Overview

File _patchinfo of Package patchinfo.17603

<patchinfo incident="17603">
  <issue tracker="bnc" id="1202075">VUL-0: chromium: multiple security issues fixed in 104.0.5112.79</issue>
  <issue tracker="cve" id="2022-2615"/>
  <issue tracker="cve" id="2022-2624"/>
  <issue tracker="cve" id="2022-2608"/>
  <issue tracker="cve" id="2022-2612"/>
  <issue tracker="cve" id="2022-2606"/>
  <issue tracker="cve" id="2022-2614"/>
  <issue tracker="cve" id="2022-2620"/>
  <issue tracker="cve" id="2022-2621"/>
  <issue tracker="cve" id="2022-2607"/>
  <issue tracker="cve" id="2022-2617"/>
  <issue tracker="cve" id="2022-2603"/>
  <issue tracker="cve" id="2022-2613"/>
  <issue tracker="cve" id="2022-2616"/>
  <issue tracker="cve" id="2022-2610"/>
  <issue tracker="cve" id="2022-2611"/>
  <issue tracker="cve" id="2022-2618"/>
  <issue tracker="cve" id="2022-2609"/>
  <issue tracker="cve" id="2022-2604"/>
  <issue tracker="cve" id="2022-2623"/>
  <issue tracker="cve" id="2022-2605"/>
  <issue tracker="cve" id="2022-2622"/>
  <issue tracker="cve" id="2022-2619"/>
  <packager>gmbr3</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for chromium</summary>
  <description>This update for chromium fixes the following issues:

Chromium 104.0.5112.79 (boo#1202075)

* CVE-2022-2603: Use after free in Omnibox
* CVE-2022-2604: Use after free in Safe Browsing
* CVE-2022-2605: Out of bounds read in Dawn
* CVE-2022-2606: Use after free in Managed devices API
* CVE-2022-2607: Use after free in Tab Strip
* CVE-2022-2608: Use after free in Overview Mode
* CVE-2022-2609: Use after free in Nearby Share
* CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* CVE-2022-2611: Inappropriate implementation in Fullscreen API
* CVE-2022-2612: Side-channel information leakage in Keyboard input
* CVE-2022-2613: Use after free in Input
* CVE-2022-2614: Use after free in Sign-In Flow
* CVE-2022-2615: Insufficient policy enforcement in Cookies
* CVE-2022-2616: Inappropriate implementation in Extensions API
* CVE-2022-2617: Use after free in Extensions API
* CVE-2022-2618: Insufficient validation of untrusted input in Internals
* CVE-2022-2619: Insufficient validation of untrusted input in Settings
* CVE-2022-2620: Use after free in WebUI
* CVE-2022-2621: Use after free in Extensions
* CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
* CVE-2022-2623: Use after free in Offline
* CVE-2022-2624: Heap buffer overflow in PDF

- Switch back to Clang so that we can use BTI on aarch64
  * Gold is too old - doesn't understand BTI
  * LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
  (requires 5.1+)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places