-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Jun 2024 21:31:56 -0400
Source: chromium
Architecture: source
Version: 126.0.6478.56-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high
.
* New upstream stable release.
- CVE-2024-5830: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
- CVE-2024-5834: Inappropriate implementation in Dawn.
Reported by gelatin dessert.
- CVE-2024-5835: Heap buffer overflow in Tab Groups.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2024-5836: Inappropriate Implementation in DevTools.
Reported by Allen Ding.
- CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
- CVE-2024-5838: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
Reported by Mickey.
- CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
- CVE-2024-5841: Use after free in V8.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-5842: Use after free in Browser UI.
Reported by Sven Dysthe (@svn_dy).
- CVE-2024-5843: Inappropriate implementation in Downloads.
Reported by hjy79425575.
- CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
- CVE-2024-5845: Use after free in Audio. Reported by anonymous.
- CVE-2024-5846: Use after free in PDFium.
Reported by Han Zheng (HexHive).
- CVE-2024-5847: Use after free in PDFium.
Reported by Han Zheng (HexHive).
* d/copyright: delete bullseye environment that upstream ships (??).
* d/patches:
- upstream/appservice-include.patch: drop, merged upstream.
- upstream/lens-include.patch: drop, merged upstream.
- upstream/mojo-bindings-include.patch: drop, merged upstream.
- upstream/ninja.patch: drop, merged upstream.
- upstream/no-vector-consts.patch: drop, merged upstream.
- upstream/vulkan-include.patch: drop, merged upstream.
- system/clang-format.patch: drop it; we broke it some time ago, and
didn't notice. Guess we don't need it?
- bookworm/clang16.patch: refresh.
- fixes/bad-font-gc00000.patch: refresh
- fixes/bad-font-gc11.patch: refresh
- fixes/bad-font-gc2.patch: refresh
- disable/signin.patch: refresh
- upstream/quiche-deque.patch: gcc build fix pulled from upstream.
- upstream/gpu-header.patch: add header build fix from upstream.
- upstream/blink-header.patch: add header build fix from upstream.
- upstream/blink-header2.patch: add header build fix from upstream.
- upstream/blink-header3.patch: add header build fix from upstream.
- upstream/realtime-reporting.patch: gcc build fix from upstream.
- upstream/urlvisit-header.patch: add header build fix from upstream.
- upstream/accessibility-format.patch: gcc build fix from upstream.
- bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
explicit constructor.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
for upstream changes
Checksums-Sha1:
25f48d7a518d94c2a19f6cfb1e459d90945e167f 3775 chromium_126.0.6478.56-1~deb12u1.dsc
e4867275d055f2cb7d3790d9e31ad72a33c86274 962541116 chromium_126.0.6478.56.orig.tar.xz
f354233a6b92e4939dd6a68307ee52ee9cc8dcd6 432320 chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
02ff27b6ecce3eff2c6b0b3f4fe375f555212383 21913 chromium_126.0.6478.56-1~deb12u1_source.buildinfo
Checksums-Sha256:
2992de9632d5f722cdf802511da583cc17097d3f9042669271a499fa72168c4e 3775 chromium_126.0.6478.56-1~deb12u1.dsc
8d914f722284ee25400b9ea501d377a6b630d2c9a1cb00c83feea9a487d87777 962541116 chromium_126.0.6478.56.orig.tar.xz
6fdb3979c43b63d77f584def86ab26a269476b5a62f06c036ecb32c1e42ad0ba 432320 chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
d2a0cff4a24288bfb6ceca23cdc18064fd16233b71f126f195b253cb6f6394c5 21913 chromium_126.0.6478.56-1~deb12u1_source.buildinfo
Files:
96c99370572d671abe1066e5b2fe05c8 3775 web optional chromium_126.0.6478.56-1~deb12u1.dsc
cf298e36c87cf391def94420201703e6 962541116 web optional chromium_126.0.6478.56.orig.tar.xz
79dd10f7a5662857661166a90878249c 432320 web optional chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
1338fd4ef9636821732d4d82ccdab158 21913 web optional chromium_126.0.6478.56-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZryxMUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjed4w/+N+qGADXxlvo4CsVk1Fx55ym/Bn+t
5RA5U4DtDYPfCBTzkNUki+MqH7ec813fYjj16rJ6FGDdUjpOZnLuCMWVCuaOcxV7
W2mbVEE7rvsFc25oc5vqr83+HRxC42V2Pit2SuIEs3W779WRvADhDpWTEfe8JoqE
c6gQpNvMd+yzZ/VbhorP6Nont4hQk4sOdUcjvuxrUrp1HdKhiUmowp9JT2OUug/b
UYknBl0kYMLwo2/IPPAFL6KEjOkXJRzUt97G1w9cGUuU+iBVG8SJNOyzelED14iB
FrSWGt74p5qoTknk/vELJaJwH+1UWcT7Kez5H9M/el+i6NKMDQyPNL4xC1IshcCR
REqDe7d2YoaY7f4iQ9nH/+cxaiJFKTuVRw3wmZNIDdK+PP5FDoHZEqgvUcozlEUp
aMKdq2lL/8yLq/wqtaGoj0CekrSsNNon0L92Elh/SasgIld+Oo+w9UdoPNPEmBFZ
XceeAXrqFf3drh2ky3gPjc5rI0+7aeWNQ1i7ip1PBJPBTSRLpyVIxraiywsnJVwm
1P0C1TuVYHOmCPDJqYAFdz602UKs9qefBMZxqRNI6UQXVJpO09a1ZzaTqY8+86+g
cYpbP+67XPPVB+VHnVWBSLvMnIrEkjJBUrIa5QCDE74VQaxM4ijQlBUt+GP+OcDr
6wfwKBEaUHwyZcs=
=q4A6
-----END PGP SIGNATURE-----
Attachment:
pgpOzu9qUswX4.pgp
Description: PGP signature