products/PackageHub
SHA256
31
1
Fork 14
Code Issues Pull Requests 28 Actions Activity

Pull request for security update for chromium #445

Open
rfrohl wants to merge 6 commits from rfrohl/PackageHub:maintenance-update-1771000297 into leap-16.0
pull from: rfrohl/PackageHub:maintenance-update-1771000297
merge into: products:leap-16.0
Conversation 32 Commits 6 Files Changed 2 +62 -1
2 changed files with 62 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
chromium

Submodule chromium updated: ff3414e963...f0003f0c35

61
patchinfo.20260213163213815955.255638743075857/_patchinfo Normal file
View File

@@ -0,0 +1,61 @@
<patchinfo>
<issue tracker="cve" id="2026-2319"/>
<issue tracker="cve" id="2026-2322"/>
<issue tracker="cve" id="2026-2313"/>
<issue tracker="cve" id="2026-2318"/>
<issue tracker="cve" id="2026-2441"/>
<issue tracker="cve" id="2026-2316"/>
<issue tracker="bnc" id="1258185">VUL-0: CVE-2026-2441: chromium: Use after free in CSS (fixed in 145.0.7632.75)</issue>
<issue tracker="cve" id="2026-2323"/>
<issue tracker="cve" id="2026-2321"/>
<issue tracker="cve" id="2026-2317"/>
<issue tracker="bnc" id="1258116">VUL-0: chromium: release 145.0.7632.45</issue>
<issue tracker="cve" id="2026-2315"/>
<issue tracker="cve" id="2026-2320"/>
<issue tracker="cve" id="2026-2314"/>
<issue tracker="bnc" id="1258199">chromium desktop icon shows @@MENUNAME</issue>
<packager>oertel</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for chromium</summary>
<description>This update for chromium fixes the following issues:
Changes in chromium:
- more fixes for desktop file, some variables were lowercased,
further adaptions in INSTALL script (boo#1258199)
- also copy rollup into third_party/node/node_modules
- stay on llvm-10 for swiftshader but bring a similar patch
- drop use of rollup binaries and use rollup-3.x which does not
use prebuilt binaries (that fail at least on older ppc64le)
follow the approach of the debian packaging
- update/resync ppc64le patches from fedora
- fix INSTALL.sh again to replace the tags in desktop file,
appdata and manpage (boo#1258199)
- Chromium 145.0.7632.75:
* CVE-2026-2441: Use after free in CSS (boo#1258185)
- Chromium 145.0.7632.67:
* Revert a change in url_fixer that may have caused crashes
- Chromium 145.0.7632.45 (boo#1258116)
* jpeg-xl support has been readded
* CVE-2026-2313: Use after free in CSS
* CVE-2026-2314: Heap buffer overflow in Codecs
* CVE-2026-2315: Inappropriate implementation in WebGPU
* CVE-2026-2316: Insufficient policy enforcement in Frames
* CVE-2026-2317: Inappropriate implementation in Animation
* CVE-2026-2318: Inappropriate implementation in PictureInPicture
* CVE-2026-2319: Race in DevTools
* CVE-2026-2320: Inappropriate implementation in File input
* CVE-2026-2321: Use after free in Ozone
* CVE-2026-2322: Inappropriate implementation in File input
* CVE-2026-2323: Inappropriate implementation in Downloads
</description>
<package>chromium</package>
</patchinfo>