-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Aug 2023 17:46:56 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 116.0.5845.96-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (116.0.5845.96-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L.
     - CVE-2023-4349: Use after free in Device Trust Connectors.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4350: Inappropriate implementation in Fullscreen.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2023-4351: Use after free in Network.
       Reported by Guang and Weipeng Jiang of VRI.
     - CVE-2023-4352: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4353: Heap buffer overflow in ANGLE.
       Reported by Christoph Diehl / Microsoft Vulnerability Research.
     - CVE-2023-4354: Heap buffer overflow in Skia.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-4355: Out of bounds memory access in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4356: Use after free in Audio.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2023-4357: Insufficient validation of untrusted input in XML.
       Reported by Igor Sak-Sakovskii.
     - CVE-2023-4358: Use after free in DNS.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4359: Inappropriate implementation in App Launcher.
       Reported by @retsew0x01.
     - CVE-2023-4360: Inappropriate implementation in Color.
       Reported by Axel Chong.
     - CVE-2023-4361: Inappropriate implementation in Autofill.
       Reported by Thomas Orlita.
     - CVE-2023-4362: Heap buffer overflow in Mojom IDL.
       Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
     - CVE-2023-4363: Inappropriate implementation in WebShare.
       Reported by Alesandro Ortiz.
     - CVE-2023-4364: Inappropriate implementation in Permission Prompts.
       Reported by Jasper Rebane.
     - CVE-2023-4365: Inappropriate implementation in Fullscreen.
       Reported by Hafiizh.
     - CVE-2023-4366: Use after free in Extensions. Reported by asnine.
     - CVE-2023-4367: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-4368: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
   * d/patches:
    - fixes/cmath.patch: drop, merged upstream.
    - fixes/vector.patch: drop, merged upstream.
    - fixes/cookieresult.patch: drop, merged upstream.
    - upstream/feature-list-static.patch: drop, merged upstream.
    - disable/catapult.patch: refresh.
    - upstream/statelessV4L2.patch: refresh.
    - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh.
    - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
    - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh.
    - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
    - fixes/rust-clanglib.patch: add patch to handle new clang deps for rust.
    - debianization/clang-version.patch: move from bullseye/lld-13.patch.
    - bookworm/typename.patch: more typename fixes needed.
    - fixes/variant.patch: add a missing header that libstdc++ needs.
    - fixes/vector.patch: add a missing header that libstdc++ needs.
    - fixes/null.patch: fix missing namespace for nullptr_t + header fix.
    - fixes/size.patch: missing header fix.
    - bookworm/brotli.patch: revert upstream change that requires newer brotli.
    - bookworm/struct-ctor.patch: add a bunch of explicit struct constructors
      to make clang-15 happy.
    - fixes/size.patch
    - bullseye/stringpiece.patch: drop, since we're bundling re2 now.
    - bullseye/downgrade-typescript.patch: newer tsc 5.1 doesn't work with
      bullseye's ancient nodejs, so we have to downgrade back to 5.0.
    - bullseye/constexpr.patch: add another build fix.
    - bullseye/default-equality-op.patch: add another build fix.
   * d/rules: automatically detect rust/clang versions & add needed rust args.
     But also continue disabling rust for now.
   * d/rules: drop use_gnome_keyring=false, upstream has completely removed
     libgnome-keyring support in favor of gnome's libsecret.
   * Use bundled re2 (for now) instead of libre2-dev due to random crashes
     we're seeing. Adjust build-deps, Files-Excluded, d/clean,
     and d/scripts/unbundle accordingly.
 .
   [ Timothy Pearson ]
    * d/patches/ppc64le:
      - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh
        for upstream changes
      - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
        refresh for upstream changes
      - third_party/0002-third-party-boringssl-add-generated-files.patch:
        refresh, no changes
      - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream
        changes
      - third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
 dcb74703f5a1247d3c75c6b2e026b57951621da9 819672 chromium-common-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 a8c662418d2f66e696b2bd50651fd017ac6145fc 5219504 chromium-common_116.0.5845.96-1~deb11u1_ppc64el.deb
 ef87689621f9245dd6b02bf9a81f2c1011c29a72 30446544 chromium-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 8e4cb1c4de2c8274a9648dd8b7ca5f6b7c217ea1 5828352 chromium-driver_116.0.5845.96-1~deb11u1_ppc64el.deb
 84627bfbcd8f6b9b387bf3cc5de29a3802d599c4 12244 chromium-sandbox-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 0a69352c525516f52ff4ee0e78318b4c32e00c13 136124 chromium-sandbox_116.0.5845.96-1~deb11u1_ppc64el.deb
 1f4f14b840eedd1f7a48ac8f6f8d746981647fdf 23681724 chromium-shell-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 7b52ec83d5cc1ae7eeb349edd31f3e4f265ab720 50236692 chromium-shell_116.0.5845.96-1~deb11u1_ppc64el.deb
 bda2e4d71901989af183ab549c4e149e300071fe 25682 chromium_116.0.5845.96-1~deb11u1_ppc64el-buildd.buildinfo
 c516e951ea3dba555a871ff140da4f39b655b6c5 71968948 chromium_116.0.5845.96-1~deb11u1_ppc64el.deb
Checksums-Sha256:
 ab2cfc80d1b078af726c2b052507e67015429750b3a37245034c84f9ec97139a 819672 chromium-common-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 7853d1bb7fcf5a1fa641537ad451de5a5cade2ab27def3eb5ce907e73aafe34a 5219504 chromium-common_116.0.5845.96-1~deb11u1_ppc64el.deb
 b317355c478930e0ce59c42d3df565257a825eadcf09fd9995af16835ecdd1fd 30446544 chromium-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 8105396c6b36134f0127a773c318538caaa6c7952b00669b3f31b43f4b9e1edf 5828352 chromium-driver_116.0.5845.96-1~deb11u1_ppc64el.deb
 b7e23a6e172c3f8c11cc16210b1b5c7d82339b7e5567d14466b9df92351c8376 12244 chromium-sandbox-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 b0dcd6ec993cf3430cb9e67d2a2e57d9b6b500927ca67095483f76695100d6c8 136124 chromium-sandbox_116.0.5845.96-1~deb11u1_ppc64el.deb
 cc100c0231f9142c78fb2b400989f9b4fa9583b1a95778faf49209f80743c4cc 23681724 chromium-shell-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 897d873d38c064ffc2e96cf0610d909e4f0c03be7d6b888805c1bb69d6c163f6 50236692 chromium-shell_116.0.5845.96-1~deb11u1_ppc64el.deb
 c9014d32d73e980c8f86ecf35b452ff8232dc46bdcce082e6db12d424e9a0abe 25682 chromium_116.0.5845.96-1~deb11u1_ppc64el-buildd.buildinfo
 1344107d01669e693ba6dc2796ea60bb16f644a0a036fd5fbdf06765e0009916 71968948 chromium_116.0.5845.96-1~deb11u1_ppc64el.deb
Files:
 b0d74af562eeede3b548e7ec089368b0 819672 debug optional chromium-common-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 4d41bdc66e4e14c325e95eeea8927616 5219504 web optional chromium-common_116.0.5845.96-1~deb11u1_ppc64el.deb
 c7de75f2f839bdfaed1585bcdf3dcdbd 30446544 debug optional chromium-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 ba1d6f644aa6f882793c8862372754ef 5828352 web optional chromium-driver_116.0.5845.96-1~deb11u1_ppc64el.deb
 13ecbbe759a13f954fe0a488946d94ea 12244 debug optional chromium-sandbox-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 3c1c5ff4a14177f1cf3a5d224bf1dd02 136124 web optional chromium-sandbox_116.0.5845.96-1~deb11u1_ppc64el.deb
 c9a3a78edfc243ad7ab2d126b8c8f758 23681724 debug optional chromium-shell-dbgsym_116.0.5845.96-1~deb11u1_ppc64el.deb
 b9c4ff8dc0fa7339700ffb372537c012 50236692 web optional chromium-shell_116.0.5845.96-1~deb11u1_ppc64el.deb
 da3cd9868cb663834231f13f85edf937 25682 web optional chromium_116.0.5845.96-1~deb11u1_ppc64el-buildd.buildinfo
 b3ecd45441707e333c67de454508d698 71968948 web optional chromium_116.0.5845.96-1~deb11u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmTdP/8ACgkQY7DdE4sW
Z/WH7RAAjjTOW02mdclKplBndnWJeEeaL/gFnvKAESNQv5eGBcb9IxmjCQNeBn6C
PFCM8+nEnDMwLUQDHI4tVEzN9Z5KCPBjCfgw4itGEVd4A/RFiPV92EOx6bnPDTGz
5Y349ZJPJbZ3XVILP6JDdQ33szmC7G2k+PZC/9XQ/AJThMZgOV2RL68X6MjDqOph
eENMSzyXc8CiUah6XmyOrWRFWN7VZ1byfvk29yjfrKVnuWBXcw4a962Pe5zXUJzs
y7OB4ywbUT5UR9OsMu+h8S7oAN0XQ3LPFe5+9nC7ZVv+ysy52zBJwfb1AfuJ+ed0
BHqo+IKASwsnv/vPDM+PwKgLGZWH/l1nzwOtMrQl6jt/PdMprhTG75eqvQZYgyhO
1w+L3PWjj132++XC55G0H/lhmRpfkkfZ2MtCqu5zCWOpkGHBL5+jcpH82bTWe4T/
RI61YwjbpwIZFQPvrwtl0YpQCjQJ9ZszkOVKmrrstXu3dBPxv1tLGb6AdKdxK8VT
/Tonihp7fXE9qQ0ikYciQpaqbHUe56fOKfJEh+v+6Z/beU5M5ircJHOYMNV+qK9j
2M0yak5c/uP0wDNZhDGQiyGEtivuf9lBLQ4OoifAef+APxozfrdKXnEoVw4doorv
v69QY4sr/MOukfjWimOqWLWYzbXcqD9AlMHZCxE6pGfWQ5JAFAg=
=7WiA
-----END PGP SIGNATURE-----