-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 115.0.5790.98-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Timothy Pearson Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (115.0.5790.98-1~deb12u1) bookworm-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/rules: - use system rustc installation * Add build-dep on rustc. * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. Checksums-Sha1: ca91f1e65b41cf459bdc8f2257fb993f85ef59a8 1197504 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 08106fe775ea89a7b85afee05803b03fcf7dd3e7 4935060 chromium-common_115.0.5790.98-1~deb12u1_amd64.deb 92820fdd89ede5c39702039ecf4baf6e71e5e1cc 30083968 chromium-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb dc22b594a2ecdecd4034c415a9ae67cb453daaab 5037320 chromium-driver_115.0.5790.98-1~deb12u1_amd64.deb 8ef10d2c14c669e8f50039a7edb2f9aeaca04b7c 12652 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 454781b5026cd4fb9945a04d17fbcba311b89d68 79516 chromium-sandbox_115.0.5790.98-1~deb12u1_amd64.deb 4f339a720b2ec8ff60f3d50b429910c705f85019 26080904 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb fe09534353999fc08b2b31c23b9d445e26cef533 48221488 chromium-shell_115.0.5790.98-1~deb12u1_amd64.deb d669403c4365cf72744bb92c9bac13eb7a9be895 23725 chromium_115.0.5790.98-1~deb12u1_amd64-buildd.buildinfo ac015c36d0d3b468d9bd89ef7d0159f47f8263b8 68919424 chromium_115.0.5790.98-1~deb12u1_amd64.deb Checksums-Sha256: c2e549375dab947ebb283fddb86c0ee5d564476000837991c639a0602d5b195e 1197504 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 15a994481ae59cb0a8af4eb8d050a14c4ba2cc2175ba6327e68aada66ca90495 4935060 chromium-common_115.0.5790.98-1~deb12u1_amd64.deb c256a632836929c335d3224d8973214025cbe3de132179ef9f34d359b98cc773 30083968 chromium-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb bda5f6a50996090ba6788d9a061ef644fa066202e156b4e3120c15fca96dd752 5037320 chromium-driver_115.0.5790.98-1~deb12u1_amd64.deb 01c25af231f8b5fd58d0ba1c32337721906dfbc8df804dbe215986df95c3c414 12652 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 1b30f47ad1e6bcbe59aee618ea50f760737b9aac58270012e54969c7231b3eed 79516 chromium-sandbox_115.0.5790.98-1~deb12u1_amd64.deb cd159d2a4d072ff78baafb84378543b0e40c820200a0fc3352a1374b3dae30a6 26080904 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 64742212aebfbdfe9a41b06048f639021be1a8f3430e58b6765cb7cc89a5351f 48221488 chromium-shell_115.0.5790.98-1~deb12u1_amd64.deb cdc2c25203a2bbefb81559305bcee6d44dd1f6a0a6403eb2e6483f67fece2a26 23725 chromium_115.0.5790.98-1~deb12u1_amd64-buildd.buildinfo 782a7a85a2929bd6c2e3c3aa2a76a30a1a1b4366c2835ed15f8df797fe21ef62 68919424 chromium_115.0.5790.98-1~deb12u1_amd64.deb Files: d91cd28862265287cee2de26c2c66ccf 1197504 debug optional chromium-common-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 73b4322134460cf37ea85cb66546f6eb 4935060 web optional chromium-common_115.0.5790.98-1~deb12u1_amd64.deb 56b14219fc8fa2bc8d929223b7251aba 30083968 debug optional chromium-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb be638074392baff7b89741b326c6f7d4 5037320 web optional chromium-driver_115.0.5790.98-1~deb12u1_amd64.deb de2e1a2d35b73c8e50b13bd0b0bda6f5 12652 debug optional chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 7ad5e791ad7f2f847be144b3c30a3999 79516 web optional chromium-sandbox_115.0.5790.98-1~deb12u1_amd64.deb 84a663030ac506308ace08004209e133 26080904 debug optional chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_amd64.deb 98b02fac42df37ac87155289967b5505 48221488 web optional chromium-shell_115.0.5790.98-1~deb12u1_amd64.deb 1a82ed4c1cdf76581b09b447166a14c9 23725 web optional chromium_115.0.5790.98-1~deb12u1_amd64-buildd.buildinfo 91b5e400d7efc65bb82e21188ae7f4b5 68919424 web optional chromium_115.0.5790.98-1~deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmS4tmgACgkQj5YjFeDZ 0JNBjA//b3nuFDGWA+qAWA/ZI9n75n0yHGYmz2WP51s4zVBFigb9S4600sr4oDsC e1R1Lpd62jC0Lpzx48hQ2Cf1Tbt52W1TU3F5Bf8umSeaRGuVjUA4CsNjplolrLax x7i5o1CNtaluNJMsc3wmTmUv3g0mjbTMPgZBwS69QYHaDMUKuxY1BH42GtYJG5AO KkLtfxxafDOqaUxcJeoLRMei6878JJxadeAca0Ycfq+5G9roER+5u2s4swHCbBHw c/xJPOHZDlYIerM7PNCXSqghGU9wTTnO7U0+FcL77aFKfV3LgCBvFKUalVacbZwW 8uihul8vYyEuGHddO3oCN9qDu25Sl169VvLpDIKXx/WX/GFkr7wRQ3uXPtwohUu+ 6aGbunDDFnAOj2UcQN7ZkLC4kig0YIHFlvBPuwsQCpJzG9q4baowBsf5e7kZZcwv 32kuAvlO0kAyAUCCOw8iTxY2szEG08Ir29laAOZfs4hzmFOkUMHi0mzmswAQGs9e JS4Y/HByop5ALRy2sidub/2kIazQj3M90f476aLjFGBhW5gBFAz3FPfExzIHytgE zUtyaFQ9oIx1LXPzI9+qBRtLY/hg3gl9x6iIgOc7zljLiB1SC9doQ4eqjn5RW90T qrtrKrSYWiycr1cwIgPNCzo5iqYfN7aKey2+7RjaCRKe3kFTpbs= =+0ng -----END PGP SIGNATURE-----