-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: arm64 Version: 115.0.5790.98-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Timothy Pearson Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (115.0.5790.98-1~deb11u1) bullseye-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. - bullseye/disable-mojo-ipcz.patch: refresh. - bullseye/mulodic.patch: refresh. Checksums-Sha1: 237b6fda1506b92a5019510ce4c1c485725676bb 1126268 chromium-common-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 0a43bf9f9eafa6b798366208c5aad1ae76ae5127 4822800 chromium-common_115.0.5790.98-1~deb11u1_arm64.deb 1678b771fcbdc7ba3a261b16093881aa6c3a4e4f 27446200 chromium-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 8bd8b2a0043f011e78d9e675325228e07d3c267d 4619840 chromium-driver_115.0.5790.98-1~deb11u1_arm64.deb 5591a1ee1e0a906a0138240618ab8e0c49661fef 12360 chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb c358b73410b3d0f2e6cb08bbeb977c04558c4427 134500 chromium-sandbox_115.0.5790.98-1~deb11u1_arm64.deb c1434d628a280073f9c32505b2a9d95ac194593e 22745396 chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb b13924ed8de131ab6c8adc51285251d7a6c65d98 42317144 chromium-shell_115.0.5790.98-1~deb11u1_arm64.deb 8fa95406ba76f4425075748aaa1c476bb4a5cf6c 25643 chromium_115.0.5790.98-1~deb11u1_arm64-buildd.buildinfo b5b1cbbf0f0904733eb1ab619701eab0422ba75c 60867748 chromium_115.0.5790.98-1~deb11u1_arm64.deb Checksums-Sha256: 947109963a84ca62bbbee350376f803fd17615890d4a93ca7d97c92c99e3c6e8 1126268 chromium-common-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 29dd1c3e89fcf2a505d1bd4407424a7ecc7c0e0db58d2968df1de586ae488a18 4822800 chromium-common_115.0.5790.98-1~deb11u1_arm64.deb 1197b9f82159cac9aa175c561f0171de04a2fc5a87c51abd651ee77bede2d7e9 27446200 chromium-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb d1ef74dc19de910d9737c537f96a48108ee103b90f3c1802abb8dd9fe2e88ac2 4619840 chromium-driver_115.0.5790.98-1~deb11u1_arm64.deb 25e4b9b956de0977a63e9dbecd2712737986ac173215b4dbc4a1f0d53a572700 12360 chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 9a9dfee4815f78fce4c68874e1abe975f1fcf5111fae22aeb694061495d5580b 134500 chromium-sandbox_115.0.5790.98-1~deb11u1_arm64.deb 472e5001ffb58fb654f4b1247b6617c5efb8e1c7062ad1a3fb8355bfaaab5572 22745396 chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb fbc9e70e4c0f2f460577c2dde202cf326c51e760a40f6f774679431fdc28f839 42317144 chromium-shell_115.0.5790.98-1~deb11u1_arm64.deb 0f86c0d92bfc1e87b09886c804870b1e9fcfb340e7f765213eae39ffe6b33134 25643 chromium_115.0.5790.98-1~deb11u1_arm64-buildd.buildinfo 5cfee5fb038c73add9e7baf5937549b64c252e744fc80acec964190232e0edea 60867748 chromium_115.0.5790.98-1~deb11u1_arm64.deb Files: 7a33c6d2b499ffe87268b69641a97d4f 1126268 debug optional chromium-common-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 94a7fb973f0d74e6e57b8f7466704bab 4822800 web optional chromium-common_115.0.5790.98-1~deb11u1_arm64.deb 4deed030437c5de59fd59715c0428e80 27446200 debug optional chromium-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb d98c794b1f88d309562b195e097c0043 4619840 web optional chromium-driver_115.0.5790.98-1~deb11u1_arm64.deb b41ab5d7eaf97bfc6372b8d0d789a362 12360 debug optional chromium-sandbox-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 7938f502593bff540cbb64242ddd3c5c 134500 web optional chromium-sandbox_115.0.5790.98-1~deb11u1_arm64.deb cd3a95a1d0caf7a29237347f179a8727 22745396 debug optional chromium-shell-dbgsym_115.0.5790.98-1~deb11u1_arm64.deb 63ff6be1068e91909cdd238c491222fe 42317144 web optional chromium-shell_115.0.5790.98-1~deb11u1_arm64.deb 9bf7a8df8b6e64748a13c020c4bda6a4 25643 web optional chromium_115.0.5790.98-1~deb11u1_arm64-buildd.buildinfo 1b6ecd53e1f1696735e5077f9fa041e5 60867748 web optional chromium_115.0.5790.98-1~deb11u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvH8AOGUMuGQ9yWfAdEqOeknEYfEFAmS6DWcACgkQdEqOeknE YfFJ/A/9HZmDfzRM+ybWA7MdcJ51KUHO7FLiKlniNp0iChtcJvKhI2AFT2nzjcIJ kFWvYXtA2su5oThgQkITMDY/u5ft85Kiw1FLg/mix9UGieKcFJkOzRtBYMHZj0WK pRseoZA++pEJ8qTUWvc7ZEuTYIRRJOTyE/xyO77aXNr3ZPclEW/4oTMqdXsRW+gg vB9J1eCjJhGvyTCHrhmtPcHK83bdw3nHYzt6wHDDp60AyYJTm5NxhKU/leFpE+Yb GWU5VfAo6uBMf1E4+YAf/bmUS6yhTqXzbheMGMAxmglxKrwQ+ZgpcJ24gfAvyd23 08iQYWFYNoUDum6Fu1ESpAV+3RyH30FgOM5gry5ZGmKupx5SgzSIM/tqkjKMF/O5 NxUL0MjYwJO3T9TDXioToxaBHMRK9gH6Gm1fXMYIzewUTkyPrdSuiPjBGQPi4XmM y83PQbz/1gLf6WiiO+ZAzjob/z9QGWRXNSe9wEhAG1ROrS0qeUbBUVWXyOZUwD7C rP14G4388UJINNvBVfApwWA1yKGPnSs00axoYA9BMLoLfObVwHTwoKSDGMrFnSmv PZTesZleux2YzGAzWvAUKHA2BwCNRptJS0LE4znJ/WggRoxTC6ogOAa93eDG1ip5 gbUCEkqoB35zfq8tnaxUHs1cbuL+YmtbUlyCBSKsNPHHCmVxIc0= =13a5 -----END PGP SIGNATURE-----