Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted chromium 119.0.6045.105-1~deb11u1 (source) into oldstable-security
Date: Fri, 03 Nov 2023 15:44:13 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 31 Oct 2023 23:50:00 -0500
Source: chromium
Architecture: source
Version: 119.0.6045.105-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (119.0.6045.105-1~deb11u1) bullseye-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5480: Inappropriate implementation in Payments.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy.
     - CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy.
     - CVE-2023-5850: Incorrect security UI in Downloads.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-5851: Inappropriate implementation in Downloads.
       Reported by Shaheen Fazim.
     - CVE-2023-5852: Use after free in Printing. Reported by [pwn2car].
     - CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh.
     - CVE-2023-5854: Use after free in Profiles. Reported by
       Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.
     - CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang.
     - CVE-2023-5856: Use after free in Side Panel.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-5857: Inappropriate implementation in Downloads.
       Reported by Will Dormann.
     - CVE-2023-5858: Inappropriate implementation in WebApp Provider.
       Reported by Axel Chong.
     - CVE-2023-5859: Incorrect security UI in Picture In Picture.
       Reported by Junsung Lee
   * d/patches:
     - patches/bullseye/constexpr.patch: Add MiracleParameter workaround
   * d/patches/ppc64le:
     - Mass refresh all patches against 119 codebase.  No functional change.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/gcc13-headers.patch: drop parts that have been merged upstream.
     - fixes/perfetto.patch: drop part that was merged upstream.
     - upstream/sensor-reading.patch: drop, merged upstream.
     - upstream/lweight.patch: drop, merged upstream.
     - upstream/freetype.patch: drop, merged upstream.
     - upstream/sizet.patch: drop, merged upstream.
     - disable/catapult.patch: drop an unused hunk.
     - disable/widevine-cdm-cu.patch: refresh.
     - disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium,
       and use the full ungoogled patch. The privacy sandbox config interface
       is now gone, with no way to enable it.
     - ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch:
       sync up with with ungoogled-chromium, and rename.
     - fixes/blink-frags.patch: additional build fix for libstdc++13.
     - fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16.
     - fixes/atspi.patch: fix build failure with atspi >= 2.50.
     - bullseye/av1-vaapi2.patch: revert another upstream vaapi patch due to
       bullseye's old libva.
   * d/rules: set enable_nocompile_tests_new=false to make older gn happy.
Checksums-Sha1:
 900c87ec7c1ea16aa8c0b155ddf0846df7d4c886 3769 chromium_119.0.6045.105-1~deb11u1.dsc
 04a39db0924e73bea3c59eb92049e57e60bc12f9 784608532 chromium_119.0.6045.105.orig.tar.xz
 380b2e9a1efbb322b646448e3579460c5a517137 1487532 chromium_119.0.6045.105-1~deb11u1.debian.tar.xz
 48775be1efc7b57623a2770e614ad4422bf31af9 22903 chromium_119.0.6045.105-1~deb11u1_source.buildinfo
Checksums-Sha256:
 feabb71b145a47afcde8c69cafa357bd5623f8797343f40615907afca0c729a1 3769 chromium_119.0.6045.105-1~deb11u1.dsc
 003634027060057f135a75d71821ba85a796b1528567ca1b8e9caa83b95bf518 784608532 chromium_119.0.6045.105.orig.tar.xz
 c5849920a4d5ee930aac73a8ad1b423be4a50240ab0c1b860d682decc20ebd4d 1487532 chromium_119.0.6045.105-1~deb11u1.debian.tar.xz
 2a5f7dc9c5cf34ede0f943a74c99dbd32dee64d93c2f809e637d6a466606bbc1 22903 chromium_119.0.6045.105-1~deb11u1_source.buildinfo
Files:
 6d65b16e0d88defa17a1a6dd35ba696d 3769 web optional chromium_119.0.6045.105-1~deb11u1.dsc
 f8ad84d246dd3eaaef98f0eff4f12f8b 784608532 web optional chromium_119.0.6045.105.orig.tar.xz
 8b92996f2e2f939655fe40d6a672105b 1487532 web optional chromium_119.0.6045.105-1~deb11u1.debian.tar.xz
 e87813a29b13672fcb286ac62868c1cc 22903 web optional chromium_119.0.6045.105-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVEHqIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcyqRAAowA2yzEF5/wtfcTp35OhlwAkXnaM
KFYGZNm33g+yjoRAD2gt16YkLqpQKInBJckulTAg3Fpj9CBQ85G1NvLDEAaFSDG9
+akAiStglEgthg3zT2EBiJOipt+qtSYVS/ywjwVK/CPzFcAi2tky1Wa0R/cGOXWA
3Gm3MFBD2/ouYyWPwum0b8meArCIvztovy/aC6MWENYXDzL5F0wf/x6omlO2G5Rk
hrEiGLEkGUFKejVWrQnLYXlJT9JrcFqlSVnuTfyfEuxO10A4/M8vFkrS0mRC85zh
jSLOUdbE0zmcmQ8V06joGEyt+IDu+d3Yi+fw74IZ2GLXPAbPxV+xAq6MtR+M3lAu
7d98HtD0ToTKU8kCBUiamIMvZ8tM4HCZjHsxxM2DuKvi/Zyf3wM08MnGDd5+qqXt
oOwxZJMz2SWuASB6zMLzAhRjn33bjUfNqEWRPmQX4HJ1leWEmvzOUDEdBmEhLJhc
pErSij+uQ0ynMXVczJDpwTPp7f3MvI4n2V2djVmKNqBAT8M/At7LYBf5a0YfiMPn
CZ0rOAcvXzFiaxtmOZs2Yuohg1tBFYezy63FwMOpnOmI4g01SBaXGC0nk82EshJJ
sQ4zYX071FayigSxU61MtLGIRZyBVA0QJAYwZ3Ddr5FzdCHDOklwqU2sUFK9H4b7
F/TVFOIwBYfi9fg=
=9y+3
-----END PGP SIGNATURE-----
News for package chromium
