Accepted chromium 106.0.5249.61-1~deb11u1 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 27 Sep 2022 14:14:44 -0400 Source: chromium Architecture: source Version: 106.0.5249.61-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Chromium Team Changed-By: Andres Salomon Changes: chromium (106.0.5249.61-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. Checksums-Sha1: 1a2382845a5cb5890e029fef787f412221cce208 3703 chromium_106.0.5249.61-1~deb11u1.dsc 7a4e624a907d1d3a3cece2eca9b420e838d8b895 647344332 chromium_106.0.5249.61.orig.tar.xz f83a6f3bbd994f318ed6e315876c88e4716283cf 212036 chromium_106.0.5249.61-1~deb11u1.debian.tar.xz efa26d7b7ecf09ed1f6e14334ee8835b0ac0ec97 21201 chromium_106.0.5249.61-1~deb11u1_source.buildinfo Checksums-Sha256: 6c99ec07764a99fb1ca2c00e2a090afacc1857ce6417ab02b0287bf42fa2517a 3703 chromium_106.0.5249.61-1~deb11u1.dsc 06fdc419b7af543cc870581a34d205401c294e79b2b88d0c5307fbd33d94c4e0 647344332 chromium_106.0.5249.61.orig.tar.xz 414fab1ae33c94820755665b44400aca3b746e2f0403687ca34f3c10589a8788 212036 chromium_106.0.5249.61-1~deb11u1.debian.tar.xz e4977dad2250b67652687594069bd30bdbb27d5c99e40d21de189e808216a613 21201 chromium_106.0.5249.61-1~deb11u1_source.buildinfo Files: fb88cc0f2a7a213e3c45eadd7cec9a41 3703 web optional chromium_106.0.5249.61-1~deb11u1.dsc 203e7beced2de971b2ff4b0cc474cd1c 647344332 web optional chromium_106.0.5249.61.orig.tar.xz 7f8841e8eca37378ff9fe042a65f41a0 212036 web optional chromium_106.0.5249.61-1~deb11u1.debian.tar.xz b402f6cf65fe9a7389ab3877dd8cc9cc 21201 web optional chromium_106.0.5249.61-1~deb11u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmMzRhwUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdLGw/+K04sG08C20sDDfyy3CSqQrQQ+NDL sMyL1Bm6QmEM1Q
Accepted gdal 3.2.2+dfsg-2+deb11u2 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 21 Sep 2022 06:52:45 + Source: gdal Architecture: source Version: 3.2.2+dfsg-2+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian GIS Project Changed-By: Aron Xu Changes: gdal (3.2.2+dfsg-2+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (CVE-2021-45943). Checksums-Sha1: dd6bed0dabd66e97191c86ba4a23f38d532c80d1 2931 gdal_3.2.2+dfsg-2+deb11u2.dsc f77b1713d4cd697979367303e84c9eaa8d8e3841 9207284 gdal_3.2.2+dfsg.orig.tar.xz 57e0e2b663451a19ce093af9a3943122019f8e50 250872 gdal_3.2.2+dfsg-2+deb11u2.debian.tar.xz d30b826c332cc3de2001dc88415f5e563afbeaab 6422 gdal_3.2.2+dfsg-2+deb11u2_source.buildinfo Checksums-Sha256: a642514a36bad16743e654b5e00264ee31062bc8e74a8bcd07c721066f03b1e5 2931 gdal_3.2.2+dfsg-2+deb11u2.dsc 3a3f3723478569f8c99caf23b6ed2c0e77b712d98bf49622f44c65e1c8e5c36e 9207284 gdal_3.2.2+dfsg.orig.tar.xz ff07a526d068b115dce6e51941b65d9afbf67b8a0c23b5b74f7adb13a40df85c 250872 gdal_3.2.2+dfsg-2+deb11u2.debian.tar.xz d76fdf6f7aaed5a283c52ab0575742122b814aa6996e6c3d3d9967eb0caffdcf 6422 gdal_3.2.2+dfsg-2+deb11u2_source.buildinfo Files: 46d886b79788e10d3e9f213e6ac12033 2931 science optional gdal_3.2.2+dfsg-2+deb11u2.dsc ae76fc9cb304c4f2247c49fa57ff6dfd 9207284 science optional gdal_3.2.2+dfsg.orig.tar.xz 18db28a98f19bc6e24f4d17d0ce3e325 250872 science optional gdal_3.2.2+dfsg-2+deb11u2.debian.tar.xz 5e5e520484903581285bbf9ebd4af185 6422 science optional gdal_3.2.2+dfsg-2+deb11u2_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmMuzoYACgkQO1LKKgqv 2VT64Af+J22o61deMiwpH9Q/yiDYZDuoHWO51fl8+SeDqHPtnlzbFsJ2/hd1U/Bt AXKo8IaT1u2eeu31LVFP2vLnREKlRFIpaiGsm+bPRIbcFUsGH7Sz+cucSuKggd+Y XPDF+0iryVl92cQk1c3mYGnlQucWNmOUVya/xEVfLp/e3PWEMoSrN61bN4fgh1sM YeXf4S+zeylLB0DnglPNdjoS0fxtmwbXJTCFfrJpxJ3t/0oHEavR2+HHKAmZ5fvT wv83RvX4rvrskNUGHG2ezobpAtlEO+BA4YaKpvDjVwzSkYD5mLB1GRHW4I1u0cwh MJqJyqHwRBbEIIzuSZw0oGCrAyLL8A== =zl/X -END PGP SIGNATURE-
Accepted lighttpd 1.4.59-1+deb11u2 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 23 Sep 2022 10:23:07 +0200 Source: lighttpd Architecture: source Version: 1.4.59-1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian lighttpd maintainers Changed-By: Helmut Grohne Changes: lighttpd (1.4.59-1+deb11u2) bullseye-security; urgency=medium . * Fix CVE-2022-37797 * Fix CVE-2022-41556 remote resource exhaustion Checksums-Sha1: 034f3ea2779a71aceb9f071ee91368cb16f9c804 4392 lighttpd_1.4.59-1+deb11u2.dsc b83d450d0aff44b26ce91f5f8d55d7ebe251cafb 50384 lighttpd_1.4.59-1+deb11u2.debian.tar.xz bab751c73115821b62ca2675e2baaf2d790e06c6 21624 lighttpd_1.4.59-1+deb11u2_amd64.buildinfo Checksums-Sha256: dd29b84ec4e1119749992200be1680240591cf0723892503393cacbb01d92340 4392 lighttpd_1.4.59-1+deb11u2.dsc 7e75426e398cdc4955d0c0a9389d821032ab7245af13a440b9d50368a8b3c57d 50384 lighttpd_1.4.59-1+deb11u2.debian.tar.xz 1a205af83d9c2c147ca3496c65560d72823543901b196a1de12c164f2eff1c69 21624 lighttpd_1.4.59-1+deb11u2_amd64.buildinfo Files: 96b63e03c0ab3398324a0e0b1c30c848 4392 httpd optional lighttpd_1.4.59-1+deb11u2.dsc 2839779644e7c0fa1df28a3c8f286e78 50384 httpd optional lighttpd_1.4.59-1+deb11u2.debian.tar.xz ecea4fd40437f12d06ed2e8053d8ef26 21624 httpd optional lighttpd_1.4.59-1+deb11u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEETMLS2QqNFlTb+HOqLRqqzyREREIFAmMzP3sACgkQLRqqzyRE REKOihAAjNCtoXaTVnxzK6OFuEzHEsp3SaytyYBHVwN34ybnlAA1Il6lx/pwRdr2 PntUOCl0ZzOdz65KrkuGa75v1msnCjWf2R0VkiirJ1UVXr73b+VDFzKPtZfbEoWo ScDw2l1WERci8FyaakDuCUFm2dfPu2H6ojJ58gYZVGMBZFIA91y6I2JndOzwOfs6 ii5nbyXzye/b2c8Ke0CdJGm0NCIE77A7lFnVtphcMBMcJ8/pzFMFFhT/9n7n9je6 Y8vyqoCKNTQLM9PK4HxXC1UtGVHnjMwm9FSiOMhJ/OqGiuStfebZDCTLOrLqYD8e 0zQfLqyqB6xDWjzFI8T33eFBUslLZ0NzvKsISANPT9Rj1ujLcf1SPTBTu3xmAyqU dveh6MThfO7+hyjxTssb0CdHGxrnGk4o/a6/qmph87T/SYqLGQum3+Q3ElyGjFsj TxAsZL6Pf4sG6pFdtSAszAzIuEQsCzjmtbYB+IRUrY/wHmQyQBPgYjqy16uVpZYW HrsacfZYIzleB06Az/QuWERqSjgztj+vWtxsatMkh5GE+f7fWuEtoZoI2HNJJoal B0MlXXVlOiVf+/PurSaocZUO+rCB0+eylx7im46vu/PlRKSJxlXUUe3uU/BLWPdE em6NvnPyuyt6Vm72UxVL1zIOv0NC7GMEeIcU5O2fykbF2vNw0nU= =Woxl -END PGP SIGNATURE-
Accepted maven-shared-utils 3.3.0-1+deb11u1 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 23 Sep 2022 14:28:15 +0800 Source: maven-shared-utils Architecture: source Version: 3.3.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Aron Xu Closes: 1012314 Changes: maven-shared-utils (3.3.0-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. . [Markus Koschany ] * Fix CVE-2022-29599: Apache Maven maven-shared-utils, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. (Closes: #1012314) Checksums-Sha1: bc503bf12b85f41fbe43e2dc4cde47c0f360f758 2039 maven-shared-utils_3.3.0-1+deb11u1.dsc 56d7890696c253da39ef7dc878098965ccd487c0 119656 maven-shared-utils_3.3.0.orig.tar.xz 239fc1e123f0b61cfcc8a0371b53638d7da21e52 6412 maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz 3e0ab7a5df351b63f9f45e30b513553f2d60b461 8665 maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo Checksums-Sha256: 40a16a9a6aaff71977c73a56cb588a84c63456b11924c2d485a01efb6c9cbc74 2039 maven-shared-utils_3.3.0-1+deb11u1.dsc 11b00155d894a7e5f2bd4a0f81ca2b34236496019fdf9492aa458355fd16d674 119656 maven-shared-utils_3.3.0.orig.tar.xz 728d9433cc61a2980ff13f01f81234c404102d187eee4015e7acad26770a6f0c 6412 maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz 7700c9860ff9c2e0b599426c1b79e9b9eb11c2f370877bab1212e11f5a44257a 8665 maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo Files: 767d924a9a8c2102bfc9e36453e14e00 2039 java optional maven-shared-utils_3.3.0-1+deb11u1.dsc e8986bb1ea7745c6bbf4dca7a2f8443a 119656 java optional maven-shared-utils_3.3.0.orig.tar.xz 7b542205305ab4f5efed4ff38caa9062 6412 java optional maven-shared-utils_3.3.0-1+deb11u1.debian.tar.xz ac3391d66b34c667d89b0de6d99d74f8 8665 java optional maven-shared-utils_3.3.0-1+deb11u1_source.buildinfo -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmMxEhgACgkQO1LKKgqv 2VRPlAf/aLkX2JtGG5ccPHzO2SLc9KrAtYAh36q3ea3DKYn7X575Vsxx0lN4/qLT +m1x/WKk00wvbUEL/YhR8StuTedZl93uJz0GnrtHFNupyB4YjXROpkb0eZIJa7B1 /UtViR875AJxTn3y2CGvbaaUWjQfnkSu00mIc34z74aExMnDuwIDUWwM3ag5YhMt ITIJdNJoM70Lz/ohUdIjfqaAzVhEpWrfsfs9oLNQ6Xz58svKlyaJl5bc3+V9WfNi UOczmO1Fxnak9F5q3ZY1PkMjUWt/me1hk/T9jkPxLiBs8d1SXyzOvAhR48xHxlu4 K5bZ/P9S1AyqaPoQT1kd8BfZfa6y0Q== =1MxI -END PGP SIGNATURE-
Accepted tzdata 2021a-1+deb11u6 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 01 Oct 2022 23:34:39 +0200 Source: tzdata Architecture: source Version: 2021a-1+deb11u6 Distribution: bullseye Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: tzdata (2021a-1+deb11u6) bullseye; urgency=medium . * Cherry-pick patches from upstream: - 10-no-leap-second-2022-12-31.patch: update leap-seconds.list, new expiration date on 28 June 2023. - 11-palestine-dst3.patch: Palestine transitions are now Saturdays at 02:00. This means 2022 falls back 10-29 at 02:00, not 10-28 at 01:00. Checksums-Sha1: bf0ca828b4fb9109d95eb259013ec8b2ac9c3944 2269 tzdata_2021a-1+deb11u6.dsc 66f1ea4367ff83475c1025a595fd5efa5aeaf688 113564 tzdata_2021a-1+deb11u6.debian.tar.xz e91acd62a9a2a7cce02feae4f09360c01f20279f 5715 tzdata_2021a-1+deb11u6_source.buildinfo Checksums-Sha256: 2d3bf44d3a46c6d7af2dead664360f0e05835c83a6c0475851c2fd6ee2923c85 2269 tzdata_2021a-1+deb11u6.dsc 1d4e96a91bea03a87b99cc90a7e5b378f2ccc6a976966ceb3dcb80c9109e65cc 113564 tzdata_2021a-1+deb11u6.debian.tar.xz 188eb2994048cd2e4f84db948778b5fab9e34f394dc625e1f84af01c8e153608 5715 tzdata_2021a-1+deb11u6_source.buildinfo Files: 943f509c1143d983f8e26297225dd247 2269 localization required tzdata_2021a-1+deb11u6.dsc b9c9208b84bfd606393ee560109e5b08 113564 localization required tzdata_2021a-1+deb11u6.debian.tar.xz 1ca91cbd83fbe02b1e049eee68f3df07 5715 localization required tzdata_2021a-1+deb11u6_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmM4szUACgkQE4jA+Jno M2uigA//VDYf4VEl1M71tSkw8YLoW/ZQlnIJl+fUbYZsYYU1OhztibNGr0Kodijt bkYkyZIe400JESjLlk9CnsZOJfO4CbJx6nIVQvk45hJrFiJCPJ2M2yPwwX+FkvPr 6hnAerQRokcX02zinbD6stfgkRj3zRKol4Doom1XaPYbPZWHlEpojsKZ/CZVH0UZ IsJBJG3jtIvP1dRuIquW3gRrsQYOyWv5mESKFPYdheUZ6Wl07LvBUmlpEogF8qvZ vVVB6peXcqqBUq/NgP7NPLgwvOlTGP8y9q0fryZD+fGanrMmIm5xi3QlkMcumpLm 5udKtXRXth14bMNGfC8FiLHE3pN3Ac/pJfkv8Hlzvbs076AGCLGTtCz/jBze8Jja RaA7qupAdPRjC72s2GXYcKyiIgc7E+c/RQxVucnoIheeQcsEF/EYvFLjjEUj3DqN U6C+0vCObYMB6wB8BTgjIYfzRsAa0GAuOU/r4bmcoAOEM3ykSRK65GKguihR3q59 b2wtmAZAYJHsd7piG+rHyaDZk5ZNHTqZ/dDtPfrmVt+n9Ep7KVkyUrOiLIa5CYuZ 8saAHDQh/bhQ9vC1ZnKwVj60cMg2xN1ysxfbbSY3Mxr8wd8WYI6oD+XUv9s9KIU+ 9uyG6pWb7Gu5CREyfgB7q9sJwrx/sBTSqBgQAhQSgtYLLNeTxBo= =6Kam -END PGP SIGNATURE-
Accepted libbluray 1:1.2.1-4+deb11u2 (source) into proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 21 Sep 2022 21:25:08 +0200 Source: libbluray Architecture: source Version: 1:1.2.1-4+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Sebastian Ramacher Closes: 1011716 Changes: libbluray (1:1.2.1-4+deb11u2) bullseye; urgency=medium . * debian/patches: Apply upstream fix for Oracle Java CPU from April 2022 (Closes: #1011716) Checksums-Sha1: 1b0801ce7e175d4af08b175cc61fb307746cc21b 2466 libbluray_1.2.1-4+deb11u2.dsc f0a445ffd8dca95e116f7ce1ed3220854837257b 18056 libbluray_1.2.1-4+deb11u2.debian.tar.xz Checksums-Sha256: 51073c813d871b3320a77b73180ee3583df584d178860e014cbac9438dfddc24 2466 libbluray_1.2.1-4+deb11u2.dsc 55bfcece024825aadf570f77d77e1a2ac8d6ce6e3d23ef19a78df4b84642786e 18056 libbluray_1.2.1-4+deb11u2.debian.tar.xz Files: 829eb2fb35aea134c543f9ceafda36db 2466 libs optional libbluray_1.2.1-4+deb11u2.dsc 593c74ea4a65de0751c8c9ca49f3a047 18056 libs optional libbluray_1.2.1-4+deb11u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmMrZ6EACgkQafL8UW6n GZNP5hAAlLd/W9g2mCqB+1TrkxQqJSAUuB3sWGza7iUbp4U/gxMZridTjy4/nQ1J LtfpdpPqa87uxPZDykr6hMvn1Jf2F0VLj3tV1kfkStRZB283LYpLu3dZqn4hIOG+ WmQR2RfiHQA2+qrhYH0MgbDj4OVIP6oSSqwoayz3wGUh/MbEy6+ecF67I5flqE20 nKf4cIRrFh97ADx4IzjlVArlrI44dy+AAnuQ1nMJ8VLVx9KpthsGRoyW0eCPRB8d sVHdDkTd2MtOT1ZaVOFVf1Sl6kgUcLilQFSP2HLSuhXS/+6TJ1CdIZJTn288cPIC JWIvxnTMCUjZ47YzbQpTk+0GDAhNawYRqE0v3U+hRWqY9CANCuc8iI5Ur33EriSg XJdOwkFx3lQg6fiYpgCkhVVk7ofR9dz6jpvP97Yln9z2xouAx5ZGeqs1jITB9MJr tPMBvJGe7ToMARbKit66Nd76S+TAlAE4O+agyD3+hD4qbXqr8+e3yxHD+KsHacJN pzGXbqJth0Qr+N6UT2E8cNYjWxcEDYEAx4eNTs61l9rpGvck6kmxvT3/JQZeJHrI 7yyeP9dbUb8u5buVQ+iAfM2u87zXYuphg3HXQK/dIb+Tiq63ZnMa1+xrDtQWoHU4 7fHQre2jbwVi87Cz03DSd1RZQ2vYuIefimsnxpZu9M6BTJrDfX8= =EvMe -END PGP SIGNATURE-