Accepted chromium 114.0.5735.90-2~deb11u1 (source) into proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 31 May 2023 12:36:00 -0500
Source: chromium
Architecture: source
Version: 114.0.5735.90-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
chromium (114.0.5735.90-2~deb11u1) bullseye-security; urgency=high
.
[ Timothy Pearson ]
* d/patches:
- Add upstream/feature-list-static.patch
This patch fixes an out of scope array access that can lead to crashes at startup
.
[ Andres Salomon ]
* d/patches: add bullseye/av1-vaapi.patch to disable av1 encoding on bullseye;
libav-dev is too old.
.
chromium (114.0.5735.90-1) unstable; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2023-2929: Out of bounds write in Swiftshader.
Reported by Jaehun Jeong(@n3sk) of Theori.
- CVE-2023-2930: Use after free in Extensions. Reported by asnine.
- CVE-2023-2931: Use after free in PDF.
Reported by Huyna at Viettel Cyber Security.
- CVE-2023-2932: Use after free in PDF.
Reported by Huyna at Viettel Cyber Security.
- CVE-2023-2933: Use after free in PDF. Reported by
Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong.
- CVE-2023-2934: Out of bounds memory access in Mojo.
Reported by Mark Brand of Google Project Zero.
- CVE-2023-2935: Type Confusion in V8.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-2936: Type Confusion in V8.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-2937: Inappropriate implementation in Picture In Picture.
Reported by NDevTK.
- CVE-2023-2938: Inappropriate implementation in Picture In Picture.
Reported by Alesandro Ortiz.
- CVE-2023-2939: Insufficient data validation in Installer.
Reported by ycdxsb from VARAS@IIE.
- CVE-2023-2940: Inappropriate implementation in Downloads.
Reported by Axel Chong.
- CVE-2023-2941: Inappropriate implementation in Extensions API.
Reported by Jasper Rebane.
* d/copyright: properly delete some android & chromeos stuff.
* d/patches:
- fixes/clang-and-gcc11.patch: refresh.
- upstream/webview-cstr.patch: drop, merged upstream.
- upstream/monostate.patch: drop, merged upstream.
- disable/unrar.patch: additional upstream changes required more reworking.
- disable/android.patch: refresh, & add one more build fix.
- disable/catapult.patch: refresh.
- disable/swiftshader.patch: refresh.
- disable/angle-perftest.patch: refresh.
- system/jpeg.patch: refresh.
- upstream/mojo.patch: regenerate from git.
- upstream/sizet.patch: add an upstream build fix.
- bookworm/typename.patch: include more build fixes.
- bookworm/lambda-bug.patch -> bookworm/structured-binding-scope-bug.patch,
and add another place it's happening (turns out it's not just lambdas).
* Add build-dep on libevdev-dev - now required by upstream.
.
[ Timothy Pearson ]
* d/patches:
- Refresh ppc64le patches
Checksums-Sha1:
3ad093ef387a1806a274b4d0d7a7015b39e4d1ba 3787 chromium_114.0.5735.90-2~deb11u1.dsc
b39cca4f9df9d089c1fe6171b57d908e8b3f14a8 636061904 chromium_114.0.5735.90.orig.tar.xz
10fb73b1e754839afb6a7424e63da2f314929ceb 356300 chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
d96082ef37b148c1202634269d0e114e913bb0e9 22863 chromium_114.0.5735.90-2~deb11u1_source.buildinfo
Checksums-Sha256:
99a96e36077d81b423fc28dfbb00175d6da2b74bffb74296bdcd0a3fec131a0c 3787 chromium_114.0.5735.90-2~deb11u1.dsc
0d9f486511e906c4afc51c16260d85bc0a08fba1f9d46cab71dbded463c7ad91 636061904 chromium_114.0.5735.90.orig.tar.xz
602a472b1971640245e9a9450405c744a8a5f736556c82fcb22e5c1731f53f3f 356300 chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
de6775b8fabc04edf69a103554d9309f9ca464c8aeedccb8300f81ee3cb701a0 22863 chromium_114.0.5735.90-2~deb11u1_source.buildinfo
Files:
29238cf3dc66c4d487afcc62c2a98d8e 3787 web optional chromium_114.0.5735.90-2~deb11u1.dsc
fe828327dbb42984b09df838177adf90 636061904 web optional chromium_114.0.5735.90.orig.tar.xz
66cff462947b2da33aab979c3bd362bd 356300 web optional chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
0f1a396f48a196935f45cbc271750f7c 22863 web optional chromium_114.0.5735.90-2~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmR3/xIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcIsg//ULvjXfF2EiNTlwNz4O+yLWvF1e+g
LvsVWZHvr/EmJeIbC8FfJbioUEXfYK4/C4DUxMjZ+Dn2kHXX54idvOJWJ0cpnKcb
DGYcvlwKgBP1jBU+taUeEd+kVGKvNJ72L0RIOtJ8KqLP5hPSeUEl/N1KZRPX99bI
lKYwymZAUzavWEwKjzXkHS6NlhKb/ksc01bQJ2FwvppUkbC6Wi66NtshiRJGLa+I
OO0DyHGqJMzhYpGGDuChmlI31ISE9vF0fqr6AjTb9pEmXqDELJnW0YGRy9yOrPqY
lvJ3Z3pjC7Pj0QT42nhRMbnMqzZAXQ/ZHL0/YSvA/E49O6I8kxEzQkLj4WdVFGfg
6oOIgemaU+Ig2ML7by0DyPq8EbNlbfUfFLdVbrJuk1xbDCFc5XA9iezZtrRkTwlX
O4r7cXaVA8vfUZzJwbsTQobrHPPdgEpovCG4jY3fS6TGyUq9pC85x2VlH7q13m96
SF67M1pwd1g7fRirrAHQKm6FKQJRCWgtmWsC8LAofX1bFXd5lzSrz7dkHWqw4hlT
oHtsAT30pILOzMbB7IV7t2sotdZtYoNy6EB44F+zPY/F6HFTNy8AN+k7RZPbKtml
YzvNsIcEXECIZM6H7BDJjJwv2k/O4KjUSPkKS3neuCZGQPlZVQn4W6fbZESFRO3E
E5Ec3XrMbxDdIyA=
=dLD/
-----END PGP SIGNATURE-----
Reply to: