-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 21:31:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 126.0.6478.56-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 Build Daemon (x86-grnet-03) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: 016529df672b18c26efec1af88a9f861177c0221 1227036 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 5f78a4e169c11cbfde6a63cf6cb0e320e58ed556 5021616 chromium-common_126.0.6478.56-1~deb12u1_amd64.deb 4532554f5c91cd32e264efbd01447f715fc6345c 35715780 chromium-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 7231e8ae16257b8094e3dbbd7a9e1bf7b20cd405 6247716 chromium-driver_126.0.6478.56-1~deb12u1_amd64.deb 5e23ed1478d4d3984f7b1143e2968cf84f322a93 14120 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb d2179498c9aadc3d88d7eb40f944bdcd3029bde2 91016 chromium-sandbox_126.0.6478.56-1~deb12u1_amd64.deb 8a89fd3834040cae605726a8f65d9380a74e274e 31016272 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb f3793a277e8f6697ae116753b05ca7c944573969 52373440 chromium-shell_126.0.6478.56-1~deb12u1_amd64.deb 2d693643d773c8efd6ddf2d6e0bde41321a02cac 24719 chromium_126.0.6478.56-1~deb12u1_amd64-buildd.buildinfo b6d9f60c95444a2355e1f3d10825fa4b3f351712 75061656 chromium_126.0.6478.56-1~deb12u1_amd64.deb Checksums-Sha256: 99769a8f21e191d0e39cfc3e1dc2175f91e964db20791d66e3d55d148d52ad71 1227036 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 3eb417c7ae9997e46fbb2a1ccb9c6d7ae3d6add696fd5ffdb5455ec72d5f7c53 5021616 chromium-common_126.0.6478.56-1~deb12u1_amd64.deb e65940f6b3e49311f65d8dc51cd6b35341168a648b58bc8ed47dbbe951c2f959 35715780 chromium-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb a9de4beef90f1dca94fd34c24321e76524a8138a114b30055fe11261da5b485a 6247716 chromium-driver_126.0.6478.56-1~deb12u1_amd64.deb f0454bbf3e71316bdf357da1feff74c5a618e108d4f9c101c83b188b13c100f4 14120 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb e36c807843e7bf2c2e8405f9ed01a43476690f7a24af74eb3fc82a723322121d 91016 chromium-sandbox_126.0.6478.56-1~deb12u1_amd64.deb 548e62589d0911abc61ce33f27d205a65a077b8552a18edece6f81327f32f640 31016272 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb e0b7cec79a45c0b4c35aaa95a0de7c203181a8a4b51244bf0d45418a6aa7e9b5 52373440 chromium-shell_126.0.6478.56-1~deb12u1_amd64.deb 6a564541c7269da79c1eaccb7b8399a2e5761ecb5d1444524b363890a00edf1f 24719 chromium_126.0.6478.56-1~deb12u1_amd64-buildd.buildinfo 5dfec063dee70bd777f77c8243e931fb43727bf58438e461680d386ca2af3183 75061656 chromium_126.0.6478.56-1~deb12u1_amd64.deb Files: 1065fe362823abdaaafcf025a8ade4ee 1227036 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 8b2ef058f8ca69da46713c7036cb6a5d 5021616 web optional chromium-common_126.0.6478.56-1~deb12u1_amd64.deb 2d6925ffda0592d8f8d9f2dbf9a4adf6 35715780 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 0e8c80859ca9dd960ec7d22eabc5168a 6247716 web optional chromium-driver_126.0.6478.56-1~deb12u1_amd64.deb 309359bb25c0b0761341576b367da41a 14120 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 9c2eac026e6b67cd213b5a4a46982f55 91016 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_amd64.deb b95b67e940cf0fc405408c970294c528 31016272 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_amd64.deb 5e160b369d282aa0acbde33329559118 52373440 web optional chromium-shell_126.0.6478.56-1~deb12u1_amd64.deb ad7d7f00c8c6591ebde61b2f328a90d1 24719 web optional chromium_126.0.6478.56-1~deb12u1_amd64-buildd.buildinfo bd3e381d0532dd3f9d12a395ca972de6 75061656 web optional chromium_126.0.6478.56-1~deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmZsVKcACgkQgDm7h4zf CpIY1A/+NGcehiogebM31BEEJDJGalK8+7yGztMRNdHVLmbOv/yIg5ADdO7I4sHs cpzaO1NnZ5xaExw6VW80ufBXMxF/01twn7/zlOD/KGZCHfgzWFSkvPfegwULAf19 qYY3mAA5IYrKgkd9wKNWRCDHywffOAK+0D25V726R64GagNglyaHTlICJXiKssST BAFfmstcqnCNxTUPtjWR4n/7DLd5ppp96i2q4ptZ/QtEWFN2Dn6Qh/VYi9ODwHXy B4kqf0iBXWL2E9/q1zsjcWwLAe6d5rPNpNk9CSulcwzoLQlr4mZiJh4AsJ4A34kM hTG21tk/IXBX79omY1ZP9brEh+okdlVHlHjfOGZOsa5gXsD0XiEi71iMHxqragiY +q8MnLNP02Jmd+BVEN0mKE2KEtDx1Aq0MoHeul/OqpA7BykG6VDyEPuRUsw0LxJZ KJOEPJDSvaQMzeV9/BpsD6uHAwRKC6KWEdeNXibZmwmLiPfsHDAM2/ywn/gXDta8 DWepR+HDq85ljPrMH1zCr6vgFW28wfutq5Qu+gMwYVg436Frgo2Hgev4nGC/kyyt ziJJVBjyQNyLadY8oNnF8n8yY+J6E39KoCz2/QUWBIPO0WCiLBs7ZM0NDgDCAjMH IZuYgiaF9VPBAnLPLb9eDu+C+P6/4PbfS00pKlud4R/M55HM4Do= =7Hmf -----END PGP SIGNATURE-----