-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Jan 2023 13:01:02 -0500
Source: chromium
Architecture: source
Version: 109.0.5414.74-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (109.0.5414.74-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani.
- CVE-2023-0129: Heap buffer overflow in Network Service.
Reported by asnine.
- CVE-2023-0130: Inappropriate implementation in Fullscreen API.
Reported by Hafiizh.
- CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
Reported by NDevTK.
- CVE-2023-0132: Inappropriate implementation in Permission prompts.
Reported by Jasper Rebane (popstonia).
- CVE-2023-0133: Inappropriate implementation in Permission prompts.
Reported by Alesandro Ortiz.
- CVE-2023-0134: Use after free in Cart.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2023-0135: Use after free in Cart.
Reported by Chaoyuan Peng (@ret2happy).
- CVE-2023-0136: Inappropriate implementation in Fullscreen API.
Reported by Axel Chong.
- CVE-2023-0137: Heap buffer overflow in Platform Apps.
Reported by avaue and Buff3tts at S.S.L..
- CVE-2023-0138: Heap buffer overflow in libphonenumber.
Reported by Michael Dau.
- CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
Reported by Axel Chong.
- CVE-2023-0140: Inappropriate implementation in File System API.
Reported by harrison.mitchell, cybercx.com.au.
- CVE-2023-0141: Insufficient policy enforcement in CORS.
Reported by scarlet.
* d/patches:
- upstream/re-fix-tflite.patch: drop, merged upstream.
- disable/catapult.patch: refresh
- disable/angle-perftests.patch: refresh
.
[ Timothy Pearson ]
* d/patches:
- Regenerate ppc64le configuration files from source
- Fix register corruption in v8 on ppc64 systems
Checksums-Sha1:
e0c613d81256fa4a89310b40cef8a88b7bf362e8 3684 chromium_109.0.5414.74-1.dsc
adba23110c9c93cbbd4a7a16fa51823c06455e45 627758412 chromium_109.0.5414.74.orig.tar.xz
8ace7dfc11359265fd87cdd16de8bd4af3593c87 294908 chromium_109.0.5414.74-1.debian.tar.xz
996022d3196f03e2db5668f42da311bca180545d 20665 chromium_109.0.5414.74-1_source.buildinfo
Checksums-Sha256:
fbe21e36ccf78e330be90aab3be43a668b3c76da6516c376fcb370dbb7152d17 3684 chromium_109.0.5414.74-1.dsc
5cd1efa161a61d5a44c46e77ee17fa94ab26232ce5832dca00d5b4726d0b8020 627758412 chromium_109.0.5414.74.orig.tar.xz
65e030b7608d3fbbf0abd16eef35db2828579749d66014247b0a959a4dc284cf 294908 chromium_109.0.5414.74-1.debian.tar.xz
4994f059272b0cf3dfc18ca717386838fed8c2d79236301b8af392e60b66797f 20665 chromium_109.0.5414.74-1_source.buildinfo
Files:
0fb5c72edd9ec5f79441cb379f322a2e 3684 web optional chromium_109.0.5414.74-1.dsc
82ecc27de0c1a7ad840ce7f740de6b32 627758412 web optional chromium_109.0.5414.74.orig.tar.xz
9c3c08c8bc73ef6ac63b86f3a799e182 294908 web optional chromium_109.0.5414.74-1.debian.tar.xz
38a3ecfd13f8e5683bbdbd4e8f0399b7 20665 web optional chromium_109.0.5414.74-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmPAUoUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcyMxAAt0uhtJdlVb2dGi5U+ch9wnJLdEFY
CPt5Yni7sOKPiAEzTvZr/SDz5iX/0m7rSqeQV8kWS3tuigE5Hi45PhlVMNyo5WM9
xNs5HEw8odx3g3iCkJlE3VGjnlLB9lMSr+UYX2AfHPR2+hwZq7SRikDtC4tJ/LoR
VugIs+Pb3Tu8L8LWa5tbecL+5qMMzvlh6bvkfLkwAVeUK+VoRggJWPJ08dnG/0oF
WEMxrusxqTNSYPXAgkMbF/ToExvUdQqSYpeDmGMTKB+pQO8TNMFqVryJZoB+1EEG
UVvwd1XzI0FXAlhyTag4DplK0NywWMR+VSgHeBmpvIMg3FMUIh7nfANW7gAhaZki
+wdlgpTpMm8M0M6pwlICOOKCNo+ny7YXezajc44N/d4ALxyxzBoyqmU+UPAdPcTD
/M2Pd0pAsRxDKhx+blQG0En0d/zCOVxN1JNLlR6+H0Eaj8e4h3eAnmOpsiEec3bw
kMFgOwJNC1nxzJljPlWptm5Ap0nYrdeOrK+aj9Ee6yNSTP71Q5Ksc5WpJf2IP20n
c2IAu1q9W92To91J4Cf7encA5E0JLhFkBJkZRwQIOSZapjG8XmU1S9UZFOhWD7Hd
QvUycwne4gpR4L9qil+Yy7U8ZkE3/SDmDie8Gbzc3c24XvvhgQUcbP8pRf6Dlan8
80UlGDHJPnOb+Vk=
=uZLO
-----END PGP SIGNATURE-----
