-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: i386 Version: 115.0.5790.98-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Timothy Pearson Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (115.0.5790.98-1~deb12u1) bookworm-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/rules: - use system rustc installation * Add build-dep on rustc. * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. Checksums-Sha1: 059fcf6ce46aca44e2a243a0d725fccebf8f2dea 1137004 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_i386.deb 961bbabc68be1a2fca70761e9310e3e3cefdfd42 4924200 chromium-common_115.0.5790.98-1~deb12u1_i386.deb f417683134847c20bcc1c637a198086803e5bcad 29180108 chromium-dbgsym_115.0.5790.98-1~deb12u1_i386.deb e10e24ab2acb854032c31b74686ff3b423cbc532 5673536 chromium-driver_115.0.5790.98-1~deb12u1_i386.deb 1b358878c59895af440fa84c23599798904b65f4 12584 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_i386.deb 358f7456cca895f7e3d8496094b01d647ade3560 79420 chromium-sandbox_115.0.5790.98-1~deb12u1_i386.deb 650a85753711e0842683c633fe27878e2b34e5cb 25156036 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_i386.deb d02fa276036f3add2018e4b13c3ce16e6de3f737 48808324 chromium-shell_115.0.5790.98-1~deb12u1_i386.deb d9f5962a29502ded2a42e8f12dcf7798a563910e 23707 chromium_115.0.5790.98-1~deb12u1_i386-buildd.buildinfo 7e1dc2aa42cb9d90d9ae503514039689e14a7196 70174348 chromium_115.0.5790.98-1~deb12u1_i386.deb Checksums-Sha256: 1968e4eec4c39c4281156f6e8baa00e22faccd67a0dfe80531c8ac6c386d9ffd 1137004 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_i386.deb f67bdf4509e1f8771656281715f9f8f6f17ff4fd525dd621b8a7d3467df02ea9 4924200 chromium-common_115.0.5790.98-1~deb12u1_i386.deb 1f0febace9112354a81db87ee27b986ee49be1363f883ae29c7a7ccb76b05363 29180108 chromium-dbgsym_115.0.5790.98-1~deb12u1_i386.deb 5552e68e0de48e2e007438e8da25e89e99a6b776f71e18a71556f9e47d8a9749 5673536 chromium-driver_115.0.5790.98-1~deb12u1_i386.deb bd8eb2f3541a52b8874ebda472fe47f83ff52f6056ce5f964f3ed18d990f60e5 12584 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_i386.deb ebb765cd96764fc9fdde8285efffef8eacb736cc59acef2d0c472e70f7a564f7 79420 chromium-sandbox_115.0.5790.98-1~deb12u1_i386.deb e21d659004ffbd926df9b5e2238da6ca7b9d919b6d1dc99d23a66c59aa56744a 25156036 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_i386.deb f8b75c1bb79c93f025b8042693d54bdec327db9bb0cd79230e7430f68975b3f9 48808324 chromium-shell_115.0.5790.98-1~deb12u1_i386.deb a946213e9cc309352213c6667515ab804a2527bf2d873ce886b234743af47bc4 23707 chromium_115.0.5790.98-1~deb12u1_i386-buildd.buildinfo 85ca55f19a631439fa01eaccd59229bd7d414f288d14bacb27114981dd844f07 70174348 chromium_115.0.5790.98-1~deb12u1_i386.deb Files: 7daf9cc86bbff80925b35efecd1fe830 1137004 debug optional chromium-common-dbgsym_115.0.5790.98-1~deb12u1_i386.deb d26431f4512bccec45ae7604364207d1 4924200 web optional chromium-common_115.0.5790.98-1~deb12u1_i386.deb 5fb9ebee55ac52a1c0b8a6adae9b8fa0 29180108 debug optional chromium-dbgsym_115.0.5790.98-1~deb12u1_i386.deb a8d4286c441e9c1f8aeebf03bd777f6f 5673536 web optional chromium-driver_115.0.5790.98-1~deb12u1_i386.deb 71dba1aef766ce9c22e2724ae8e2e0b6 12584 debug optional chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_i386.deb 0d49f01d3adaeb3f1e698decfb35c1a8 79420 web optional chromium-sandbox_115.0.5790.98-1~deb12u1_i386.deb f2457f887c188acc94bb50fabe88c5d2 25156036 debug optional chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_i386.deb b285b05f0791eb3edbe612971d7ca834 48808324 web optional chromium-shell_115.0.5790.98-1~deb12u1_i386.deb d67b6b9d4401fe135c954f563200e9c2 23707 web optional chromium_115.0.5790.98-1~deb12u1_i386-buildd.buildinfo 90c164bfc79e712db3db2a83c48c09db 70174348 web optional chromium_115.0.5790.98-1~deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7bJOCbihllHz5a8G6bGbnoZY/NwFAmS4k+UACgkQ6bGbnoZY /NwLfg/+N2y3hyTIEfw6ZgmTx58ukN8lNwvIp6GX80fHJgQVmNmQyVfzDLGvkvCW p+uKLRDAdXOw2oo0I/jgqw+MRXCKlx0Ci544J+dCjj8sDTPeqjclhRdSFAGrADXI MV9xZRHbrAzQ26e6weqHQL0RNrKrElapgOim++psaeVV1yhDzziVAEaN1qn5Jq9T aaSHv+X0TtEYRy2Y8Eu56iCfhQoHjlESMaVfwMTmzHiSf5Lq8rcCawVdSrh5Fekz Po2dPwM6uEJRTRFp/bOJqshK9OXMgKG/48XdTjWtEiNie80pZ4RAG8JYjM6INaks 6G010+hJQAQjVxHY3Vl7xcIO85DqKEZPNAV1/SenkCSdavgkjPKfG3Kd3IpE2Txv H4X8ZNQJBSwdaW9gpNwsveGWtU4hmHSyZdGOVqMAI26V2UVq9pcGkHtcww5y/Mb4 9g37Sh5L8otXh6qZj9HSX1jdMNnVwQzzfbPK6INHdDDjXGw67/i2Ax0wdWTpR32Y rxujxhZ/3KGkZ4u2bbYgEcxVB6qm3m4WS+i84PZyHTZPQ4OD7aorI7cT5YkMoQVV UHfF2giZ0P4oA7PsH5WsJiR+J4Pjhs8P8N7mfjhkWcryKFs3J5EOLOV4iqvKq49R QcDPZEL4hPy6CNUedlWCrywmbTpNo35og/8ZSEqAZcg/6c4/lk4= =bZWm -----END PGP SIGNATURE-----