-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Aug 2023 17:46:56 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 116.0.5845.96-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (116.0.5845.96-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L.
     - CVE-2023-4349: Use after free in Device Trust Connectors.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4350: Inappropriate implementation in Fullscreen.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2023-4351: Use after free in Network.
       Reported by Guang and Weipeng Jiang of VRI.
     - CVE-2023-4352: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4353: Heap buffer overflow in ANGLE.
       Reported by Christoph Diehl / Microsoft Vulnerability Research.
     - CVE-2023-4354: Heap buffer overflow in Skia.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-4355: Out of bounds memory access in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4356: Use after free in Audio.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2023-4357: Insufficient validation of untrusted input in XML.
       Reported by Igor Sak-Sakovskii.
     - CVE-2023-4358: Use after free in DNS.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4359: Inappropriate implementation in App Launcher.
       Reported by @retsew0x01.
     - CVE-2023-4360: Inappropriate implementation in Color.
       Reported by Axel Chong.
     - CVE-2023-4361: Inappropriate implementation in Autofill.
       Reported by Thomas Orlita.
     - CVE-2023-4362: Heap buffer overflow in Mojom IDL.
       Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
     - CVE-2023-4363: Inappropriate implementation in WebShare.
       Reported by Alesandro Ortiz.
     - CVE-2023-4364: Inappropriate implementation in Permission Prompts.
       Reported by Jasper Rebane.
     - CVE-2023-4365: Inappropriate implementation in Fullscreen.
       Reported by Hafiizh.
     - CVE-2023-4366: Use after free in Extensions. Reported by asnine.
     - CVE-2023-4367: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-4368: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
   * d/patches:
    - fixes/cmath.patch: drop, merged upstream.
    - fixes/vector.patch: drop, merged upstream.
    - fixes/cookieresult.patch: drop, merged upstream.
    - upstream/feature-list-static.patch: drop, merged upstream.
    - disable/catapult.patch: refresh.
    - upstream/statelessV4L2.patch: refresh.
    - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh.
    - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
    - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh.
    - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
    - fixes/rust-clanglib.patch: add patch to handle new clang deps for rust.
    - debianization/clang-version.patch: move from bullseye/lld-13.patch.
    - bookworm/typename.patch: more typename fixes needed.
    - fixes/variant.patch: add a missing header that libstdc++ needs.
    - fixes/vector.patch: add a missing header that libstdc++ needs.
    - fixes/null.patch: fix missing namespace for nullptr_t + header fix.
    - fixes/size.patch: missing header fix.
    - bookworm/brotli.patch: revert upstream change that requires newer brotli.
    - bookworm/struct-ctor.patch: add a bunch of explicit struct constructors
      to make clang-15 happy.
    - fixes/size.patch
    - bullseye/stringpiece.patch: drop, since we're bundling re2 now.
    - bullseye/downgrade-typescript.patch: newer tsc 5.1 doesn't work with
      bullseye's ancient nodejs, so we have to downgrade back to 5.0.
    - bullseye/constexpr.patch: add another build fix.
    - bullseye/default-equality-op.patch: add another build fix.
   * d/rules: automatically detect rust/clang versions & add needed rust args.
     But also continue disabling rust for now.
   * d/rules: drop use_gnome_keyring=false, upstream has completely removed
     libgnome-keyring support in favor of gnome's libsecret.
   * Use bundled re2 (for now) instead of libre2-dev due to random crashes
     we're seeing. Adjust build-deps, Files-Excluded, d/clean,
     and d/scripts/unbundle accordingly.
 .
   [ Timothy Pearson ]
    * d/patches/ppc64le:
      - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh
        for upstream changes
      - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
        refresh for upstream changes
      - third_party/0002-third-party-boringssl-add-generated-files.patch:
        refresh, no changes
      - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream
        changes
      - third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
 d735d1ba44d90ad33bda93d54d8509d5a3e3ef00 6499836 chromium-l10n_116.0.5845.96-1~deb11u1_all.deb
 2035d0c2b80d1a4c17ffb25cbfc0a8bf3583fc4f 23055 chromium_116.0.5845.96-1~deb11u1_all-buildd.buildinfo
Checksums-Sha256:
 6dec14bdfbe40de1c638a091a6f18d44e4ade595e667390166027f5be9e8837c 6499836 chromium-l10n_116.0.5845.96-1~deb11u1_all.deb
 d739a86145ae535ba56d504081dca6f2c39fe720fb4df6ce80148524dccec233 23055 chromium_116.0.5845.96-1~deb11u1_all-buildd.buildinfo
Files:
 3cf29f003c82be7bf8f7745d23585876 6499836 localization optional chromium-l10n_116.0.5845.96-1~deb11u1_all.deb
 ba0e22600909430bbc1664f0cadd8590 23055 web optional chromium_116.0.5845.96-1~deb11u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmTdPDYACgkQEbLkkg2O
S0rerBAAifzw7rzmU84CbD3FNUDRB3i14yhooGc02uBKMEbQJ0Q/BFXeTNOkWq9a
TTQUuBu/y3yTpEk9rLVA6LIUFGHaefD/24LlYbJosbxCaO9z7siQAk58Z1KwyHZb
YSiJ4AXQwK9rgHr8ObHWfzDr6TJ5ftW9OYsQHkcO0RaZHkMBDJ+sa2UhY9nxC6lY
IEaqP73r7QLu2AQEfq1UvZ9mY2Fj4NLqJEPBWjsHWfPh6DFF3f1eZ3gsDvcL2mUc
8I0bUK4Fy2n8txV9cZk6dyyM/9t6UeajUOTg1zMzDPtRvz6DCbUEdtDXIugrSwVE
A7JnlSggjwyVvxt8v78hJL9J+iVErN/fZNaCYJD+bSWb/jDJZpL/KeQO0qRT2eLE
7Xc189gH0YzMiIayxA3L0DUUtn1IyYtv+M+lfflsBl6oi6IhY9e5FmN3dto/28FZ
EqiFVqcqT+wx9Ahil1PwTwt0EQapQ2xSCzGJGHd5ETjxhv6e3C+Zmnn4oIzbhner
nQqW0vpbYa7NB7ISgpbs51QTHaL/zSos0rr11AeBqcbq/6ssVZiQmu401QqoaJQE
InASj5rvtBFq+kd7BWzZeMiqncr8hSlw7SURj6Jcgxj1aKbi92CVCkLLpvxLSRZ9
4r3AxXko4eGNpeA1mf0RcIvKyDWaEB6Dty393rT1zHsVmtGWxis=
=QR3I
-----END PGP SIGNATURE-----