-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 21:31:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: i386 Version: 126.0.6478.56-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: ab37c9223fc843c20ed1cf3476172947d03a69d0 1182888 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 975c505509b3991a99359da59d16af1c028f6419 5014396 chromium-common_126.0.6478.56-1~deb12u1_i386.deb 7c65a1ac42c3a86ff774b8ddd9f2065add5830d7 35787192 chromium-dbgsym_126.0.6478.56-1~deb12u1_i386.deb e3213f2bde646e0526427a98eacf6c9b5368c4bf 6445088 chromium-driver_126.0.6478.56-1~deb12u1_i386.deb 7f8897e24b03d5cfd5ec23a0edd7abd73fc84593 13956 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 6fe3255020380b0541d0d7974f9eb11a327154af 90880 chromium-sandbox_126.0.6478.56-1~deb12u1_i386.deb 9976270aec4472a99112a9a17324dfde70e8cac4 31056052 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 64112a5d3c96049d4ca09821feeef3e763a791b9 53519200 chromium-shell_126.0.6478.56-1~deb12u1_i386.deb 885d726da6e6ee40a4ed6105baa97d98222c115c 24715 chromium_126.0.6478.56-1~deb12u1_i386-buildd.buildinfo 02582f904c7c1b4633ae625abeda1566e0297430 76872452 chromium_126.0.6478.56-1~deb12u1_i386.deb Checksums-Sha256: 8cc4857151b8bb8ded8c4255db65b56cd6fabd76c435c4b4c7daaf5da1c9f218 1182888 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_i386.deb e0897211fe590b56b1b3ed5f574698c9a7f959b1e96865620af550b46608d3f1 5014396 chromium-common_126.0.6478.56-1~deb12u1_i386.deb 0e2e6814826b80d351b8d7fe9bbf26b1e0436be16404b637ccb7c0f355b774ce 35787192 chromium-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 8117890a4f67f04690b277da5dc2810f1a30ec339f5ee8cdee1460faeaf0a2fd 6445088 chromium-driver_126.0.6478.56-1~deb12u1_i386.deb 139cca2c992cb75e69538c7dd82cc4d68735ba92df3cc49a4f142548e511349a 13956 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 1736e1f445e6c67c1cba7318a1c5506d3bbdd5b0b7b94084607a57cd9472ee82 90880 chromium-sandbox_126.0.6478.56-1~deb12u1_i386.deb 78a7ae7fcec2b684891d51e5fb41e5def1fa60ef95a17d47f499abce7566dc99 31056052 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 41ccd4800271d83d01347f803fcb4b4d25dfa30af116bb17fa307107036bc188 53519200 chromium-shell_126.0.6478.56-1~deb12u1_i386.deb 85d0ee35de6994c4674950d03c6c4365fc87c0b550567271d37477533db86aa9 24715 chromium_126.0.6478.56-1~deb12u1_i386-buildd.buildinfo 0376439b18173a0cd2beda752d4e7db012521dac0ed1ca5e13260dfadf639db0 76872452 chromium_126.0.6478.56-1~deb12u1_i386.deb Files: 477b3e4bed6748934df2c0cffa9a0fe8 1182888 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 2ab0a6b7f8fa92df5aebdab3b6a777ed 5014396 web optional chromium-common_126.0.6478.56-1~deb12u1_i386.deb 25912dd7bcad972105ad9ef2e064642c 35787192 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_i386.deb fa24ff8b79fcb403ea92a112503835aa 6445088 web optional chromium-driver_126.0.6478.56-1~deb12u1_i386.deb 1531b4f31dbee050566ccf42702bd364 13956 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 07f75de0b633e5f6b5d2aa7d7cbe129b 90880 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_i386.deb 08d432968a467be21691d21e319ca07a 31056052 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_i386.deb 58cffcd498532e00ef7082d78d6f385b 53519200 web optional chromium-shell_126.0.6478.56-1~deb12u1_i386.deb 20abf18fcc74871c3f3da7314527c81c 24715 web optional chromium_126.0.6478.56-1~deb12u1_i386-buildd.buildinfo 1066044270d5ecb578295f50f72e6726 76872452 web optional chromium_126.0.6478.56-1~deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGBeuno8wiDXCewDuqqLQG5ksqMMFAmZtGokACgkQqqLQG5ks qMP/GBAAlvEha+CKfqOERtOv7FqAHuKHVqVUlRHBhleqa3U6BRVkVfav1DXEnm4g SNozj24nZS5soXlOhyIE6eYB3YVb/ZwHPTk15clSQjak6ZGX38tvqd9mxcpky80r LZQvBB+4D4dp++15uKEA+v2DxVzJsV82d+hlZ3mV65GJTqeAeFjDcO9sUMHiS3jH XUU/RRT+m5LBsMwYD0QvVIHrqiddNUVdHbLlpy4Lk0g2PsRLZlrP5fdOFbCW3f/K q5PR/zs6tjMdYpxjVdfOXYP/XETgnh0cempkPZ/+TXmd5bzYM+GYT7HAruDbLld1 R4VMiS4E/rbAWaY2+RPoqTG7/SViSx3BD9u9jtl/AsC3O1rSQPtTNB5tIqC7pC7K ZCt2HOz2b/d1ckbZm7UVAF4K7Ie83zurpE04ahpQCSaQ6/hX0fHq4hJlvJkpTZ3V r0k6EfqipdzYLPBfKYacHEpJeT/rD/ZV1Ull8R4DPyxu/2BtZ5myWMCqInLQ3IeQ /9b4froPlbw56Fu8qs0p/DfSiuV2uEE15eMqUj9m3QzDbdLfZdLJ6fcvpBu19RLi imMt5/cU3dVk53B/gW2lLS5wxEBnapLnD0w7KyUPoFPGl2dXPbEKzgo5rqzFuZQ8 7XOt/pG+Ur5RNTUQesOsWcwIfZv0N4yegScbj3nY6RGLD/f8Yds= =u2pH -----END PGP SIGNATURE-----