-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 115.0.5790.98-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Timothy Pearson Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (115.0.5790.98-1~deb12u1) bookworm-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/rules: - use system rustc installation * Add build-dep on rustc. * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. Checksums-Sha1: 815615e21fb4d3ff9af7e8f0eb26839127d63b11 867100 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb 63f4ac97d96397b0c87fdeb34998d9489faf8615 5141128 chromium-common_115.0.5790.98-1~deb12u1_ppc64el.deb 8520ff89077c6dbea0e7dc31c831e131e1e863cf 30566168 chromium-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb 392ead3f8e11c2701d16b18cc4b510eb55d3cf8a 5620972 chromium-driver_115.0.5790.98-1~deb12u1_ppc64el.deb cd8e63e23bb6b624873320121db97e69c6a5b1aa 13056 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb c322e22ada5f4df048027ed7c138bc3707ce917d 79668 chromium-sandbox_115.0.5790.98-1~deb12u1_ppc64el.deb d0be47ab421d08ccab5450683d44a9308fae1c9f 23720900 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb f183b71e3c5461e1c7845170ccf23bac385873ed 49977032 chromium-shell_115.0.5790.98-1~deb12u1_ppc64el.deb 8aef958b1bb643cbc97c8d8fe6c6c0b333f904af 23727 chromium_115.0.5790.98-1~deb12u1_ppc64el-buildd.buildinfo 3d62c7a662919d626e7d61886b61575ee9ad2032 71630904 chromium_115.0.5790.98-1~deb12u1_ppc64el.deb Checksums-Sha256: e0c31e60d3e88632cb51eeae95bf993555bf64600647f89f1f5805dc4807c108 867100 chromium-common-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb baa3eaeae8148518c06a564c10017ae76ca4882b36bd0bbc6e6cb705bdaca84b 5141128 chromium-common_115.0.5790.98-1~deb12u1_ppc64el.deb 15271cdea818189fa598576ce8d853b93bef985c8b5da131dbc69d1dd9312bb6 30566168 chromium-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb 690d1d072cfbc451ffabebba669d15617354cd6f47455c2a6225f45209c69875 5620972 chromium-driver_115.0.5790.98-1~deb12u1_ppc64el.deb d9433793f6fdff21c5206c31640a1206327dbf8e48f9db053fe3db084bc1af43 13056 chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb b1be33afb374f5f1a511dc6696f4896c368027f33adbe369090338d3d780e9fa 79668 chromium-sandbox_115.0.5790.98-1~deb12u1_ppc64el.deb a282cc588008696e4213c145b5aa2ea902badedbad14cce4e5e40b858e19c504 23720900 chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb d76e45e1b20f251fe0a5c60d3b6d353a81e12468bd2a449108515f8b33775925 49977032 chromium-shell_115.0.5790.98-1~deb12u1_ppc64el.deb 46f037acdb7a7ff5179f97ed4c64277a7155781287665c4f6215f466d96c26dd 23727 chromium_115.0.5790.98-1~deb12u1_ppc64el-buildd.buildinfo 33a0161be45883d02ec110389cbef3e0634773f34d7a51abb7a1f59c97e97aa9 71630904 chromium_115.0.5790.98-1~deb12u1_ppc64el.deb Files: 0460d06110e4b754ff705051df152f2a 867100 debug optional chromium-common-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb e3654a37f5b7fe3b1e1b272e23f6ae90 5141128 web optional chromium-common_115.0.5790.98-1~deb12u1_ppc64el.deb 9da4b35848ec735df009b6f8e28a240f 30566168 debug optional chromium-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb 74f3847b902d4c23108d780812f4c4c8 5620972 web optional chromium-driver_115.0.5790.98-1~deb12u1_ppc64el.deb af2bc36ac1e45c14f0aad07799037b73 13056 debug optional chromium-sandbox-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb e2e0d757d7b990b2790a999df72358fe 79668 web optional chromium-sandbox_115.0.5790.98-1~deb12u1_ppc64el.deb 04f536d7225b50337b6d66391ef60c75 23720900 debug optional chromium-shell-dbgsym_115.0.5790.98-1~deb12u1_ppc64el.deb 64f5dc14cc937ae67ca8158167e47570 49977032 web optional chromium-shell_115.0.5790.98-1~deb12u1_ppc64el.deb 7d985ecee96a31983cd8cf65c41c3cf2 23727 web optional chromium_115.0.5790.98-1~deb12u1_ppc64el-buildd.buildinfo e804a2018e0c95b23f0fd798c0f521d6 71630904 web optional chromium_115.0.5790.98-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmS4TWMACgkQY7DdE4sW Z/VmVhAAmT5We+H75roGSDk2eArtCHeL/CeVL0fYWNPkoSZ4K/KIl2gvzV+09ibi 9uHlLvXiylA1NUU86Og9Eur1V2XdSRBtBUSccxkg//qFNkNdk32OImkU70Px/kr7 U7n5ZHBWGTEpx4YoGc3GJOuPV1JftJdg4fBz/0mW0h01YjKXmJoyn9h6sDdAWGVx N8zZt/AyUItQRleNV58Uqub237EsoSHr+mzvsmC6sBj8ZF66HSqqdLiwiK7uGufb 7g3avCZOmLVjNJ5fKc2uKxa3mXNdTqnWMBTTEbKw6tLiyqHoAOSNVJvnJQ/BgAQI yPjEtbbWUqHRgp4gV66XhSh2AT6JHNvpjbKrH6TvWF+hDg0A/E92kcndm5V+CqOU +CvobExyPHEdVeA7PRtbdhXTLH2co0QmsoWyUxWGJmjLoFzu5YONHV/FdKlmcDF4 acVEZEtB8k/XTZoD8z+bLdFAaP7z/p5zYH04tvnPppJQ+bdwXVfUg6g6stuk9FVL 2mtDjqb/d9sPGFQhbgUkUG1EBw9pDT0xz3duxkB/2OKE68hq6FYV47/FuhqDsihf UVSpIIe023d4zF6hbi/x/aqjKmEqVZgLZjkpjUAdgve7yGe/TyVd98Lksk3TXxnv EaXoIBcpe+m6c9hIezSNWCGLC4rO76PvTMhgRRakpjquLg/cfJ0= =cL/0 -----END PGP SIGNATURE-----