[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted chromium 123.0.6312.105-1~deb13u1 (source) into testing-proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Apr 2024 20:11:03 +0000
Source: chromium
Architecture: source
Version: 123.0.6312.105-1~deb13u1
Distribution: trixie
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1066235 1066910 1067886
Changes:
 chromium (123.0.6312.105-1~deb13u1) trixie; urgency=high
 .
   * Rebuild for trixie.
 .
 chromium (123.0.6312.105-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-3156: Inappropriate implementation in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish.
     - CVE-2024-3159: Out of bounds memory access in V8. Reported by
       Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto
       Networks, via Pwn2Own 2024.
 .
 chromium (123.0.6312.86-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2883: Use after free in ANGLE.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-2886: Use after free in WebCodecs. Reported by
       Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024.
     - CVE-2024-2887: Type Confusion in WebAssembly.
       Reported by Manfred Paul, via Pwn2Own 2024.
   * d/patches/ppc64le:
     - fixes/fix-clang-selection.patch: select clang on ppc64 platforms
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix
       ARM builds.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of
       upstream commits that result in blink's garbage collector frequently
       deadlocking and crashing (closes: #1067886).
 .
 chromium (123.0.6312.58-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2625: Object lifecycle issue in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-2626: Out of bounds read in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-2628: Inappropriate implementation in Downloads.
       Reported by Ath3r1s.
     - CVE-2024-2629: Incorrect security UI in iOS.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-2630: Inappropriate implementation in iOS.
       Reported by James Lee (@Windowsrcer).
     - CVE-2024-2631: Inappropriate implementation in iOS.
       Reported by Ramit Gangwar.
   * d/patches:
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/bookmarknode.patch: drop, merged upstream.
     - upstream/optional.patch: drop, merged upstream.
     - upstream/uniqptr.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/material-utils.patch: drop part that was merged upstream.
     - disable/catapult.patch: refresh.
     - bookworm/constexpr-equality.patch: include another similar fix.
     - bookworm/nvt.patch: refresh.
     - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - disable/angle-perftests.patch: drop, replace with a gn build argument.
     - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
       clap-lex crate, as it's using 1.74 features and we only have 1.70.
     - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
     - fixes/optional2.patch: add another missing <optional> inclusion.
     - fixes/stats-collector.patch: add build fix for wrong header.
     - disable/screen-ai-blob.patch: add patch to not register the
       ScreenAI component. Previously, if you opened a PDF and clicked
       "open in reader mode", it would download a binary blob to
       ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
       what else) in that opaque blob without warning you. We, uh, don't
       want that. (closes: #1066910).
   * d/rules: add angle_build_tests=false build argument, which allows us to
     drop angle-perftests.patch.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/blink-fonts-shape-result.patch: pull in upstream patch for
       compilation failure in Blink SameSizeAsShapeResult class
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/skia-vsx-instructions.patch: refresh & harden Skia against
       timing attacks.
 .
 chromium (122.0.6261.128-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2400: Use after free in Performance Manager.
       Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
 .
 chromium (122.0.6261.111-1) unstable; urgency=high
 .
   * New upstream security release.
     - CVE-2024-2173: Out of bounds memory access in V8.
       Reported by 5fceb6172bbf7e2c5a948183b53565b9.
     - CVE-2024-2174: Inappropriate implementation in V8.
       Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - CVE-2024-2176: Use after free in FedCM. Reported by Anonymous.
 .
 chromium (122.0.6261.94-1) unstable; urgency=high
 .
   * New upstream security release.
     - Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8.
     - Type Confusion in V8. Reported by
       Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab.
Checksums-Sha1:
 b3838c548a757c3747f4b62c786b1aee39e77b4d 3758 chromium_123.0.6312.105-1~deb13u1.dsc
 9a3bcdc0f345b816438d0fc36e5d7a5c998f7397 407280 chromium_123.0.6312.105-1~deb13u1.debian.tar.xz
 d72c8ebdae417a81c4a37c24b6a76fe97ed87222 21713 chromium_123.0.6312.105-1~deb13u1_source.buildinfo
Checksums-Sha256:
 d3e5c4b46a63ebd54fa847af211ba9c8a8ada2aa558614f0ff8b488a54b760fe 3758 chromium_123.0.6312.105-1~deb13u1.dsc
 3fff3529b9746b9fe0ce6c69540b7d04f53633c85c5140af6d08db520e2576ff 407280 chromium_123.0.6312.105-1~deb13u1.debian.tar.xz
 8518c25f84cbbe1d80fbc464a3d5fb875d15c9e856d001c6188f29dc1f441ea8 21713 chromium_123.0.6312.105-1~deb13u1_source.buildinfo
Files:
 2e8d5ac50c4c1b52f9c837b629f7a9da 3758 web optional chromium_123.0.6312.105-1~deb13u1.dsc
 1b57d22c4a8f971e76cef19bd51be695 407280 web optional chromium_123.0.6312.105-1~deb13u1.debian.tar.xz
 c7416b50a65f65f1c4c51201dc4cefa6 21713 web optional chromium_123.0.6312.105-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYNvUEUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfhNxAAk4rn8c1MQrtsNcYaRDgMiVBLQILm
2EfArUXT1Wl4xY08bnxNEZ+hBu2aQXATmvsTrLW+q4nZQaCwUY15lD6mwJWZeMiq
FN00zP3d2s5t4tQm4jVTFaQ0N/vdQfe9paZlJOBp3DapWOeoNDbs5GRC2577CdTh
uZ4Zv+1AtMOLJbYIAZuctHH6oY6fn47xJV0CC5bc/yNPX0AaBdMHAYg/KA3IxReN
lRF1bzBFDRfXfMDWXK74NV7jDieIxexa7zVq/n+R9fpKWHsxstkkXAqLvTHzyJz+
L2OZG2tZmEuIfQ9Ok4w35Bai47HdgzvgI8bzUYBEOLrb6GJYgVXRSo+ww0upvZZx
yGWHEx4buXhdpGN11j/3EFwi1k4n8UqygOg+fi6RnpO/9et85D0ITKnU40utD/C3
46GBmT88GxbELpBXSgNAj//60OimMHoBqETdDdOb7uwDueojh//ZZWgydDvmlpq8
K+JOCFZ3ghFwQQl4cmxtregWx9SEdu8jd5hUjuJ6vIeLKZIw11+Hz+iU9SZqaWwo
nif9H2asIhwKi7JzvCeGkqjPSPGyzrTv0uUGsWS9kIpFzC0bt+OstdRKKifkkfI2
p//R43ElSzVXm2RXJHieSmm/kOF6beV12UIh5PiFwVvU+0X4dMc/nz/3Bg3qjp5V
T11FqwB3y+uYkTw=
=xL+l
-----END PGP SIGNATURE-----

Attachment: pgpJm4N18Pspy.pgp
Description: PGP signature

Reply to: