[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted chromium 121.0.6167.85-1~deb12u1 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Jan 2024 17:59:49 -0500
Source: chromium
Architecture: source
Version: 121.0.6167.85-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (121.0.6167.85-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-0807: Use after free in WebAudio.
       Reported by Huang Xilin of Ant Group Light-Year Security Lab.
     - CVE-2024-0812: Inappropriate implementation in Accessibility.
       Reported by Anonymous.
     - CVE-2024-0808: Integer underflow in WebUI.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-0810: Insufficient policy enforcement in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-0814: Incorrect security UI in Payments.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01.
     - CVE-2024-0806: Use after free in Passwords.
       Reported by 18楼梦想改造家.
     - CVE-2024-0805: Inappropriate implementation in Downloads.
       Reported by Om Apip.
     - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI.
       Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) .
     - CVE-2024-0811: Inappropriate implementation in Extensions API.
       Reported by Jann Horn of Google Project Zero.
     - CVE-2024-0809: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
   * d/copyright: drop another eu-strip binary.
   * d/patches:
     - fixes/atspi.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop portions that were merged upstream.
     - upstream/nullptr_t.patch: drop, merged upstream.
     - upstream/string-include.patch: drop, merged upstream.
     - ungoogled/disable-web-environment-integrity.patch: remove, upstream
       wisely backed off and removed WEI.
     - disable/signin.patch: refresh for minor upstream changes.
     - disable/catapult.patch: refresh for minor upstream changes.
     - system/openjpeg.patch: refresh for minor upstream changes.
     - bookworm/clang16.patch: drop portion that was merged upstream.
     - upstream/vector.patch: missing header fix, pulled from upstream.
     - upstream/display-header.patch: missing header fix, pulled from upstream.
     - upstream/bitset.patch: missing header fix, pulled from upstream.
     - upstream/once_flag.patch: missing header fix, pulled from upstream.
     - bookworm/constexpr-equality.patch: add clang-16 workaround.
     - bookworm/nvt.patch: revert an upstream c++-20 change that confuses
       clang-16.
     - fixes/libxml-parseerr.patch: revert change from a newer libxml than
       debian's.
     - bookworm/undo-rust-req.patch: revert change that makes rust required
       to build (for now).
     - bookworm/eraseif-lamba.patch: revert changes switching to std::erase_if
       to work around libstdc++-12 bug.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/std-to-address.patch: work around incorrect template selection
       in Mojo ConvertTo()
     - fixes/stdint.patch: add missing stdint include to performance manager
   * d/patches/ppc64le:
     - fixes/fix-rust-linking.patch: allow linking C and Rust libraries in full
       archive mode
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/skia-vsx-instructions.patch: refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       refresh for upstream changes
Checksums-Sha1:
 581e891c11457ff68528e0022b5190138518d615 3731 chromium_121.0.6167.85-1~deb12u1.dsc
 1b2ef2a40e8dd32bb84604087e90ae343872ffe6 826644536 chromium_121.0.6167.85.orig.tar.xz
 b4b2d5f75c9f5e6b4a41d5dbaa88a8acf60f137a 375416 chromium_121.0.6167.85-1~deb12u1.debian.tar.xz
 361b8721f97f29855dd3d50f6f02ffccd6e5d5d4 21628 chromium_121.0.6167.85-1~deb12u1_source.buildinfo
Checksums-Sha256:
 b872cabe965ae00babde3a5b0eec1a41393f97b6897eb1485f4fce108ad0dc98 3731 chromium_121.0.6167.85-1~deb12u1.dsc
 19f1a21a066495a1a9740f87ad36dfd877758f500fbb3b816fdec0ff3d2d1275 826644536 chromium_121.0.6167.85.orig.tar.xz
 d565de8a7c71ce9dea630e65dd2f2fe41112eb755a3d0c823316674a264c42a8 375416 chromium_121.0.6167.85-1~deb12u1.debian.tar.xz
 dc22f424d4000071702df3522ef8b1c300df7d18cd01f5f2bbf9263d254ddda1 21628 chromium_121.0.6167.85-1~deb12u1_source.buildinfo
Files:
 c5a08447a2e09101314ab410d2947284 3731 web optional chromium_121.0.6167.85-1~deb12u1.dsc
 f0f0bd74b1394c501296c165223c1bb6 826644536 web optional chromium_121.0.6167.85.orig.tar.xz
 329dff4f66a8b6bef3326f010b9a4e23 375416 web optional chromium_121.0.6167.85-1~deb12u1.debian.tar.xz
 365bb9eb687b1f1b69731a324051d0af 21628 web optional chromium_121.0.6167.85-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmWw01kUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfkDA/9EGqc9u72QIIkDV9HajnHFfjpEK/y
FwwI8x9IeAd/vcN2eA+bkppSoAwuTY83xclKH90sVTzGuBcaIMVVMDEYrWKjfW7y
YFkXH7iYGT2vHB4y8WpgLyBMTBnsEixjWnltL/Z/hso1pfJ9gYlO5vDqOVQHjChw
fueVPEWyibnW1YsL4omQcnb2ANKjipL9jZKbQqhebkeEGa/0bsYLP9P8xK4OSFIv
cABaS5+I2oXF36ACWlz2Rrq89zDp2DABckqg/i4hTb0VVyBNDQYvksxlmkSUxTVo
u9H1w2PMeDuSgJvZy4D7mt/b9f7dfWXgXRafbBoPvhNw5UM+WWSupVgHnvZKKrso
ev1omwdShBzq248XE58pOqSpwGoXXk5u9y4PN88YTajs95cSvkwLtNnrouk8swK+
IMoC4MEQtWo2jG2IVYRqnpSXGwwDqHBCsUOKYXxMG9Nq0homh8PT+axYOJjOq33U
nrzgkQ8v1f4yAI+/0v9ybRgu+qYvydmich2y/zfwk2/+FuRs5jxbrujYqIBpRR3T
LnFvFir2Irvg7QjbJAy/BcEZD8MMQJPyxY9+zZy04gQCn1WIQPqVbHoqa2NzXhQm
4Zhmve4yu/xS/u2KH+58loOkqrd5dtFO9KiHcyVEza88NL7sEBytKNOYwxoha/m8
Lk4ftL55psvV3qE=
=m9KQ
-----END PGP SIGNATURE-----


Reply to: