-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jan 2024 17:59:49 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 121.0.6167.85-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (121.0.6167.85-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-0807: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous. - CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001). - CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim. - CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea). - CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01. - CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家. - CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip. - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero. - CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. * d/copyright: drop another eu-strip binary. * d/patches: - fixes/atspi.patch: drop, merged upstream. - fixes/gcc13-headers.patch: drop portions that were merged upstream. - upstream/nullptr_t.patch: drop, merged upstream. - upstream/string-include.patch: drop, merged upstream. - ungoogled/disable-web-environment-integrity.patch: remove, upstream wisely backed off and removed WEI. - disable/signin.patch: refresh for minor upstream changes. - disable/catapult.patch: refresh for minor upstream changes. - system/openjpeg.patch: refresh for minor upstream changes. - bookworm/clang16.patch: drop portion that was merged upstream. - upstream/vector.patch: missing header fix, pulled from upstream. - upstream/display-header.patch: missing header fix, pulled from upstream. - upstream/bitset.patch: missing header fix, pulled from upstream. - upstream/once_flag.patch: missing header fix, pulled from upstream. - bookworm/constexpr-equality.patch: add clang-16 workaround. - bookworm/nvt.patch: revert an upstream c++-20 change that confuses clang-16. - fixes/libxml-parseerr.patch: revert change from a newer libxml than debian's. - bookworm/undo-rust-req.patch: revert change that makes rust required to build (for now). - bookworm/eraseif-lamba.patch: revert changes switching to std::erase_if to work around libstdc++-12 bug. . [ Timothy Pearson ] * d/patches: - fixes/std-to-address.patch: work around incorrect template selection in Mojo ConvertTo() - fixes/stdint.patch: add missing stdint include to performance manager * d/patches/ppc64le: - fixes/fix-rust-linking.patch: allow linking C and Rust libraries in full archive mode - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for upstream changes - third_party/skia-vsx-instructions.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: refresh for upstream changes Checksums-Sha1: 5c0794cd941ef9581b362e0d9139e734a63c597a 866804 chromium-common-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 19ce41892e88f22347daf5706f4b67e228c1eb8d 5197288 chromium-common_121.0.6167.85-1~deb12u1_ppc64el.deb ee799792b63eba1ab7ea4b3e339d17d6d46b4cc2 31936464 chromium-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 0c051bd79f25d2ce8d60bd651c4b18f12da0b663 6393412 chromium-driver_121.0.6167.85-1~deb12u1_ppc64el.deb 0317af210a0e3288f64152cb4c2eea5e308ddeb6 14356 chromium-sandbox-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb cfc4262da51b00e248f048c478b0ffa744817e95 86012 chromium-sandbox_121.0.6167.85-1~deb12u1_ppc64el.deb 16c73593e21364293951cb8faf52b503c36818bd 24494124 chromium-shell-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 104746a93fed638d4d4e80619e2365efa48142e3 51797256 chromium-shell_121.0.6167.85-1~deb12u1_ppc64el.deb 6fab9152ea61ec9c4b3352bc92ae28c8c494fae8 24444 chromium_121.0.6167.85-1~deb12u1_ppc64el-buildd.buildinfo 09921bc1ef89e0d48a5414edd25b93536c5cfed0 75197516 chromium_121.0.6167.85-1~deb12u1_ppc64el.deb Checksums-Sha256: 51a166c8058bf9eb88125c8a7ccbb22fed2f282e096c7ed32c3dce7a85aaba3e 866804 chromium-common-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 05caa1ea3df34a153b78a991a60f23075caa32455a3d13c4b1ecec88d4d1ab18 5197288 chromium-common_121.0.6167.85-1~deb12u1_ppc64el.deb 7a5a07c1fde8332d3ce26d7fcf839d7d980ef32a676365b44de225daa0a385ab 31936464 chromium-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb bc2c4a1cc078a4ca1486dd6425870a5096859c5fdb875ff288527e5064ff3965 6393412 chromium-driver_121.0.6167.85-1~deb12u1_ppc64el.deb 71edae8837f944978d69ce75777ef448d569bd64c61e614ce332ea59fe0a7fa6 14356 chromium-sandbox-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 4e4f25bffdfb04bce1f18cd7870ec79c76d17ec187049d6a96e6acd3d261baa5 86012 chromium-sandbox_121.0.6167.85-1~deb12u1_ppc64el.deb 17d63044401b198a027823bd2e9fbf82568ed7fb2feea5d076c730b69b6f5f3e 24494124 chromium-shell-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb a5ed2727254510b5f21ae8f32e122b5280df466864994b9b79c2e7597a2f10d7 51797256 chromium-shell_121.0.6167.85-1~deb12u1_ppc64el.deb d96ee42e427a95c2aa08e9f8b897db779ae31cd15773aaa6e9e1a01080123bec 24444 chromium_121.0.6167.85-1~deb12u1_ppc64el-buildd.buildinfo 8b6a7a6b0cd3a004ed484c4ed1e15756989a55ea37ed66669614acdda21a36e8 75197516 chromium_121.0.6167.85-1~deb12u1_ppc64el.deb Files: 41d2d262e3fd3d71cd0c28ed0775e514 866804 debug optional chromium-common-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb d818fb6c2e058992497d47d1b3f19512 5197288 web optional chromium-common_121.0.6167.85-1~deb12u1_ppc64el.deb 5e92fbfea78f77262f9395f891c3a0f7 31936464 debug optional chromium-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 5bcadef918aa33b573d0e2ca5d6ed6b2 6393412 web optional chromium-driver_121.0.6167.85-1~deb12u1_ppc64el.deb 1abf7c8de752642cd5c1f6300c822dc0 14356 debug optional chromium-sandbox-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 9704c2a2fc1a5f5ee3f26aa28886aa05 86012 web optional chromium-sandbox_121.0.6167.85-1~deb12u1_ppc64el.deb 04b249c625a81fb785c2860d02cbe266 24494124 debug optional chromium-shell-dbgsym_121.0.6167.85-1~deb12u1_ppc64el.deb 5b13fd13c8e6c317a2871753e5c1d907 51797256 web optional chromium-shell_121.0.6167.85-1~deb12u1_ppc64el.deb e46f336101d8025e971db6071928d766 24444 web optional chromium_121.0.6167.85-1~deb12u1_ppc64el-buildd.buildinfo ec06dc7e7082adcb45d3020cc00df867 75197516 web optional chromium_121.0.6167.85-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8YyVP0bbbFwKPsGN0jKBgzfto4IFAmWxQYsACgkQ0jKBgzft o4IdORAAgsDIcdZhchrnaIwji+WFEoPsHdZ3XHQLQtWm/0ci1TgTRte+ep0SrnIM TNYut3M6iE+69X3K0DsmNTS9R5bXtOdLtKok5u7uRw+aVGPyvJgnFkU5oiz78AZt Ken2JrXDZPiVKn3GXzEKP5wkr7SF8A4yOImVrtA+mwBz21GUQJnRpgapNjSPI96j IghIwt6/U3gD8rNRCnSEOxfKDa+CrHBXHi03DaPdbkLsV9mA2yO5Vt/p4r+4KGLi n1ora5c1j4rxGbVgTgTL/dIW9L+UOR1jLwUWF7HVWvZKyglR4nLyBYgCo7LuYZDP XOE4F2LNSR+bLqd47hpfgZYDlBCv4Wj2resJjnsuMOVsJAJMnZEuAdvKIZ+iXONc OohyUQ2XUOUeuovPifprQ57D5Xp8+I30Kw6H3CkPH3c5mxbqAdRpL9jI+61Ez0HU TBYB08jpfooY264kZm1u/WxdBvlPMwv7G4yhYefgnbnKmfaeZVLuh6nWKtD9dwDH fXZ5Ge248XrbtIlot1NwxwT22md1okZFWbq4MIJ5vNmgHLf4GeEBmOkoFCOij8ba G7SGq01dZNvrTzE1i+BL5cqq0dk0lA6WLLsiIh6WU46E9TiNfmhYjWy90VsraYo1 EJdQKoF5Fllp2n11AJv2siOHwNjVYJlf8KWm3g2s/r5vGxoDbds= =Dz2y -----END PGP SIGNATURE-----