Accepted chromium 119.0.6045.105-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 31 Oct 2023 23:50:00 -0500
Source: chromium
Architecture: source
Version: 119.0.6045.105-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
chromium (119.0.6045.105-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2023-5480: Inappropriate implementation in Payments.
Reported by Vsevolod Kokorin (Slonser) of Solidlab.
- CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy.
- CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy.
- CVE-2023-5850: Incorrect security UI in Downloads.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-5851: Inappropriate implementation in Downloads.
Reported by Shaheen Fazim.
- CVE-2023-5852: Use after free in Printing. Reported by [pwn2car].
- CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh.
- CVE-2023-5854: Use after free in Profiles.
Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.
- CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang.
- CVE-2023-5856: Use after free in Side Panel.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-5857: Inappropriate implementation in Downloads.
Reported by Will Dormann.
- CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Reported by Axel Chong.
- CVE-2023-5859: Incorrect security UI in Picture In Picture.
Reported by Junsung Lee
* d/patches:
- patches/bullseye/constexpr.patch: Add MiracleParameter workaround
* d/patches/ppc64le:
- Mass refresh all patches against 119 codebase. No functional change.
.
[ Andres Salomon ]
* d/patches:
- fixes/gcc13-headers.patch: drop parts that have been merged upstream.
- fixes/perfetto.patch: drop part that was merged upstream.
- upstream/sensor-reading.patch: drop, merged upstream.
- upstream/lweight.patch: drop, merged upstream.
- upstream/freetype.patch: drop, merged upstream.
- upstream/sizet.patch: drop, merged upstream.
- disable/catapult.patch: drop an unused hunk.
- disable/widevine-cdm-cu.patch: refresh.
- disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium,
and use the full ungoogled patch. The privacy sandbox config interface
is now gone, with no way to enable it.
- ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch:
sync up with with ungoogled-chromium, and rename.
- fixes/blink-frags.patch: additional build fix for libstdc++13.
- fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16.
- fixes/atspi.patch: fix build failure with atspi >= 2.50.
Checksums-Sha1:
8390293bf5a4b35d3328ccda7f838fd333d881e9 3666 chromium_119.0.6045.105-1.dsc
04a39db0924e73bea3c59eb92049e57e60bc12f9 784608532 chromium_119.0.6045.105.orig.tar.xz
8197d06c783ce8d1b1ad84b97d0335d5842a896c 358468 chromium_119.0.6045.105-1.debian.tar.xz
1ea2a73808dcee74b34fbb2c6cf20a9db4462439 21187 chromium_119.0.6045.105-1_source.buildinfo
Checksums-Sha256:
5a7a01f462941e4f3ad7e46d0e53abfa3d2dd45849c58c64c015bd6e3aa9c161 3666 chromium_119.0.6045.105-1.dsc
003634027060057f135a75d71821ba85a796b1528567ca1b8e9caa83b95bf518 784608532 chromium_119.0.6045.105.orig.tar.xz
4630ec5259cffc177d87408713e71e9d019a260dd88e07c084c3b6f439ef280b 358468 chromium_119.0.6045.105-1.debian.tar.xz
6e3192db1d7ab5a18f9e9ec1c6b177942d39f564a6dbd2e5386b25b91d4ef4a1 21187 chromium_119.0.6045.105-1_source.buildinfo
Files:
2b525beda1c97625ef563daeea7e40d3 3666 web optional chromium_119.0.6045.105-1.dsc
f8ad84d246dd3eaaef98f0eff4f12f8b 784608532 web optional chromium_119.0.6045.105.orig.tar.xz
90f166192b6f34f5a59ecf84a2f27f48 358468 web optional chromium_119.0.6045.105-1.debian.tar.xz
a161ac32e1b593dbb52588c20c8743b4 21187 web optional chromium_119.0.6045.105-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbljKSL6u8RwDRSBe7DyAvFcxm34FAmVDHKUACgkQ7DyAvFcx
m37DIA/+Iao34k3b6mYwV4ZGlis4PwF1WH3J7YiDvfxic2BUeDtOArAmx/ZlvMMc
xKoKVjQ2aILfDzdOQtz/svtVrJWnm0fTiTViyWMHS3qRKAa369Q7KTlnb18GVvxo
KgilMrao8UAqKfTKpMWnFXP2wx6LTCZXe7OWgguH+k8gUEfvCV8tL7Tzy8/UPLtD
+WMXXInR5/MezV2QaH2+/H1uzLsS6BAbPmtzPyxhWoMDp6m01Xfnd26NFuA+e7Yz
R+MqusW15HNv5mvb8r3up93TiEmpEhGHZ1DWpy0svDFd+Ipxhtcme4BZQAwT+oGT
Z/D/Uu9DAbH62mAbuuUMBPC5DuAXAy0UgMB4uRJV/F3YES3w1R7+ehZLoHPNqaeF
FfHBezei/JWvUWwuwjHjTjxNF32ioMYk0OEP99tPv6LFygNyVbk/l+dnCWCCaqPt
9IWR6b7az+DwSM62NQrSxAsP3O7I9pDqnzDRDcxpBtV7NYgJuD8elZKMZOuoE7p3
Xk2NosiRCvqDji+OWfNourhXUOv9M42UPSah05RrefNnJEKPfXQxZ9SgvFC9VMij
XYH1X3PafipgamEFWr6pk8p52YEokTAl2OYZSKm4SAvNTVDG0VdJFI37xhwsiCK0
RCMSEfZ2ibCelif+YeHybjYDrNLwyJHV5fELugEqP0pWn7ML83A=
=1fGM
-----END PGP SIGNATURE-----
Reply to: