-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 10 Oct 2023 22:03:00 -0500 Source: chromium Architecture: source Version: 118.0.5993.70-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Timothy Pearson <tpearson@raptorengineering.com> Changes: chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家. - CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous. - CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita. - CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong. - CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong. - CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip. - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun. - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car]. - CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong. - CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs. - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh. - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy. * d/patches/ppc64le: - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh - ffmpeg/0001-Add-support-for-ppc64.patch: refresh - fixes/fix-breakpad-compile.patch: refresh - fixes/fix-unknown-warning-option-messages.diff: refresh - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch: refresh - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: refresh - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch: refresh - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch: refresh - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh - third_party/dawn-fix-ppc64le-detection.patch: refresh - third_party/dawn-fix-typos.patch: refresh - third_party/skia-vsx-instructions.patch: refresh - third_party/use-sysconf-page-size-on-ppc64.patch: refresh - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh . [ Andres Salomon] * d/copyright: - blanket.js is gone, no need to remove it any more. - delete some khronos images marked executable. * d/patches: - upstream/memory.patch: drop, merged upstream. - upstream/sensor-reading.patch: add, gcc13 build fix from upstream. - upstream/lweight.patch: add, gcc13 build fix from upstream. - upstream/freetype.patch: add, fix freetype header inclusion FTBFS. - upstream/sizet.patch: add, libstdc++ build fix from upstream. - disable/unrar.patch: update for minor upstream changes. - bookworm/struct-ctor.patch: add various new workarounds for clang-14. - bookworm/structured-binding-scope-bug.patch: drop part of the patch. - bullseye/constexpr.patch: drop bullseye patch from bookworm. - ungoogled/.../disable-web-environment-integrity.patch: sync with ungoogled-chromium for upstream changes. - bookworm/i386-lock-free.patch: refresh. Checksums-Sha1: 946f133752437b1e7a555d1b4c585b9d2ccfd92d 3700 chromium_118.0.5993.70-1~deb12u1.dsc 2b52e9be225cc92e7782bb2a7d5887f2f065505b 771394968 chromium_118.0.5993.70.orig.tar.xz 2085978940b5129234447ac4f0a02a0d94f3aaa6 390380 chromium_118.0.5993.70-1~deb12u1.debian.tar.xz 3d51a33840e0fab4ab083a7a51745ece6c5129ff 21283 chromium_118.0.5993.70-1~deb12u1_source.buildinfo Checksums-Sha256: d16a1e50ef948e7d8d6ce5eff97584b4bf7d7003763881f4ebd0883b6f18ebfa 3700 chromium_118.0.5993.70-1~deb12u1.dsc ab19fddba67cad603f09d4017ae8f7573a1e480c604ff9677923592828c8b74e 771394968 chromium_118.0.5993.70.orig.tar.xz c169c8cebc22e8089a84a1a06be53cb8b52aae445a94834a36db4818f21f8894 390380 chromium_118.0.5993.70-1~deb12u1.debian.tar.xz 4caa8f18f0baf74163e1888625f45b3d1857fc5a922e99c548ca4739069e62a0 21283 chromium_118.0.5993.70-1~deb12u1_source.buildinfo Files: 0d9ecda21bfa3eccf0ab01f0c7eed151 3700 web optional chromium_118.0.5993.70-1~deb12u1.dsc 4ae6869c929cac4f8d20df0173ccee30 771394968 web optional chromium_118.0.5993.70.orig.tar.xz d53806d479fbb56c7f6dbe395498ef71 390380 web optional chromium_118.0.5993.70-1~deb12u1.debian.tar.xz 88afc62373e5d59883bcaf1eb012a853 21283 web optional chromium_118.0.5993.70-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUm3HIUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8Nudjfn3w//cD1hwjT/7Xk3FCkeOkqFS+K3LORW klQKtOQOXoVjJZCJpiPl8gR4tS2p48yK6JKTFZFylKqcdtm47A0QzuK2aw569l3D v7ZIDlgaKmOS66T7T/9s0xPzZu0HK0KHnNuC/zZ2T+BvJMw5ROBPQ5woG145D/YT YZgi7QaCGmTOzEeSQo7zupq3Ewgnt9mXWBD2OZLIgWvYFOOp+lKyGFtKKEibwusP 9JqQi82A+zsvqEmFmfLPx9XGoIHBpNY/kFqE8zP0XDIAgnaquCfCulUwcZ06ES8L Ln4oLCdGle1vC6jQL48qgPyNu7SJ5A+8lSKxwZFnZ9XukIHZVtpk9Zt7VdajSIKr H0sMVGVCqGRRc7SBJUZ9v2ILY5nVxC5F9b1+IZfd7SkQ9GJJ7mpYeqzm7UkTBcW5 Q3sgXM8LwgjE2JTXXArKiQxYBUf1b94Syygd0tBAZTyGKbWhROGiOId3KiQctN5g dbXIUfKTLB9RQGoeYl+V4YW1XtoZ880ERrnQYxbhR4kPh8j2oaVn3wNt7oUsvXIP LEMJRA5bwBUEomtcekbFLop/Om/ctWT6gECn+2aBQ2k1MPq4nWUCo9WqT76DvoQw ZYfZQitnWd5f/9DB4ssqnxL+vCF7EPOwNXLuiFcflI5IBhMoYYDLBhA/LAPygM7g xpLR7obfUIVA1tY= =zcww -----END PGP SIGNATURE-----