-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 15 Aug 2023 17:46:56 -0400
Source: chromium
Architecture: source
Version: 116.0.5845.96-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (116.0.5845.96-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L.
     - CVE-2023-4349: Use after free in Device Trust Connectors.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4350: Inappropriate implementation in Fullscreen.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2023-4351: Use after free in Network.
       Reported by Guang and Weipeng Jiang of VRI.
     - CVE-2023-4352: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4353: Heap buffer overflow in ANGLE.
       Reported by Christoph Diehl / Microsoft Vulnerability Research.
     - CVE-2023-4354: Heap buffer overflow in Skia.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-4355: Out of bounds memory access in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4356: Use after free in Audio.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2023-4357: Insufficient validation of untrusted input in XML.
       Reported by Igor Sak-Sakovskii.
     - CVE-2023-4358: Use after free in DNS.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4359: Inappropriate implementation in App Launcher.
       Reported by @retsew0x01.
     - CVE-2023-4360: Inappropriate implementation in Color.
       Reported by Axel Chong.
     - CVE-2023-4361: Inappropriate implementation in Autofill.
       Reported by Thomas Orlita.
     - CVE-2023-4362: Heap buffer overflow in Mojom IDL.
       Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
     - CVE-2023-4363: Inappropriate implementation in WebShare.
       Reported by Alesandro Ortiz.
     - CVE-2023-4364: Inappropriate implementation in Permission Prompts.
       Reported by Jasper Rebane.
     - CVE-2023-4365: Inappropriate implementation in Fullscreen.
       Reported by Hafiizh.
     - CVE-2023-4366: Use after free in Extensions. Reported by asnine.
     - CVE-2023-4367: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-4368: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
   * d/patches:
    - fixes/cmath.patch: drop, merged upstream.
    - fixes/vector.patch: drop, merged upstream.
    - fixes/cookieresult.patch: drop, merged upstream.
    - upstream/feature-list-static.patch: drop, merged upstream.
    - disable/catapult.patch: refresh.
    - upstream/statelessV4L2.patch: refresh.
    - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh.
    - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
    - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh.
    - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
    - fixes/rust-clanglib.patch: add patch to handle new clang deps for rust.
    - debianization/clang-version.patch: move from bullseye/lld-13.patch.
    - bookworm/typename.patch: more typename fixes needed.
    - fixes/variant.patch: add a missing header that libstdc++ needs.
    - fixes/vector.patch: add a missing header that libstdc++ needs.
    - fixes/null.patch: fix missing namespace for nullptr_t + header fix.
    - fixes/size.patch: missing header fix.
    - bookworm/brotli.patch: revert upstream change that requires newer brotli.
    - bookworm/struct-ctor.patch: add a bunch of explicit struct constructors
      to make clang-15 happy.
    - fixes/size.patch
    - bullseye/stringpiece.patch: drop, since we're bundling re2 now.
    - bullseye/downgrade-typescript.patch: newer tsc 5.1 doesn't work with
      bullseye's ancient nodejs, so we have to downgrade back to 5.0.
    - bullseye/constexpr.patch: add another build fix.
    - bullseye/default-equality-op.patch: add another build fix.
   * d/rules: automatically detect rust/clang versions & add needed rust args.
     But also continue disabling rust for now.
   * d/rules: drop use_gnome_keyring=false, upstream has completely removed
     libgnome-keyring support in favor of gnome's libsecret.
   * Use bundled re2 (for now) instead of libre2-dev due to random crashes
     we're seeing. Adjust build-deps, Files-Excluded, d/clean,
     and d/scripts/unbundle accordingly.
 .
   [ Timothy Pearson ]
    * d/patches/ppc64le:
      - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh
        for upstream changes
      - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
        refresh for upstream changes
      - third_party/0002-third-party-boringssl-add-generated-files.patch:
        refresh, no changes
      - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream
        changes
      - third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
 303f605a7d3fd83c174f6da828ac2052a2545d8b 3785 chromium_116.0.5845.96-1~deb11u1.dsc
 2ccd6ebff8f82be664cbca2cba762a81301fbb53 648561460 chromium_116.0.5845.96.orig.tar.xz
 64865c83b70e073c30d74a9883758c6826f98381 1515080 chromium_116.0.5845.96-1~deb11u1.debian.tar.xz
 9adb30561545f24eec3a159e689dded91a611d5f 22989 chromium_116.0.5845.96-1~deb11u1_source.buildinfo
Checksums-Sha256:
 d4cf5a07689f7ce48197d001e9169fb76203296753ee6b2f8090582b3889e04b 3785 chromium_116.0.5845.96-1~deb11u1.dsc
 4471aa5f94c97edab20ada188ca5e834d43a3769c5252f1cc3097ccf8a8b589a 648561460 chromium_116.0.5845.96.orig.tar.xz
 894487071c71b9e79cf028efd209b73891177b4a664b02380e56dd1e8b02275b 1515080 chromium_116.0.5845.96-1~deb11u1.debian.tar.xz
 9eda5e9f758a9654955b6b3e6a4df6059c995d4e40d4f3803ffbda240830ca84 22989 chromium_116.0.5845.96-1~deb11u1_source.buildinfo
Files:
 fb3e37f60a197e053d6a3a2d841c19d5 3785 web optional chromium_116.0.5845.96-1~deb11u1.dsc
 5d756303546456cccf632c5761bd525b 648561460 web optional chromium_116.0.5845.96.orig.tar.xz
 36c619d2580f6ca4bd6df5785aa48b72 1515080 web optional chromium_116.0.5845.96-1~deb11u1.debian.tar.xz
 b9453ef64bfeca07d4edcc5e66df4ce7 22989 web optional chromium_116.0.5845.96-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmTck8YUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeF0g//f5/luHN7KaYdKecXnkz07IY0Gla2
UTIaVxOhExRicz0VptzsT+Env1E2ZsmVU+qHcZFNh3EfQEZm0miGJNiRN758nEdu
1zArKqU0kloDw8METh4JRzhsjMnOBA6GerU1EndJRfIs+gqsdLOUhd0JiKGWZVmV
4xHGaX3AsHXHKYz7++Yfag/AN0OogtrH4OotzDjmwDAVwDMm4C6DHdP++Ju0HnKu
dqgIg5gctKHW9fRt2PNo+hEVGmk3MrAHDU43WcoIYbA9v97yr+VIBkx5PYjTwdG9
FjNF1ZRB4w7OjHnQ62QNwCqcqF4KoQUSuE37upcNLxZzrvuOnp5vDM7oyhgOU0AW
rC+GNNCH3ywWiiwz1k3Ka+4NkTux1L8SeXUdg6067hUFzi0S5Lxzm3TDrNdaZS58
7f6zo77lWSNwBDYIu69YkIAuaHQmDO4Y8Nfs6mewDrrwvpK+x+pPoIY1cQ0SO1XW
oJ0eu5u6kzcRKcGs7T75/UeqE8A1U1tZWPLWpKwmtmtYsXIY6vjKw7u22Bi1vulN
Fcg5ii53u8gdGg9zmWfYxnQq4U/zYkdktgKzFKczDqsRFAom/pUeqiOztonnTFAg
2DsbrxR/lN6SNdNheYrGolovBSGnbBOAQpfuyiBD2xc6YS3NtuxmrSP9QYAwBhyV
oFiVqyCqWlowymc=
=m7h2
-----END PGP SIGNATURE-----