[ubuntu/bionic-updates] chromium-browser 103.0.5060.134-0ubuntu0.18.04.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Jul 28 14:07:31 UTC 2022 

chromium-browser (103.0.5060.134-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 103.0.5060.134
    - CVE-2022-2477 : Use after free in Guest View.
    - CVE-2022-2478 : Use after free in PDF.
    - CVE-2022-2479 : Insufficient validation of untrusted input in File.
    - CVE-2022-2480 : Use after free in Service Worker API.
    - CVE-2022-2481: Use after free in Views.
    - CVE-2022-2163: Use after free in Cast UI and Toolbar.

chromium-browser (103.0.5060.114-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 103.0.5060.114
    - CVE-2022-2294: Heap buffer overflow in WebRTC.
    - CVE-2022-2295: Type Confusion in V8.
    - CVE-2022-2296: Use after free in Chrome OS Shell.

chromium-browser (103.0.5060.53-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 103.0.5060.53
    - CVE-2022-2156: Use after free in Base
    - CVE-2022-2157: Use after free in Interest groups
    - CVE-2022-2158: Type Confusion in V8
    - CVE-2022-2160: Insufficient policy enforcement in DevTools
    - CVE-2022-2161: Use after free in WebApp Provider
    - CVE-2022-2162: Insufficient policy enforcement in File System API
    - CVE-2022-2163: Use after free in Cast UI and Toolbar
    - CVE-2022-2164: Inappropriate implementation in Extensions API
    - CVE-2022-2165: Insufficient data validation in URL formatting.
  * debian/patches/allow-building-on-x86.patch: refreshed
  * debian/patches/build-with-old-libva-missing-defines.patch: refreshed
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/configuration-directory.patch: refreshed
  * debian/patches/linker-oom-armhf.patch: added
  * debian/patches/partition-allocator-constexpr2.patch: refreshed
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/segmentation-platform-constexpr.patch: removed, no longer needed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/widevine-other-locations: refreshed

chromium-browser (102.0.5005.115-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 102.0.5005.115
    - CVE-2022-2007: Use after free in WebGPU.
    - CVE-2022-2008: Out of bounds memory access in WebGL.
    - CVE-2022-2010: Out of bounds read in compositing.
    - CVE-2022-2011: Use after free in ANGLE.

chromium-browser (102.0.5005.61-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 102.0.5005.61
    - CVE-2022-1853: Use after free in Indexed DB.
    - CVE-2022-1854: Use after free in ANGLE.
    - CVE-2022-1855: Use after free in Messaging.
    - CVE-2022-1856: Use after free in User Education.
    - CVE-2022-1857: Insufficient policy enforcement in File System API.
    - CVE-2022-1858: Out of bounds read in DevTools.
    - CVE-2022-1859: Use after free in Performance Manager.
    - CVE-2022-1860: Use after free in UI Foundations.
    - CVE-2022-1861: Use after free in Sharing.
    - CVE-2022-1862: Inappropriate implementation in Extensions.
    - CVE-2022-1863: Use after free in Tab Groups.
    - CVE-2022-1864: Use after free in WebApp Installs.
    - CVE-2022-1865: Use after free in Bookmarks.
    - CVE-2022-1866: Use after free in Tablet Mode.
    - CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer.
    - CVE-2022-1868: Inappropriate implementation in Extensions API.
    - CVE-2022-1869: Type Confusion in V8.
    - CVE-2022-1870: Use after free in App Service.
    - CVE-2022-1871: Insufficient policy enforcement in File System API.
    - CVE-2022-1872: Insufficient policy enforcement in Extensions API.
    - CVE-2022-1873: Insufficient policy enforcement in COOP.
    - CVE-2022-1874: Insufficient policy enforcement in Safe Browsing.
    - CVE-2022-1875: Inappropriate implementation in PDF.
    - CVE-2022-1876: Heap buffer overflow in DevTools.
  * debian/control: add a build dependency on git
  * debian/rules: build with arm_control_flow_integrity="none", because the
    default value of "pac" on arm64 requires Arm-v8.3+
  * debian/patches/allow-building-on-x86.patch: added
  * debian/patches/build-with-old-libva-no-av1.patch: refreshed
  * debian/patches/partition-allocator-clang-name-confusion.patch: refreshed
  * debian/patches/partition-allocator-constexpr2.patch: updated
  * debian/patches/partition-allocator-missing-ioctl.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
  * debian/patches/title-bar-default-system.patch-v35: refreshed
  * debian/patches/use-clang-versioned.patch: refreshed

Date: 2022-07-20 09:29:14.406982+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/chromium-browser/103.0.5060.134-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list