-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Jun 2024 21:31:56 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 126.0.6478.56-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
chromium - web browser
chromium-common - web browser - common resources used by the chromium packages
chromium-driver - web browser - WebDriver support
chromium-sandbox - web browser - setuid security sandbox for chromium
chromium-shell - web browser - minimal shell
Changes:
chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high
.
* New upstream stable release.
- CVE-2024-5830: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
- CVE-2024-5834: Inappropriate implementation in Dawn.
Reported by gelatin dessert.
- CVE-2024-5835: Heap buffer overflow in Tab Groups.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2024-5836: Inappropriate Implementation in DevTools.
Reported by Allen Ding.
- CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
- CVE-2024-5838: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
Reported by Mickey.
- CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
- CVE-2024-5841: Use after free in V8.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-5842: Use after free in Browser UI.
Reported by Sven Dysthe (@svn_dy).
- CVE-2024-5843: Inappropriate implementation in Downloads.
Reported by hjy79425575.
- CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
- CVE-2024-5845: Use after free in Audio. Reported by anonymous.
- CVE-2024-5846: Use after free in PDFium.
Reported by Han Zheng (HexHive).
- CVE-2024-5847: Use after free in PDFium.
Reported by Han Zheng (HexHive).
* d/copyright: delete bullseye environment that upstream ships (??).
* d/patches:
- upstream/appservice-include.patch: drop, merged upstream.
- upstream/lens-include.patch: drop, merged upstream.
- upstream/mojo-bindings-include.patch: drop, merged upstream.
- upstream/ninja.patch: drop, merged upstream.
- upstream/no-vector-consts.patch: drop, merged upstream.
- upstream/vulkan-include.patch: drop, merged upstream.
- system/clang-format.patch: drop it; we broke it some time ago, and
didn't notice. Guess we don't need it?
- bookworm/clang16.patch: refresh.
- fixes/bad-font-gc00000.patch: refresh
- fixes/bad-font-gc11.patch: refresh
- fixes/bad-font-gc2.patch: refresh
- disable/signin.patch: refresh
- upstream/quiche-deque.patch: gcc build fix pulled from upstream.
- upstream/gpu-header.patch: add header build fix from upstream.
- upstream/blink-header.patch: add header build fix from upstream.
- upstream/blink-header2.patch: add header build fix from upstream.
- upstream/blink-header3.patch: add header build fix from upstream.
- upstream/realtime-reporting.patch: gcc build fix from upstream.
- upstream/urlvisit-header.patch: add header build fix from upstream.
- upstream/accessibility-format.patch: gcc build fix from upstream.
- bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
explicit constructor.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
for upstream changes
Checksums-Sha1:
a25382136f93650a0c5927a946c0041e301b78c3 1269092 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
9e49082dd931ee9d375a416021fe4cf3c4fb320b 5306160 chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb
28a6ee9b0052a70401eb63af9d563af0b3f848b7 29770996 chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
edbef48596bac51ec39876668d366831ade688a9 6735336 chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb
762b0027b04570d3ef124d7ee6076cba0dc63c30 14300 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
14168369dc297a412e99d2bcfdb4e4864a73bed5 91120 chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb
3a18b680abb602d3af7aef564afe02055560739e 24867964 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
897c3817ca6fc68f1f4a416cad0fdeadd58d8b79 52587880 chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb
1fe89bbad33984ebd6fa59ded68466cced165229 24635 chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo
2b8a667f64f679b6b28f1ac20c4cb8af7d3abeab 75179612 chromium_126.0.6478.56-1~deb12u1_ppc64el.deb
Checksums-Sha256:
f49ed0f71c840fb9e6acdf7f12047c4ee27024a9269c9b82a38407732607d076 1269092 chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
06bcfeeb349cbb9456878fe09d5bf333ff8e3192ee76a4fd5dbf82fa9a4b9ffb 5306160 chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb
029302cdb46741f5b21b523e70cd884e0222f1567cc9f0b86e052eda3c4bda4a 29770996 chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
81502ebad60df809264bf582de87e2ab75ff8b942c96a04bd2a927147cc9bd3e 6735336 chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb
def2ae6a3641f551af3c3d8df498848c392d1e009e90c2ff96a4be5f81ae9349 14300 chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
dc56356c00bfe1ef97a513f501a1d60a10543348e9a22ef34d4ad13934359511 91120 chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb
d1565940dfe9e9384ecc29d42dd0eae1c5b3ddc5bd14d9b6c8e5578cb1119de1 24867964 chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
ec0188c294afef6414466bc3d291c020244fc19f3c302cf065d2e935aa3ecb3a 52587880 chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb
5efebdf761d7f4be4eb1d663121bf996497a9c2f35ccd211d9d13426307956e5 24635 chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo
daa4fbaef853d4b3834367511a234618edad6674fce9c2460ee22172ae496d18 75179612 chromium_126.0.6478.56-1~deb12u1_ppc64el.deb
Files:
ec77b110861b38bd3162d46c4e2057fd 1269092 debug optional chromium-common-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
a3e6392a1cb7f88f86799cf83ee4fc84 5306160 web optional chromium-common_126.0.6478.56-1~deb12u1_ppc64el.deb
08baaa4b09211040332f940fa282e75d 29770996 debug optional chromium-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
5affd43e7ced7a0b8e80f0c8ff91ec94 6735336 web optional chromium-driver_126.0.6478.56-1~deb12u1_ppc64el.deb
ad33a98dab44f6769eac9e69ab24881a 14300 debug optional chromium-sandbox-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
a4463d2bd63826e1738bf61f36ea67ae 91120 web optional chromium-sandbox_126.0.6478.56-1~deb12u1_ppc64el.deb
d06f5489e75f0bbc3eef71b62be954fd 24867964 debug optional chromium-shell-dbgsym_126.0.6478.56-1~deb12u1_ppc64el.deb
a5f5a190995f4d502e40e4cd0b941548 52587880 web optional chromium-shell_126.0.6478.56-1~deb12u1_ppc64el.deb
1c19766b7f7707418753d51e3621c233 24635 web optional chromium_126.0.6478.56-1~deb12u1_ppc64el-buildd.buildinfo
6638e1aa68c6ee37b55edcdb482a997b 75179612 web optional chromium_126.0.6478.56-1~deb12u1_ppc64el.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE8YyVP0bbbFwKPsGN0jKBgzfto4IFAmZsPiUACgkQ0jKBgzft
o4IV1A//WUOvLMc24JYQ0OC3MrDd3Xj1ZbjtludpSlGW0PK83mR03w2gMIZHPA42
fPFmGGD9mcLXQtkhAmdcsdTDMKXm9Qua6+BSOYr3UYgOIteECJwEocBY8BDNo165
YZioEQu3sXRKCEq3Mm1n/NoZP832kKcMePD+VJeVJzfvYTe1DByReCnKIS/q70fI
xkv0aVBPwWlZs8l8Kpa7gClOJonXo7s8CLscIFiXnYSL1pGbl/z5ko0i6EhJppCQ
MifZIKZ8sgZ7WjcxZG/CVtm0a2tdBIZR/zJvpDAuwKMiSAB7QXWIZrxvBSHREZwd
ZA+GeB9yHsXyOSgUW7gAYPCbu5sqLTh/5ucnKIgxvAo2mGxXxcYh4QSkTvbhottR
Z33slQNO2Im9o1xvmdvZOtH7xqq7QIBk+4xNLlVgGWtBa7RDaItE4RF5JVRHWj1+
WiUIq7vniBH/z01kUwrU+7iK6mdBpDKf/iAdx85fCNqPuxIQuv+7/alWH+Qs72+V
wl+L2trKRSk2L7E2MWVEquBNekj9WDTqzEHkBg0lXEZIJ14ElKrWjOO6WiQ4qrPe
EH6DCX64PVH2hgKnStchnRxo+LcLgywpHgHx8ErYlRklzA1FPKFGbJ73sJYb9NCa
0aLCFXY3MqVFSubuWE+jPQHq/uXETkRIUoHZLtJikPaUsQ+dZCI=
=dVbE
-----END PGP SIGNATURE-----