-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 21:31:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: armhf Version: 126.0.6478.56-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: 4014d8fa77d349b2057517582bab6d65cc240a98 1313012 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 1e1d2841b60b1e1e81d8b0c7589689541d16e741 4950824 chromium-common_126.0.6478.56-1~deb12u1_armhf.deb 26b63139fe3068204c49225c30159a46d1ebc4d4 35338176 chromium-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb c01f28bfd8eee5d48dcb88a91917880d6ac326c0 5968332 chromium-driver_126.0.6478.56-1~deb12u1_armhf.deb 1600965eb5f308cc95b31f72e0f0316071c3900b 12216 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 70c730c62caecb59e6f20f2fb840f6a01daad5c5 90596 chromium-sandbox_126.0.6478.56-1~deb12u1_armhf.deb 1e86ba3dabc6f84f813c8f1d544b7d794e6e3310 29266076 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb c12dd133e62b45cc211a2600eef593bd58d0078c 48487792 chromium-shell_126.0.6478.56-1~deb12u1_armhf.deb 14c45df257e85df31607b8344e8fe529f1955023 24643 chromium_126.0.6478.56-1~deb12u1_armhf-buildd.buildinfo e737791d77ef36a47a43366a78c231a81326c5f7 70072192 chromium_126.0.6478.56-1~deb12u1_armhf.deb Checksums-Sha256: ad124ec48f31355521d2f7cd088ddc4301b7978ad46e31a089ba179a8de036e8 1313012 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 8604b6452824cd5550e5ecd4301922bccf65eb485fe39e3543c439f33e6606b4 4950824 chromium-common_126.0.6478.56-1~deb12u1_armhf.deb 6a6f969cfd61f86bc46928fe892b3dda5d965efd29b15371b69d56edfb686a01 35338176 chromium-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 338f0d07ff3219e784f9751d7b7aaa68035a0a1469a119b31abc4f5ac018ef43 5968332 chromium-driver_126.0.6478.56-1~deb12u1_armhf.deb ea88cb7a330beb49143c8ecc539bc074ba4f1f80b0a45ac10403efa4879cbf78 12216 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb d773298620bcb5f91171cfbd257bf662cfb3d3d959337de5d485aa579925c628 90596 chromium-sandbox_126.0.6478.56-1~deb12u1_armhf.deb aaefaf08fe311de4433dca81c619c6dae06cde5bd8c721bbe7489bf07ad78a4f 29266076 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb ac47a3cbe3504c9e1be40885fdc814b5992740f557bd2aab7190f727ba594404 48487792 chromium-shell_126.0.6478.56-1~deb12u1_armhf.deb 8c83551e0fc7646f784cb2cd0f93639182546c11665e5df99954f2cf59111f21 24643 chromium_126.0.6478.56-1~deb12u1_armhf-buildd.buildinfo a4282e55fdd95985804ff474db13b86a4cb04cbc2586fde4dd214b37f7f1cc24 70072192 chromium_126.0.6478.56-1~deb12u1_armhf.deb Files: 833fce1d59ab9687e3c9749bc5edadec 1313012 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 2375a11c933bfe7888c4217885d3e967 4950824 web optional chromium-common_126.0.6478.56-1~deb12u1_armhf.deb fa2ce590d2176a923ee598418a1a9b20 35338176 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb d5106098dd30518cc9a9d08e2c8cac0f 5968332 web optional chromium-driver_126.0.6478.56-1~deb12u1_armhf.deb b2c9890fa09cee5bb328328365657891 12216 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 69133cfd3ff36149a438af4c84aed8ac 90596 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_armhf.deb f11950203d4a8cc7865adce5ce6748c2 29266076 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_armhf.deb 9ff9cb015d51676403b16e34926bba4a 48487792 web optional chromium-shell_126.0.6478.56-1~deb12u1_armhf.deb e81230e33bcbe0651e4e966665d972e3 24643 web optional chromium_126.0.6478.56-1~deb12u1_armhf-buildd.buildinfo d77fab63d1bf24ee969bfe794b3cd9f3 70072192 web optional chromium_126.0.6478.56-1~deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6s8UzO+WAx8RRAOV80lOEvgzuSsFAmZuriQACgkQ80lOEvgz uSshDQ/+LWiIgqMvtXEtOMyMRjAzCngjWlbW+l/yFUFzDagNqxuXqq4TekfkKn90 qcutco5jXjenxEobW73txZASXPIsF13McgPDfml9l6JhBA6c3XV164Ww9LFBWBcF AsJGqMF+Q5lOi6rCqE4pOzx8EzYfPe5VKvYNuWdWD6UDX/klV0ES/GDU9vIJ3FNK HnJOGEqt2er+7TIn/DAfi8cZc+rd+4VW8DEMY5XnO03iDLCOLHRIceBg789Y2+Ec t2QRRMqiJG74dBQL4US0gcvaLxbayTA4AK36bRL/TrJNt6acha5Ai6uEiFDa/kAw 129FF/TalN8MCkS/QEgPw+f59RymZlQF+4WLRgYQfrOkuEY+kCcZgg1wUBYXyJoK ieBrLcOSfNTVSmDTek5bi7ezEnInx2lqdlp0wSVjA5hB3P8XxkSHlir72lGcZSaV y5lui7TWYUbppTFg4Q1uqBkWCRnRvy9Q+v4RJTGzatDfMeoiXbDnqe7lpIvggTqG vMFHQqdVaapCf87clb8TOrRx4abswBqVGpTjQAfCo9bVug9zfA/itCQYdpi8oQwT lFrp/uA2XANUJbWKYuEENrs4I6tgHXBJi9t3cQImfUjZdMVtWkM93yMRI7tqGW46 u7YrKYEQT3wXN+aMRihWDtg/wfU5T8s1kPJSeyJEbDIV211pV+w= =CwkV -----END PGP SIGNATURE-----