Accepted chromium 116.0.5845.96-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 16 Aug 2023 04:48:02 -0400
Source: chromium
Architecture: source
Version: 116.0.5845.96-2
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (116.0.5845.96-2) unstable; urgency=high
.
* d/patches/upstream/limits.patch: Add a build fix for arm64.
* The follow CVEs were fixed in the prior release and I forgot them.
- CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L..
- CVE-2023-4349: Use after free in Device Trust Connectors.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-4350: Inappropriate implementation in Fullscreen.
Reported by Khiem Tran (@duckhiem).
- CVE-2023-4351: Use after free in Network.
Reported by Guang and Weipeng Jiang of VRI.
- CVE-2023-4352: Type Confusion in V8.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-4353: Heap buffer overflow in ANGLE.
Reported by Christoph Diehl / Microsoft Vulnerability Research.
- CVE-2023-4354: Heap buffer overflow in Skia.
Reported by Mark Brand of Google Project Zero.
- CVE-2023-4355: Out of bounds memory access in V8.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-4356: Use after free in Audio.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2023-4357: Insufficient validation of untrusted input in XML.
Reported by Igor Sak-Sakovskii.
- CVE-2023-4358: Use after free in DNS.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-4359: Inappropriate implementation in App Launcher.
Reported by @retsew0x01.
- CVE-2023-4360: Inappropriate implementation in Color.
Reported by Axel Chong.
- CVE-2023-4361: Inappropriate implementation in Autofill.
Reported by Thomas Orlita.
- CVE-2023-4362: Heap buffer overflow in Mojom IDL.
Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
- CVE-2023-4363: Inappropriate implementation in WebShare.
Reported by Alesandro Ortiz.
- CVE-2023-4364: Inappropriate implementation in Permission Prompts.
Reported by Jasper Rebane.
- CVE-2023-4365: Inappropriate implementation in Fullscreen.
Reported by Hafiizh.
- CVE-2023-4366: Use after free in Extensions. Reported by asnine.
- CVE-2023-4367: Insufficient policy enforcement in Extensions API.
Reported by Axel Chong.
- CVE-2023-4368: Insufficient policy enforcement in Extensions API.
Reported by Axel Chong.
Checksums-Sha1:
3af81068e46d7eead8b21bdce7b01ba5d7f2af53 3711 chromium_116.0.5845.96-2.dsc
ec557a467703435e0fe8cc594af3d5fe0f43c2be 382652 chromium_116.0.5845.96-2.debian.tar.xz
4410b2a68c6c677de9c893219764c7facb729e57 21176 chromium_116.0.5845.96-2_source.buildinfo
Checksums-Sha256:
f27228ef5a1194037721a8f489c510c023d6ac7baee16c2c2b91447a3cdd29a9 3711 chromium_116.0.5845.96-2.dsc
c044f8bb89b7a231c2efe0d7a066e4282c835fbd2b5bdf56e3fab4c892f2bba8 382652 chromium_116.0.5845.96-2.debian.tar.xz
ba026d5ed3ea433ba7076812465916838c0cc2c8922c50dfa405bf5900b6dccf 21176 chromium_116.0.5845.96-2_source.buildinfo
Files:
e8367f2989247bcd15f0b31660646c87 3711 web optional chromium_116.0.5845.96-2.dsc
6e4fff2e6124ea41b447abfaba38b65b 382652 web optional chromium_116.0.5845.96-2.debian.tar.xz
31f71a864d4e40fbb33e3d0f55b0e9ad 21176 web optional chromium_116.0.5845.96-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmTckdUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcouQ//VxoWsRfj4caftsohIKQftO8/cNDY
eTDX6nzi0lnBs+4WYrtm64ojvw6E3JSVehQ2TCxywVG8MO+rPw/avQlAfpGk7xnE
n90d7Q+iGFmUBxqnVqmjsIV1j0NycluXTmDHgSAzEh5rwiNBsDhSFbcSUNXqMydN
y0CDcvQX8CkNiwlteoV00CllTkmHh9m5oEUTCN0aUTTphBe4yk6+m9HWlu8UJT/j
FZXXobV8w1u6J+wF0+Fq8T+nVen26XEvnhRoULi+NHWOl5u3kTtlsqr4o8JYry9L
gHf4HiH4XXOV81CI/ptkLycrXBPrZoJ4AFUaP73YLaQXNeKWw1V1EUzKR1DTT2gw
YHi8BkklPVDnL4lIYocEK4Case+7VGFcBKbXF5SvO/h/6I9zzYNqKBaiObzz36PI
Z8hwvcmZv6V1/yPMeMprd7hdBLTIawxjXRGPfQOdITHXTP3/aW70HldYb+nP8DFj
c3cGkuUZ22JOS9Y9wk9fpX88YDBOOlew7wCVEway3qNlL3z3VCaG60DftDZFil7r
215JOrTCMJtZSVKpvM8jIue+gfiBrApXB7LP/FqOs2tBjaq+rneTkALx9rdbqKdp
izAaaAccz9pZuKjXcc42uYnSYB/zq0SlOS/eV9dEwCfStxg2tew7OULQJ9a9eFcA
Kn3B9pYyeBb4xwU=
=FoHX
-----END PGP SIGNATURE-----
Reply to: