Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted chromium 114.0.5735.90-2~deb12u1 (source) into testing-security
Date: Sat, 03 Jun 2023 14:06:05 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 31 May 2023 12:36:00 -0500
Source: chromium
Architecture: source
Version: 114.0.5735.90-2~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (114.0.5735.90-2~deb12u1) bookworm-security; urgency=high
 .
   * d/patches:
     - Add upstream/feature-list-static.patch
       This patch fixes an out of scope array access that can lead to crashes at startup
 .
 chromium (114.0.5735.90-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2023-2929: Out of bounds write in Swiftshader.
       Reported by Jaehun Jeong(@n3sk) of Theori.
     - CVE-2023-2930: Use after free in Extensions. Reported by asnine.
     - CVE-2023-2931: Use after free in PDF.
       Reported by Huyna at Viettel Cyber Security.
     - CVE-2023-2932: Use after free in PDF.
       Reported by Huyna at Viettel Cyber Security.
     - CVE-2023-2933: Use after free in PDF. Reported by
       Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong.
     - CVE-2023-2934: Out of bounds memory access in Mojo.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-2935: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-2936: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-2937: Inappropriate implementation in Picture In Picture.
       Reported by NDevTK.
     - CVE-2023-2938: Inappropriate implementation in Picture In Picture.
       Reported by Alesandro Ortiz.
     - CVE-2023-2939: Insufficient data validation in Installer.
       Reported by ycdxsb from VARAS@IIE.
     - CVE-2023-2940: Inappropriate implementation in Downloads.
       Reported by Axel Chong.
     - CVE-2023-2941: Inappropriate implementation in Extensions API.
       Reported by Jasper Rebane.
   * d/copyright: properly delete some android & chromeos stuff.
   * d/patches:
     - fixes/clang-and-gcc11.patch: refresh.
     - upstream/webview-cstr.patch: drop, merged upstream.
     - upstream/monostate.patch: drop, merged upstream.
     - disable/unrar.patch: additional upstream changes required more reworking.
     - disable/android.patch: refresh, & add one more build fix.
     - disable/catapult.patch: refresh.
     - disable/swiftshader.patch: refresh.
     - disable/angle-perftest.patch: refresh.
     - system/jpeg.patch: refresh.
     - upstream/mojo.patch: regenerate from git.
     - upstream/sizet.patch: add an upstream build fix.
     - bookworm/typename.patch: include more build fixes.
     - bookworm/lambda-bug.patch -> bookworm/structured-binding-scope-bug.patch,
       and add another place it's happening (turns out it's not just lambdas).
   * Add build-dep on libevdev-dev - now required by upstream.
 .
   [ Timothy Pearson ]
    * d/patches:
      - Refresh ppc64le patches
Checksums-Sha1:
 8e8a28bbb937aa5147664d3cc3b31a23ec81baf8 3719 chromium_114.0.5735.90-2~deb12u1.dsc
 b39cca4f9df9d089c1fe6171b57d908e8b3f14a8 636061904 chromium_114.0.5735.90.orig.tar.xz
 4d6d95a671b08f45d25f0afbbeacf84ae000ec58 353756 chromium_114.0.5735.90-2~deb12u1.debian.tar.xz
 11641c4d1cf270e157e88684f4477c17f480f5b9 20799 chromium_114.0.5735.90-2~deb12u1_source.buildinfo
Checksums-Sha256:
 3bfdcf59a549c9bbe0284fc40f3ea37b23609f0990e74ddf2b42bab75807f9ef 3719 chromium_114.0.5735.90-2~deb12u1.dsc
 0d9f486511e906c4afc51c16260d85bc0a08fba1f9d46cab71dbded463c7ad91 636061904 chromium_114.0.5735.90.orig.tar.xz
 2d6720a874324607675f31e42d1cf70cf51b4240ae50094d2caf3321c88f8c5d 353756 chromium_114.0.5735.90-2~deb12u1.debian.tar.xz
 165462a194f943e0170b283bdff93cfa727fe945b963b15459149c9c612b27c5 20799 chromium_114.0.5735.90-2~deb12u1_source.buildinfo
Files:
 e764cc3ddfe4d8deaf4fa08e96f33f39 3719 web optional chromium_114.0.5735.90-2~deb12u1.dsc
 fe828327dbb42984b09df838177adf90 636061904 web optional chromium_114.0.5735.90.orig.tar.xz
 f91bb1fcba5cc85d5b0a53a52ec881fd 353756 web optional chromium_114.0.5735.90-2~deb12u1.debian.tar.xz
 86b732ae665258c2c4a947cbc479d199 20799 web optional chromium_114.0.5735.90-2~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmR5P8MUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjefqhAAp61JtcoB96JZ4gLBCx/VDyFibOnm
NQv+QogFfA4NPx/X5+tqodlihsbYISmkMXrGkq2lHbSYkf7NuiMsw/XnUTGIuhNg
2qBCZLzkKLbf5Lhij/+FPIkh8zZsuF91C+a1KP7roSx8b9UP2dhnmbHXFloprsQN
hEX/7q0QZ/6Y436LynGUmSUWj9c2RsDFk49aHUkjtFbHLMxPH5Ub4hq/cCmSsLLZ
K5cGs2CdJiS6aYup+PHdgtxo/PmzdJz09aWADFgPN5cyZEa0BaX1CBhQkqnootRG
k3+AblYzsOyCDwvfM0Bai53QM7/gaxCGxXCcIwkTE2vjo2TdG3LcVLGuxu3hgPhe
dRBPigeG+aC8Nh/Jzpikumt/5gUWFqp6IdJaDatDiMDkHPXHN6aHoet09o2kfdy7
RkkJ28a8ud3lwqlz0JEL1zaWuZMY9xmOV1p9etIfgUEXKdOBsArkPaGt7mNkmWnK
/opMpC6QhZqqY7t8GbtVXeRKNCyPU6SVwxDk7Sgx/AA8KUF/wuvnWcKmC//Qe9jF
lLA28IF05mNRFEg1KJj44a148lXJj8c+0R0cmFJP7BeYQhgPJ7jScNZGu6XlhUft
UL2VUbrn2XA6JNQL5aC52aThT0ze2TtE4YTyk1+wskqrkMMr1FNXdabSQdooPZak
Zsdt0E9HZmdYI7k=
=oSPm
-----END PGP SIGNATURE-----
News for package chromium
