[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted chromium 115.0.5790.98-1~deb11u1 (source) into oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 Jul 2023 17:50:00 -0500
Source: chromium
Architecture: source
Version: 115.0.5790.98-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (115.0.5790.98-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream release
     - CVE-2023-3727: Use after free in WebRTC.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2023-3728: Use after free in WebRTC.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel.
     - CVE-2023-3732: Out of bounds memory access in Mojo.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-3733: Inappropriate implementation in WebApp Installs.
       Reported by Ahmed ElMasry.
     - CVE-2023-3734: Inappropriate implementation in Picture In Picture.
       Reported by Thomas Orlita.
     - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2023-3736: Inappropriate implementation in Custom Tabs.
       Reported by Philipp Beer (TU Wien).
     - CVE-2023-3737: Inappropriate implementation in Notifications.
       Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) .
     - CVE-2023-3738: Inappropriate implementation in Autofill.
       Reported by Hafiizh.
     - CVE-2023-3740: Insufficient validation of untrusted input in Themes.
       Reported by Fardeen Siddiqui.
 .
   * d/patches:
     - debianization/master-preferences.patch: upstream variable renamed
     - disable/catapult.patch: upstream changes required reworking
     - disable/tests.patch: remove new upstream puffin test data file
       dependencies
     - disable/unrar.patch: upstream changes required reworking
     - fixes/cmath.patch: add missing header include for skia
     - fixes/vector.patch: add missing header include for net
     - upstream/sizet.patch: drop, merged upstream
     - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream
       changes
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       regenerate configs from upstream source
     - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream
       changes
 .
   [ Andres Salomon ]
     - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream.
     - bookworm/typename.patch: drop parts that were merged upstream, and add
       new build fixes.
     - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits
     - bullseye/constexpr.patch: refresh for string -> StringPiece change.
     - bullseye/stringpiece.patch: add to work around older libre2.
     - bullseye/default-equality-op.patch: add more workarounds for older
       compilers
     - fixes/brandversion-construct.patch: add to fix build failure.
     - fixes/SkColor4f-init.patch: another missing struct constructor fix.
     - fixes/cookieresult.patch: another struct ctor build fix.
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch:
       refresh.
     - bullseye/disable-mojo-ipcz.patch: refresh.
     - bullseye/mulodic.patch: refresh.
Checksums-Sha1:
 751c6635cd62dd05e8ac035683649514e5daec57 3787 chromium_115.0.5790.98-1~deb11u1.dsc
 1c5e0b541f568d54d7ec6ac0bd529eace0a8d69a 648265044 chromium_115.0.5790.98.orig.tar.xz
 c54d128b2a6965b1aa3dda83e80c383009fba4eb 373880 chromium_115.0.5790.98-1~deb11u1.debian.tar.xz
 36a88f5839b3fbd51a743fb0a2f51462307273d2 22935 chromium_115.0.5790.98-1~deb11u1_source.buildinfo
Checksums-Sha256:
 33a1805aa5c117a287673e04cf17f946dd005f86f5c813cd10851562817a2147 3787 chromium_115.0.5790.98-1~deb11u1.dsc
 93076310b324d04f719881b179797a68fd630542ba39aab834af4162d1b75027 648265044 chromium_115.0.5790.98.orig.tar.xz
 9c9c50991a94c9d031d13d74131c4da4217572e806ec868fb66448f10ffcfa4e 373880 chromium_115.0.5790.98-1~deb11u1.debian.tar.xz
 ea97d943c9386ae5578015f5c2abe31c4c381d82a609db5d9c18d4b9a6e8aa3c 22935 chromium_115.0.5790.98-1~deb11u1_source.buildinfo
Files:
 956a7cd0be0f9a0716409a7696a8f7a6 3787 web optional chromium_115.0.5790.98-1~deb11u1.dsc
 d19735a7fcce4705548051c142b22719 648265044 web optional chromium_115.0.5790.98.orig.tar.xz
 8831fc13cad55b2e1fd9e908c9c6862e 373880 web optional chromium_115.0.5790.98-1~deb11u1.debian.tar.xz
 88612a3ed3a296c47a704c3c551f65b1 22935 web optional chromium_115.0.5790.98-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmS3pVcUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdDYg/+MA4ZjcK390CFj3XivAwlpo2uQqTq
/otfwcqXxJpalefSKBGAGJ8OFpS9BjxDVXbnucS4RPVesWRgJeFEKcGxgq61DSHt
FqAW+upWlo6ybF+bdMNpKgkgLneamDm6qSV9x4eA3Lju9dhunTzdFFED2okb2QYP
KIvc+iWYiRFhcbLNO3PA+F7psEuHufFGbFnf81Kzu1HQqg0gf5J9krZ82Mt1T6nY
kY89Czb3lJY1NhRRakkuZt9ccfs3M0pj3ryT5s9KHC8GY8rPU8Wd1vvL4jR/wc4F
1ifNVCPzvkQfCwwaqyqlV7r3/7Lv9a/cO2GPNYBU/tt1Qdvw1aHnUsJ+rGKZ9CrB
gegaDMwK9XEmq8u6z+qZBUAhp5r92Bvq+VJkQqqks/BSGMckxAn4VO4kg0To4/2Z
1sfK60YV1aC0Vv+5uovFtsO8Nl757P4t5Y5fpd2tcvBN5oNMiG1KFYugdzHu/RoD
1aeLhZyoVoQmyhJWWr1gl/KHLxNfJ92ITRuwICJhpvlAfZFdg0TX8OjMFnZ3o+gX
P3AyZa6XBfQbBRfTWOlYQb8jnNbt6V9iN+4vF6722U6Dz47U97Ty7BRJHkY2WOjW
QzOUbIppDj9EM2vEPtf6NQqW+5Z8agk2XAQ3wgWTBxSqMnEZB7UdYB068Si9zgB0
DZOPf5u2o3C/yYI=
=SQdi
-----END PGP SIGNATURE-----


Reply to: