-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 21:31:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: arm64 Version: 126.0.6478.56-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: 71239c3e09f4305039d867bdbed1065d03444c36 1292076 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 82db1694016dae3b128a35da7cebd0355148d7a0 4873496 chromium-common_126.0.6478.56-1~deb12u1_arm64.deb 769f8c956384d75d64173c20550b255e0c6cb0d8 36787256 chromium-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb c25832ebce163d6be09e2bbc6f2c17bd4bf24e40 5664260 chromium-driver_126.0.6478.56-1~deb12u1_arm64.deb 8b6e20e54bf2e32ce077582d9714f20793d3c249 14468 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb c90127a349337d4290f789201216cba278247336 90884 chromium-sandbox_126.0.6478.56-1~deb12u1_arm64.deb 81578f660aa6012be4f6ff57971d4e1ac1c40b97 31182424 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 6c540f633b94eac5920187912cf5f855e3f530e4 46832992 chromium-shell_126.0.6478.56-1~deb12u1_arm64.deb cbe7b822eee3e4e765b5245dc0140b34763f1ff9 24701 chromium_126.0.6478.56-1~deb12u1_arm64-buildd.buildinfo 0ca4132b322b29fda83ff626d5989703101a4586 67359008 chromium_126.0.6478.56-1~deb12u1_arm64.deb Checksums-Sha256: 6ca1dd38ae1e4ce43b7166af57df1cffb4a9e93eec412459a011213966133c57 1292076 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb d9eba651939b84c7e169db3295d4f103c8ea868141d8afa6f863c88b8ba3cf70 4873496 chromium-common_126.0.6478.56-1~deb12u1_arm64.deb cfba6632cc347e271cffb937f70298f89b2ea2d174ab3b71b43ea8f31322c516 36787256 chromium-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb fc45a58cbe9bb30dc20524e9db771f4e60e389def25a2fb0a6fd82a1c8e50979 5664260 chromium-driver_126.0.6478.56-1~deb12u1_arm64.deb 7374ccd65a23d5a1c0402a8bbb8b01b42ff43b955bf3004d76e2e83289db9695 14468 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 6ab94f2219a49c588d017a905ac91663ceda0b81a49bd3140937917de8cfd76f 90884 chromium-sandbox_126.0.6478.56-1~deb12u1_arm64.deb 87c85582b67b2be565d4c5e658fb3aaa041cecf26bd77fb48594db58110a5edd 31182424 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 259f38b80f114b2d6205fad65c62f213803bbc79caf1d5d581511990657ba4ed 46832992 chromium-shell_126.0.6478.56-1~deb12u1_arm64.deb f5330f0b50ba0129c46d156283690ed0818cec30aa4fca1adfa2cf2375d58ee0 24701 chromium_126.0.6478.56-1~deb12u1_arm64-buildd.buildinfo 6999f115dffa41405b763be160e784b594aacebc93fb2b87ed76c31a3bbad26f 67359008 chromium_126.0.6478.56-1~deb12u1_arm64.deb Files: c33aa75497b25b8b0c70d0b70d7841e6 1292076 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 4f42e715971b50ebbb8f7c7e9a1e4460 4873496 web optional chromium-common_126.0.6478.56-1~deb12u1_arm64.deb 11cb0b8287540ffb541bc2274ea17cd9 36787256 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb e22d2fd89e206dfcc9ca74fa3f3a2715 5664260 web optional chromium-driver_126.0.6478.56-1~deb12u1_arm64.deb e51fa1dfb51aaee8b15bd8a0f57140bf 14468 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb 24e65476c26ee80fdef9583b61e92f5c 90884 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_arm64.deb 8549b5f63a385c142a9bedc0db7763bc 31182424 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_arm64.deb fc1af9011621399478c06437bcf9e31d 46832992 web optional chromium-shell_126.0.6478.56-1~deb12u1_arm64.deb 0011a9eaeed8daa2b7bf78a3e95c4e10 24701 web optional chromium_126.0.6478.56-1~deb12u1_arm64-buildd.buildinfo 032c4b0fbf3abfa4eff668ae53b64a15 67359008 web optional chromium_126.0.6478.56-1~deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBv+o19JDIRm4yIQ5CeROIpkCGwcFAmZsSIEACgkQCeROIpkC Gwe+/g//TP0uoKIN12wcjT22IXnRQqcKq5HIYrYQFdKtzqoajkP8jyI+Fr35mek+ rxhnG38khc2ZpoHyDOckLUPSshLDadLMmRsu3YZXkH1v7WSK7xSf/uMYg7hyBJrG N0LmBUC6fOGrvVRqVh98x4oDqhlI66flylH04Iq918XbiveEf+Jp9ihaklMejCvx NBc4Pxy/TmW4ufrpvxt9KdOKq/ZV/AX/zyIdB3CLqogxyONPQbha6Z2+YVjEnYtd 3AKwZp60x94JCXNwsPJJN0o6MwjyMOBgOBVSmZaGtqaSeayTV3QwddU/MXCoHCIj 4v3Vu3rhqCtXM0NPyeTNZ6s8m/t1ol1jJiC8bBmQXWO1/1VU6KTyDbMfsJwST4SB jNNxyFKsG6Tydk8+bYWCszB0vmN4TwpbOnNcnp3LduEzqmuTS4dnJOzfJ7D6bQkf 4H7xIBxDHImuBtT+KCUVdD9re7i4fnu9DYDrXXFrNw8H0bnGiewQV7UPDu0NuzJY U6nw3o1ymQIrdk8tVKXJKDKV5iEVNKJsndrYzPFVLOHLeeCrB8IWrjNH2CmW7WW/ NbgfGvgQB/XRyvZ90MFO2OdpinlTGw0leeQ2zI73HlzML3rNgHD4Qx4YrHjhUvaC XkahSwTRxg+TjcYA7JkCsFC7qErQJd4J9hXTqDjFZSgavQKTuTc= =RUUM -----END PGP SIGNATURE-----