-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 18 Jul 2023 17:50:00 -0500 Source: chromium Architecture: source Version: 115.0.5790.98-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chrom...@packages.debian.org> Changed-By: Timothy Pearson <tpear...@raptorengineering.com> Changes: chromium (115.0.5790.98-1~deb12u1) bookworm-security; urgency=high . * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. . * d/rules: - use system rustc installation * Add build-dep on rustc. * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes . [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. Checksums-Sha1: 64ccc71fea6d629ea2cc73426fd2705df9a6e2f9 3726 chromium_115.0.5790.98-1~deb12u1.dsc 1c5e0b541f568d54d7ec6ac0bd529eace0a8d69a 648265044 chromium_115.0.5790.98.orig.tar.xz 44e2a55901cfdc7464247bc3aa036c3887984651 371656 chromium_115.0.5790.98-1~deb12u1.debian.tar.xz 8c2848cb793fefce5f6f23a54ef6ff6e3583f7e8 21172 chromium_115.0.5790.98-1~deb12u1_source.buildinfo Checksums-Sha256: f6d9ed668c89b201021a67991e5047b8c1b31bda9f11684a795512c1d51c5a23 3726 chromium_115.0.5790.98-1~deb12u1.dsc 93076310b324d04f719881b179797a68fd630542ba39aab834af4162d1b75027 648265044 chromium_115.0.5790.98.orig.tar.xz 8c08457d94af1384356ec2814a7f35f55c1d2fe9fb82a96c672d7c8df475a351 371656 chromium_115.0.5790.98-1~deb12u1.debian.tar.xz 37deafb1c09870406daa1a6028e99d15b6a08f849d71956abbe3e83a6e16f104 21172 chromium_115.0.5790.98-1~deb12u1_source.buildinfo Files: fbdceb9fdcacb574358a295c16df3479 3726 web optional chromium_115.0.5790.98-1~deb12u1.dsc d19735a7fcce4705548051c142b22719 648265044 web optional chromium_115.0.5790.98.orig.tar.xz c43bd272846d62be2d6fff47b4a1a5d5 371656 web optional chromium_115.0.5790.98-1~deb12u1.debian.tar.xz e030116182244cd60f5459326e44255e 21172 web optional chromium_115.0.5790.98-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmS3gJ8UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjfvxQ//R6aQzd81jJVsbM238RHEk348pB8k kgQPfp60EwEwnR08bAOA9nGh2JP6nGqey2XlJQ01itTcjK15EK4dQFZwtjjEXX4E 1dSSfxbwibdNFOXen+jclMFHn0znB5jTLvdu5/SX4QVaMSPWpgtwHq457lkFvRXb kEnDIkOjV11M8VW5Hfqa6u2H73BG3qcG+a7p7jfRN407oMfE+NQWLC0PNB5w0E5/ wF/VdoapKpDlYIhWu9sL6nH8Hk0ibCZf3Q2uyYeqRzFpr/wbkc+wftyRIrqf1raA N75lSEci348S7Txg59M1zwWolbt8Wl5LhFadmi7IlrBFC/GBV+/0OXA/Fqk5U+XO zbcLdDZwwy94QGAaqcg3hnSx+5LytJb4+ep5/eF9cpd5k/qHzXOYAyVkHoDH564u LZwMJgyx+16HsJ4OurrTx3+vne+78CgUuRR5db742Nd3CU4jG7t97MAorSdgpxMS xEdSRjlA/hVKZtgVnNz2K8ddoHTpZeGWfIzkkL/+oD++thrXmb4TiN98p5bYxuWb ZbcNUWv1yPxav5x0deOe2R8y2B/vvus/LXx/zXPGccuKF3taevKxr+Q5cSisNvt0 zkFKMsP8GgYxVYoPAUYqHhhfjkdUbCI4Jlq0V+vThmwXA+gpEOoDqLGLC0yWowWr zKu+McF9Ip8gLEw= =M1Pj -----END PGP SIGNATURE-----