-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 21 Feb 2024 19:56:32 -0500 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 122.0.6261.57-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (122.0.6261.57-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous. - CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen. - CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien). - CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg. - CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko. - CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani. * d/patches: - fixes/v8-compressed-ptrs.patch: drop, merged upstream. - fixes/stdint.patch: drop, merged upstream. - upstream/vector.patch: drop, merged upstream. - upstream/display-header.patch: drop, merged upstream. - upstream/bitset.patch: drop, merged upstream. - upstream/once_flag.patch: drop, merged upstream. - fixes/std-to-address.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - bookworm/clang16.patch: refresh, and change -Wno-c++11-narrowing-const-reference to -Wno-c++11-narrowing. - bookworm/nvt.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - bookworm/undo-internal-alloc.patch: revert a commit that confuses clang16 w/ libstdc++. We need a better workaround than this. - upstream/mojo.patch: update from git. - bookworm/constexpr-equality.patch: add a few more build fixes (constexpr removals). - upstream/uniqptr.patch: add missing include. - upstream/optional.patch: add missing include. - upstream/bookmarknode.patch: add comparison equality fix pulled from upstream. - fixes/optional.patch: add missing includes. - bookworm/nvt2.patch: revert another upstream c++-20 change for clang-16. - upstream/bitset.patch: add missing include. - ppc64le/v8/0002-Add-ppc64-trap-instructions.patch: refresh. - bookworm/eraseif0.patch: revert another commit; needed by eraseif-lambda.patch. - bookworm/eraseif-lamba.patch: refresh. - bookworm/undo-rust-req.patch: refresh. - bookworm/bubble-contents.patch: remove static_assert() that fails with libstdc++12. . [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Properly-detect-little-endian-PPC64-systems.patch: drop, upstream fix in GIT hash 25a6e6 - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes Checksums-Sha1: 99831659b2f8004ab9b1c5e2af7d0b395fe1aa57 871336 chromium-common-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 4816e4b06ab5002e3cee1f7d7b3474a7ecfaac3e 5200736 chromium-common_122.0.6261.57-1~deb12u1_ppc64el.deb 649d2d3ac5a68eb3f1a46a5d0156c2c944f483d7 32214704 chromium-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 106844f4fccfe0d5d7c8e9affd697c8621010563 6445896 chromium-driver_122.0.6261.57-1~deb12u1_ppc64el.deb 16c4130b69806cd1a53ebef88245225dc02ed73c 14352 chromium-sandbox-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb af81fe105104e5db2c54e21a15a5575b5908ce8e 86672 chromium-sandbox_122.0.6261.57-1~deb12u1_ppc64el.deb ba977c01388af6d907e8633f5da3390118bb3233 24710432 chromium-shell-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb dac9f09618d6cb63cb7fb32a3ea04629633d0c46 52627708 chromium-shell_122.0.6261.57-1~deb12u1_ppc64el.deb da4510a88ac4b43a25fce54eeeba7799fc662cd5 24341 chromium_122.0.6261.57-1~deb12u1_ppc64el-buildd.buildinfo b3e421875132ec2c4ff2b3eac48c425a6801aa52 75985020 chromium_122.0.6261.57-1~deb12u1_ppc64el.deb Checksums-Sha256: e3e870bc3a1f62adf1e8f6051ba65828f6c000ba4c12add74d7f9efc7b41a5c6 871336 chromium-common-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 9d405e695a03accd0008886a87f2c15d3abb273efac86d77195ac0556f16312b 5200736 chromium-common_122.0.6261.57-1~deb12u1_ppc64el.deb 90b0a3bb0b1479fd3d1ab75a571383f12760a00850801655d2111857fd1a9b1a 32214704 chromium-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 5e4bc412e278850e4cf26dcba79bb742da0924d9c9defdb530783c9ea5dbd26c 6445896 chromium-driver_122.0.6261.57-1~deb12u1_ppc64el.deb 58cd8da669382e71ec028a302d204537e6048882a1bec2555f9ecd2dcadc8c47 14352 chromium-sandbox-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb a962adad35463117161e2da8dcde3ba5d03077d40110eec32f868ac9959cc17d 86672 chromium-sandbox_122.0.6261.57-1~deb12u1_ppc64el.deb d10271160d93391a7ee2cb5e70c4fdcb0f556fd0f2eb3d28f0c74ad01143855a 24710432 chromium-shell-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb aed66c34c4ec6b6708c1a544231352fbfdbd1482b4bb5ed18b955af4576c5db6 52627708 chromium-shell_122.0.6261.57-1~deb12u1_ppc64el.deb 65699f3c454a8077d4345fbcaffdedc0871c71bc94f97011b86df2d781701da7 24341 chromium_122.0.6261.57-1~deb12u1_ppc64el-buildd.buildinfo 221d0f8bf28e04612f7e07943438f03e3c5293b37790f34c154947e543990c43 75985020 chromium_122.0.6261.57-1~deb12u1_ppc64el.deb Files: 2682dee6d396480e1ce08890b4168a0b 871336 debug optional chromium-common-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 6623801f7d65a1cee12fa70d150d09cd 5200736 web optional chromium-common_122.0.6261.57-1~deb12u1_ppc64el.deb 3c077764177e1a0d90d74270e2ab464c 32214704 debug optional chromium-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb c6a71d0a2e390a9bba081b10d27742e8 6445896 web optional chromium-driver_122.0.6261.57-1~deb12u1_ppc64el.deb a801db02b5943de29f312fcd25d79c89 14352 debug optional chromium-sandbox-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb 7c30db19fcf3fa82a043f249508722d4 86672 web optional chromium-sandbox_122.0.6261.57-1~deb12u1_ppc64el.deb 15470747f617894b9eda2c112af6d8b0 24710432 debug optional chromium-shell-dbgsym_122.0.6261.57-1~deb12u1_ppc64el.deb d76c45d770d1388d900f4545feb89897 52627708 web optional chromium-shell_122.0.6261.57-1~deb12u1_ppc64el.deb 6906d19aa3407421252b00eab8d85725 24341 web optional chromium_122.0.6261.57-1~deb12u1_ppc64el-buildd.buildinfo 45dde019120327b85ce1dcc2d792191e 75985020 web optional chromium_122.0.6261.57-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmXYEV4ACgkQY7DdE4sW Z/X9mhAAmo5XQbvq7bJGnuEYoCM+aGB2gNuJAdcOMv5WUlJieDhKKn8KU4OQGAOI mga8840XvnU6WF0qfzCDG0yNjiohQ8ehuhue9eqd/rXLI/ywgV2PWAXRfJlDhnss j9i/jMKAamBN4PFOqbefnenez5+nUXm03JcjrJ14Oo0hfvdT9iS9CuiO3QlqMBZE uN238DYbOIZImj0j0Uug074dXDll8UOhl+JFiWuasDpA8bTklFSgK7y+RWfzIznw xEYBDaHPESAC95qGU45M4mV2APp34rIdzQ3Y3MDPNJthdAPuKRXsQBaQ7iMKGBwC q7wYHDE5P4n72FE+AE5dxF8y5OKjS45maHmZFjilNZWx6WE/dEyMDsvGLYc+3/ky 7PmqYezoo8ViNdQFs3C18Q4R1AmgK0J+ePzp8uzIdOAybjSWiKSLyK4aTSuql6Z4 sS/hEr3csXLWTmVysGJQTOJb5sdIt584F1DCDl9pRhpVAQOand5ql0RKdq6HPjAQ pD45Or8fCzAvM+2he4gXU/Wo++S4jAndCo5Y9+ttPXCYH3J3kOTK89aBthpxZu0T mUt5FFD3/vbDpzxIA13n+N/T8OO+j6aew0aFi2PyBkdC/bArRTghsHaSjiDDJyQY UF95pyN73U/ExUSTHHUU3vyRkMO/PEzCzeF2aHgPOzH4hGP91c8= =3Y/J -----END PGP SIGNATURE-----