Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 116.0.5845.96-2 (source) into unstable
Date: Wed, 16 Aug 2023 09:52:17 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 16 Aug 2023 04:48:02 -0400
Source: chromium
Architecture: source
Version: 116.0.5845.96-2
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (116.0.5845.96-2) unstable; urgency=high
 .
   * d/patches/upstream/limits.patch: Add a build fix for arm64.
   * The follow CVEs were fixed in the prior release and I forgot them.
     - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L..
     - CVE-2023-4349: Use after free in Device Trust Connectors.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4350: Inappropriate implementation in Fullscreen.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2023-4351: Use after free in Network.
       Reported by Guang and Weipeng Jiang of VRI.
     - CVE-2023-4352: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4353: Heap buffer overflow in ANGLE.
       Reported by Christoph Diehl / Microsoft Vulnerability Research.
     - CVE-2023-4354: Heap buffer overflow in Skia.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-4355: Out of bounds memory access in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-4356: Use after free in Audio.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2023-4357: Insufficient validation of untrusted input in XML.
       Reported by Igor Sak-Sakovskii.
     - CVE-2023-4358: Use after free in DNS.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-4359: Inappropriate implementation in App Launcher.
       Reported by @retsew0x01.
     - CVE-2023-4360: Inappropriate implementation in Color.
       Reported by Axel Chong.
     - CVE-2023-4361: Inappropriate implementation in Autofill.
       Reported by Thomas Orlita.
     - CVE-2023-4362: Heap buffer overflow in Mojom IDL.
       Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab.
     - CVE-2023-4363: Inappropriate implementation in WebShare.
       Reported by Alesandro Ortiz.
     - CVE-2023-4364: Inappropriate implementation in Permission Prompts.
       Reported by Jasper Rebane.
     - CVE-2023-4365: Inappropriate implementation in Fullscreen.
       Reported by Hafiizh.
     - CVE-2023-4366: Use after free in Extensions. Reported by asnine.
     - CVE-2023-4367: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-4368: Insufficient policy enforcement in Extensions API.
       Reported by Axel Chong.
Checksums-Sha1:
 3af81068e46d7eead8b21bdce7b01ba5d7f2af53 3711 chromium_116.0.5845.96-2.dsc
 ec557a467703435e0fe8cc594af3d5fe0f43c2be 382652 chromium_116.0.5845.96-2.debian.tar.xz
 4410b2a68c6c677de9c893219764c7facb729e57 21176 chromium_116.0.5845.96-2_source.buildinfo
Checksums-Sha256:
 f27228ef5a1194037721a8f489c510c023d6ac7baee16c2c2b91447a3cdd29a9 3711 chromium_116.0.5845.96-2.dsc
 c044f8bb89b7a231c2efe0d7a066e4282c835fbd2b5bdf56e3fab4c892f2bba8 382652 chromium_116.0.5845.96-2.debian.tar.xz
 ba026d5ed3ea433ba7076812465916838c0cc2c8922c50dfa405bf5900b6dccf 21176 chromium_116.0.5845.96-2_source.buildinfo
Files:
 e8367f2989247bcd15f0b31660646c87 3711 web optional chromium_116.0.5845.96-2.dsc
 6e4fff2e6124ea41b447abfaba38b65b 382652 web optional chromium_116.0.5845.96-2.debian.tar.xz
 31f71a864d4e40fbb33e3d0f55b0e9ad 21176 web optional chromium_116.0.5845.96-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmTckdUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcouQ//VxoWsRfj4caftsohIKQftO8/cNDY
eTDX6nzi0lnBs+4WYrtm64ojvw6E3JSVehQ2TCxywVG8MO+rPw/avQlAfpGk7xnE
n90d7Q+iGFmUBxqnVqmjsIV1j0NycluXTmDHgSAzEh5rwiNBsDhSFbcSUNXqMydN
y0CDcvQX8CkNiwlteoV00CllTkmHh9m5oEUTCN0aUTTphBe4yk6+m9HWlu8UJT/j
FZXXobV8w1u6J+wF0+Fq8T+nVen26XEvnhRoULi+NHWOl5u3kTtlsqr4o8JYry9L
gHf4HiH4XXOV81CI/ptkLycrXBPrZoJ4AFUaP73YLaQXNeKWw1V1EUzKR1DTT2gw
YHi8BkklPVDnL4lIYocEK4Case+7VGFcBKbXF5SvO/h/6I9zzYNqKBaiObzz36PI
Z8hwvcmZv6V1/yPMeMprd7hdBLTIawxjXRGPfQOdITHXTP3/aW70HldYb+nP8DFj
c3cGkuUZ22JOS9Y9wk9fpX88YDBOOlew7wCVEway3qNlL3z3VCaG60DftDZFil7r
215JOrTCMJtZSVKpvM8jIue+gfiBrApXB7LP/FqOs2tBjaq+rneTkALx9rdbqKdp
izAaaAccz9pZuKjXcc42uYnSYB/zq0SlOS/eV9dEwCfStxg2tew7OULQJ9a9eFcA
Kn3B9pYyeBb4xwU=
=FoHX
-----END PGP SIGNATURE-----
News for package chromium
