of packages chromium-sandbox depends on:
ii libc6 2.37-15
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 125.0.6422.76-1
Done: Andres Salomon <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andres Salomon <[email protected]> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 21 May 2024 16:12:47 -0400
Source: chromium
Architecture: source
Version: 125.0.6422.76-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Andres Salomon <[email protected]>
Closes: 1068096
Changes:
chromium (125.0.6422.76-1) unstable; urgency=high
.
* New upstream security release.
- CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
- CVE-2024-5158: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5159: Heap buffer overflow in ANGLE.
Reported by David Sievers (@loknop).
- CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
* Don't silently ignore arguments meant for the wrapper script if chromium
args happen to come first (closes: #1068096).
* d/patches:
- upstream/tabstrip-include.patch: add header build fix.
Checksums-Sha1:
c0bbcc6c260d1df5a8fb8c3b8f27769228bd27ba 3749 chromium_125.0.6422.76-1.dsc
1186919021515b839663052c7f290deee71b5aad 843615708
chromium_125.0.6422.76.orig.tar.xz
4d5a4625d5d6e0a26173f379262a4ceee23f9524 429476
chromium_125.0.6422.76-1.debian.tar.xz
24df6f5d458c75d13180cff334d4a786e081269b 22373
chromium_125.0.6422.76-1_source.buildinfo
Checksums-Sha256:
19dafec7d2a3b04c7746ba6ed8c5f02308f6875b0757a63dc3fd25e9d34770cf 3749
chromium_125.0.6422.76-1.dsc
2d30f3176bd8c5fa334e0d79c7949730e310e59d1a819fab5a82431ab8306837 843615708
chromium_125.0.6422.76.orig.tar.xz
bd13e966560837257540c15a9e1b3afec15c26aed8bdf120be52be8a8bb867a1 429476
chromium_125.0.6422.76-1.debian.tar.xz
5214da964c043475648b5d9b78ef6eac324150690f70611bf733e876dabb3021 22373
chromium_125.0.6422.76-1_source.buildinfo
Files:
dd1db2e1dfe2c97843ce3ab9b1a31233 3749 web optional chromium_125.0.6422.76-1.dsc
03e6c494ab73747a016986722a1add16 843615708 web optional
chromium_125.0.6422.76.orig.tar.xz
5fb38bd4944f58b3c9343065eac46a65 429476 web optional
chromium_125.0.6422.76-1.debian.tar.xz
56a21150e57714288b6a4ba87cd50d85 22373 web optional
chromium_125.0.6422.76-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZNrn0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjePfg//SOmNl5/Rl1TywPUoTmEZWR2QhBzv
hLq2Ry9P8mg3IZDvt+1wSPUFKMQjJEVEM3SBMhs7urP8mirOZgULr6+ZWrUDAaEx
pUlHNh6Z5LakXKjSHLHIRvyIDlHoO0JR//DucYlTp7aQdoEf5tNgcZxCGXCQFzZW
gg2FrJ8ZxVzhp4Gwqy/EbMrUBw8XhNyHHBC0k/hOW2QPUFKNTyur3Cxk2ejkFnDI
i03kq4Qv7C89Muds1bgVqzzViveowdWchiEnJNnsio+hufyMqUODS5hGyFvytFXb
rIq/YQQjFxUv1XjU0WsakJmAmxOJyAgL2QFRPiHLqKKg0FsvioV14ZDH62G0SaAo
fgo+JOnQ/G2zwSQJ8t/dgptMLd8DVLq1jeEKnY7nLzkPLe2yUhoedTBor+msFH6i
p5WwYc5ZpwUjSYVq7Nbo6reAQEuUIhYno3zqBzY2B3cAKnwWW14BtFPKD1SBiJUQ
4KYBfXoXBzAQgaMvOuuGgJgTM2T5w09IgnVkvsFP+f4ZKn/dpNky3TjMAsdMHwrk
W3x8XeE21YmWIeTtAhv78OcF+k/Xsbq78SkitzKdUhh9WeqFXSuf8pnmfOwAshWH
zk6p1l2X0BD9pgJDnvtsL1exl3EmoGPNeECS02JnnSSq7YN12H6XZ1DaS/iuAuo4
InQ33WN/XsjcqsY=
=4CMV
-----END PGP SIGNATURE-----
pgpIMrQQvsDSb.pgp
Description: PGP signature
--- End Message ---
