-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 115.0.5790.98-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Timothy Pearson Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (115.0.5790.98-1~deb11u1) bullseye-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. - bullseye/disable-mojo-ipcz.patch: refresh. - bullseye/mulodic.patch: refresh. Checksums-Sha1: 619012bcdb897dbb26fbaa51a8302990b21eb90f 1096328 chromium-common-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 471a5b0382bb1b517fee27bb4711f9f8c2677f7e 4993844 chromium-common_115.0.5790.98-1~deb11u1_amd64.deb 2c296b5a448d944db06f7655c4ac217434b8501e 29437080 chromium-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 0a174c9a85484625836c6c45d4046a9c609495a6 5128580 chromium-driver_115.0.5790.98-1~deb11u1_amd64.deb 8cc052004a2014006851aa680db741f9998326e6 12272 chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 2fdfb40e54e4707df27cd2e2fd137739e131ac7c 134724 chromium-sandbox_115.0.5790.98-1~deb11u1_amd64.deb 4f9575aa6acf70553425e27f66150292b10bc4b7 25513244 chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 28029defc2ea5155143fbda95269215a179c4947 48485700 chromium-shell_115.0.5790.98-1~deb11u1_amd64.deb 1474465b5e7af349524ad3379d08c431a9a17b54 25722 chromium_115.0.5790.98-1~deb11u1_amd64-buildd.buildinfo 3aa7e7b880d971d2b4ac78526484c42e8075bdc4 69238696 chromium_115.0.5790.98-1~deb11u1_amd64.deb Checksums-Sha256: befdacc827f3a198c7c43abcdb226731be81ef33d3b8031f83d24ba3deaf4803 1096328 chromium-common-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 2b8aff8c7bbc6f04830bd39409f3ba7dffaa8aebb4f3b885f4388ced1d90c024 4993844 chromium-common_115.0.5790.98-1~deb11u1_amd64.deb af83deb8faf214039cc7523d41648d746ca7eaa46f57d243309fa6ad884b9d4a 29437080 chromium-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb f3b92f59e1de3e9dca7f127e7de2ef9c361ef5857093a5e9fc8c192ab860f813 5128580 chromium-driver_115.0.5790.98-1~deb11u1_amd64.deb 791eb21f65ac8b9239e3d8809a9293059166f8d98c72e0e2689a13e95833a92e 12272 chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 849f1bf89d62554214600c3962d01fce1aeff87ae4c532738c77cac60636487a 134724 chromium-sandbox_115.0.5790.98-1~deb11u1_amd64.deb adfbbfb7255462550eba0a3b26ead76c8a68ed6b56d74273940ad2ef9e3eb628 25513244 chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 2065104e26e9a25ddc11ea494d4527cb584d1e09a9afb1e7590aca4ceb2b4c4d 48485700 chromium-shell_115.0.5790.98-1~deb11u1_amd64.deb b1223555a027adbbc4d358f99302d54eab53b2676a44e2cf9a169787df2d7cac 25722 chromium_115.0.5790.98-1~deb11u1_amd64-buildd.buildinfo 6d9c366873ee62fa052c190f6c675dc86886bdd0117b3e2d3426e0a36b8f3c5e 69238696 chromium_115.0.5790.98-1~deb11u1_amd64.deb Files: 3b1936aa55c0bb78cd8e0320ff6d4924 1096328 debug optional chromium-common-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 9ae4ba4b590c817cd6a189ff785aab44 4993844 web optional chromium-common_115.0.5790.98-1~deb11u1_amd64.deb ecd10f1fc8d64be7b37f14ab99bbeeb1 29437080 debug optional chromium-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb 969483b961ddd6e4c5a1388ff256a468 5128580 web optional chromium-driver_115.0.5790.98-1~deb11u1_amd64.deb 109619d0d49cd829c3c575fccf814c4c 12272 debug optional chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb b39443989cdeb2cf5fb2684c3def4f4b 134724 web optional chromium-sandbox_115.0.5790.98-1~deb11u1_amd64.deb 5ebebd08cb717329ff4ef3f4b30849ec 25513244 debug optional chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_amd64.deb c3e06f813ab8b3ba9b07d91978439fd7 48485700 web optional chromium-shell_115.0.5790.98-1~deb11u1_amd64.deb 4043a36bae73ee7b35607ad1ae355c23 25722 web optional chromium_115.0.5790.98-1~deb11u1_amd64-buildd.buildinfo 4a5aa1a85a8b1246cfc05184e2aaa64e 69238696 web optional chromium_115.0.5790.98-1~deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfSHphWe6nwpTFrNNZXl/6h5+iU4FAmS4kDQACgkQZXl/6h5+ iU6TnhAAuZ6o3fMz8h+/1UkOXoIfXWyF825m1w6eUlzLJImtnwkcQ8BvO6y7bDK/ itRd1QxWePlZI1R6t3fhWqnKj/72peiTKDrQP+OHzQkjeAmQiany3ItSq/ddBHD9 I4NSLs/8B2Fprr8x1ud5vdItx7S1BumiS8+uZsVM0PFC9nJhCi5FqoBiiQAQhh9/ pKEyzwbClghVlYmiwhVpaXaZbqvoYbnQCivjc6nN2zLY4Ld9fWscJR4J3mvFCKbP 0X7uhTeIHgMshqma0WL47/G5q8Ghqazl5aHid7jQwqmpBKDM+vnXO+JRzgLjb1PP d3PLKAF4MinxFQOlEzHG9bGkU/g1VSQkTucmpv8Uv47mBvB1fzaZP1Aq1KVSyF4Q 9cNtv1DFMYIbs36TmyjB6HPc0h9UKtq7fM7lJ4jpGNstrHWJTKWiH7jl/nRNAgJQ LWGlR0gwfIsLqHlaja/GMkxyWlp/ehUWs4nCIrazzeQI7X5eoqsUKfF2e/S9kETm Vmt61AyHpAohjQWvb16jZLNAd4m+L3iCH/SaE8LXZ/X6+VKUcydOV0gneBbqPBD4 fSdcCQKfG6r/E+nhaaQtmK6DVGYYLkGrki/+qrGWbKylxWnA7D5OPKdehG34gXBS 4w0l8DnkUdwkENdDQ/QzPmtKgUCXCJeEfm57WuYpMsdOlnLMfog= =/Ysv -----END PGP SIGNATURE-----