Accepted chromium 118.0.5993.70-1~deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium 118.0.5993.70-1~deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 19 Oct 2023 19:02:09 +0000
Message-id: <[🔎] E1qtYHZ-007GKK-Uo@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 10 Oct 2023 22:03:00 -0500
Source: chromium
Architecture: source
Version: 118.0.5993.70-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5218: Use after free in Site Isolation.
       Reported by @18楼梦想改造家.
     - CVE-2023-5487: Inappropriate implementation in Fullscreen.
       Reported by Anonymous.
     - CVE-2023-5484: Inappropriate implementation in Navigation.
       Reported by Thomas Orlita.
     - CVE-2023-5475: Inappropriate implementation in DevTools.
       Reported by Axel Chong.
     - CVE-2023-5483: Inappropriate implementation in Intents.
       Reported by Axel Chong.
     - CVE-2023-5481: Inappropriate implementation in Downloads.
       Reported by Om Apip.
     - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun.
     - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car].
     - CVE-2023-5479: Inappropriate implementation in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-5485: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5478: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5477: Inappropriate implementation in Installer.
       Reported by Bahaa Naamneh of Crosspoint Labs.
     - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh.
     - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy.
   * d/patches/ppc64le:
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       regenerate configs from upstream source
     - database/0001-Properly-detect-little-endian-PPC64-systems.patch:
       refresh
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh
     - fixes/fix-breakpad-compile.patch: refresh
     - fixes/fix-unknown-warning-option-messages.diff: refresh
     - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh
     - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch:
       refresh
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch:
       refresh
     - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch:
       refresh
     - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh
     - third_party/dawn-fix-ppc64le-detection.patch: refresh
     - third_party/dawn-fix-typos.patch: refresh
     - third_party/skia-vsx-instructions.patch: refresh
     - third_party/use-sysconf-page-size-on-ppc64.patch: refresh
     - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
 .
   [ Andres Salomon]
   * d/copyright:
     - blanket.js is gone, no need to remove it any more.
     - delete some khronos images marked executable.
   * d/patches:
     - upstream/memory.patch: drop, merged upstream.
     - upstream/sensor-reading.patch: add, gcc13 build fix from upstream.
     - upstream/lweight.patch: add, gcc13 build fix from upstream.
     - upstream/freetype.patch: add, fix freetype header inclusion FTBFS.
     - upstream/sizet.patch: add, libstdc++ build fix from upstream.
     - disable/unrar.patch: update for minor upstream changes.
     - bookworm/struct-ctor.patch: add various new workarounds for clang-14.
     - bookworm/structured-binding-scope-bug.patch: drop part of the patch.
     - bullseye/constexpr.patch: drop bullseye patch from bookworm.
     - ungoogled/.../disable-web-environment-integrity.patch: sync with
       ungoogled-chromium for upstream changes.
     - bookworm/i386-lock-free.patch: refresh.
Checksums-Sha1:
 946f133752437b1e7a555d1b4c585b9d2ccfd92d 3700 chromium_118.0.5993.70-1~deb12u1.dsc
 2b52e9be225cc92e7782bb2a7d5887f2f065505b 771394968 chromium_118.0.5993.70.orig.tar.xz
 2085978940b5129234447ac4f0a02a0d94f3aaa6 390380 chromium_118.0.5993.70-1~deb12u1.debian.tar.xz
 3d51a33840e0fab4ab083a7a51745ece6c5129ff 21283 chromium_118.0.5993.70-1~deb12u1_source.buildinfo
Checksums-Sha256:
 d16a1e50ef948e7d8d6ce5eff97584b4bf7d7003763881f4ebd0883b6f18ebfa 3700 chromium_118.0.5993.70-1~deb12u1.dsc
 ab19fddba67cad603f09d4017ae8f7573a1e480c604ff9677923592828c8b74e 771394968 chromium_118.0.5993.70.orig.tar.xz
 c169c8cebc22e8089a84a1a06be53cb8b52aae445a94834a36db4818f21f8894 390380 chromium_118.0.5993.70-1~deb12u1.debian.tar.xz
 4caa8f18f0baf74163e1888625f45b3d1857fc5a922e99c548ca4739069e62a0 21283 chromium_118.0.5993.70-1~deb12u1_source.buildinfo
Files:
 0d9ecda21bfa3eccf0ab01f0c7eed151 3700 web optional chromium_118.0.5993.70-1~deb12u1.dsc
 4ae6869c929cac4f8d20df0173ccee30 771394968 web optional chromium_118.0.5993.70.orig.tar.xz
 d53806d479fbb56c7f6dbe395498ef71 390380 web optional chromium_118.0.5993.70-1~deb12u1.debian.tar.xz
 88afc62373e5d59883bcaf1eb012a853 21283 web optional chromium_118.0.5993.70-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUm3HIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjfn3w//cD1hwjT/7Xk3FCkeOkqFS+K3LORW
klQKtOQOXoVjJZCJpiPl8gR4tS2p48yK6JKTFZFylKqcdtm47A0QzuK2aw569l3D
v7ZIDlgaKmOS66T7T/9s0xPzZu0HK0KHnNuC/zZ2T+BvJMw5ROBPQ5woG145D/YT
YZgi7QaCGmTOzEeSQo7zupq3Ewgnt9mXWBD2OZLIgWvYFOOp+lKyGFtKKEibwusP
9JqQi82A+zsvqEmFmfLPx9XGoIHBpNY/kFqE8zP0XDIAgnaquCfCulUwcZ06ES8L
Ln4oLCdGle1vC6jQL48qgPyNu7SJ5A+8lSKxwZFnZ9XukIHZVtpk9Zt7VdajSIKr
H0sMVGVCqGRRc7SBJUZ9v2ILY5nVxC5F9b1+IZfd7SkQ9GJJ7mpYeqzm7UkTBcW5
Q3sgXM8LwgjE2JTXXArKiQxYBUf1b94Syygd0tBAZTyGKbWhROGiOId3KiQctN5g
dbXIUfKTLB9RQGoeYl+V4YW1XtoZ880ERrnQYxbhR4kPh8j2oaVn3wNt7oUsvXIP
LEMJRA5bwBUEomtcekbFLop/Om/ctWT6gECn+2aBQ2k1MPq4nWUCo9WqT76DvoQw
ZYfZQitnWd5f/9DB4ssqnxL+vCF7EPOwNXLuiFcflI5IBhMoYYDLBhA/LAPygM7g
xpLR7obfUIVA1tY=
=zcww
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted tomcat9 9.0.43-2~deb11u8 (source) into oldstable-proposed-updates
Next by Date: Accepted llvm-toolchain-16 1:16.0.6-15~deb12u1 (source amd64 all) into proposed-updates
Previous by thread: Accepted tomcat9 9.0.43-2~deb11u8 (source) into oldstable-proposed-updates
Next by thread: Accepted llvm-toolchain-16 1:16.0.6-15~deb12u1 (source amd64 all) into proposed-updates
Index(es):
- Date
- Thread