-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jun 2024 21:31:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 126.0.6478.56-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: a25382136f93650a0c5927a946c0041e301b78c3 1269092 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 9e49082dd931ee9d375a416021fe4cf3c4fb320b 5306160 chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb 28a6ee9b0052a70401eb63af9d563af0b3f848b7 29770996 chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb edbef48596bac51ec39876668d366831ade688a9 6735336 chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb 762b0027b04570d3ef124d7ee6076cba0dc63c30 14300 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 14168369dc297a412e99d2bcfdb4e4864a73bed5 91120 chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb 3a18b680abb602d3af7aef564afe02055560739e 24867964 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 897c3817ca6fc68f1f4a416cad0fdeadd58d8b79 52587880 chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb 1fe89bbad33984ebd6fa59ded68466cced165229 24635 chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo 2b8a667f64f679b6b28f1ac20c4cb8af7d3abeab 75179612 chromium_126.0.6478.56-1~deb12u1_ppc64el.deb Checksums-Sha256: f49ed0f71c840fb9e6acdf7f12047c4ee27024a9269c9b82a38407732607d076 1269092 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 06bcfeeb349cbb9456878fe09d5bf333ff8e3192ee76a4fd5dbf82fa9a4b9ffb 5306160 chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb 029302cdb46741f5b21b523e70cd884e0222f1567cc9f0b86e052eda3c4bda4a 29770996 chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 81502ebad60df809264bf582de87e2ab75ff8b942c96a04bd2a927147cc9bd3e 6735336 chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb def2ae6a3641f551af3c3d8df498848c392d1e009e90c2ff96a4be5f81ae9349 14300 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb dc56356c00bfe1ef97a513f501a1d60a10543348e9a22ef34d4ad13934359511 91120 chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb d1565940dfe9e9384ecc29d42dd0eae1c5b3ddc5bd14d9b6c8e5578cb1119de1 24867964 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb ec0188c294afef6414466bc3d291c020244fc19f3c302cf065d2e935aa3ecb3a 52587880 chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb 5efebdf761d7f4be4eb1d663121bf996497a9c2f35ccd211d9d13426307956e5 24635 chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo daa4fbaef853d4b3834367511a234618edad6674fce9c2460ee22172ae496d18 75179612 chromium_126.0.6478.56-1~deb12u1_ppc64el.deb Files: ec77b110861b38bd3162d46c4e2057fd 1269092 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb a3e6392a1cb7f88f86799cf83ee4fc84 5306160 web optional chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb 08baaa4b09211040332f940fa282e75d 29770996 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb 5affd43e7ced7a0b8e80f0c8ff91ec94 6735336 web optional chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb ad33a98dab44f6769eac9e69ab24881a 14300 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb a4463d2bd63826e1738bf61f36ea67ae 91120 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb d06f5489e75f0bbc3eef71b62be954fd 24867964 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb a5f5a190995f4d502e40e4cd0b941548 52587880 web optional chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb 1c19766b7f7707418753d51e3621c233 24635 web optional chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo 6638e1aa68c6ee37b55edcdb482a997b 75179612 web optional chromium_126.0.6478.56-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8YyVP0bbbFwKPsGN0jKBgzfto4IFAmZsPiUACgkQ0jKBgzft o4IV1A//WUOvLMc24JYQ0OC3MrDd3Xj1ZbjtludpSlGW0PK83mR03w2gMIZHPA42 fPFmGGD9mcLXQtkhAmdcsdTDMKXm9Qua6+BSOYr3UYgOIteECJwEocBY8BDNo165 YZioEQu3sXRKCEq3Mm1n/NoZP832kKcMePD+VJeVJzfvYTe1DByReCnKIS/q70fI xkv0aVBPwWlZs8l8Kpa7gClOJonXo7s8CLscIFiXnYSL1pGbl/z5ko0i6EhJppCQ MifZIKZ8sgZ7WjcxZG/CVtm0a2tdBIZR/zJvpDAuwKMiSAB7QXWIZrxvBSHREZwd ZA+GeB9yHsXyOSgUW7gAYPCbu5sqLTh/5ucnKIgxvAo2mGxXxcYh4QSkTvbhottR Z33slQNO2Im9o1xvmdvZOtH7xqq7QIBk+4xNLlVgGWtBa7RDaItE4RF5JVRHWj1+ WiUIq7vniBH/z01kUwrU+7iK6mdBpDKf/iAdx85fCNqPuxIQuv+7/alWH+Qs72+V wl+L2trKRSk2L7E2MWVEquBNekj9WDTqzEHkBg0lXEZIJ14ElKrWjOO6WiQ4qrPe EH6DCX64PVH2hgKnStchnRxo+LcLgywpHgHx8ErYlRklzA1FPKFGbJ73sJYb9NCa 0aLCFXY3MqVFSubuWE+jPQHq/uXETkRIUoHZLtJikPaUsQ+dZCI= =dVbE -----END PGP SIGNATURE-----