Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 119.0.6045.105-1~deb12u1 (source) into proposed-updates
Date: Sun, 05 Nov 2023 17:47:19 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 31 Oct 2023 23:50:00 -0500
Source: chromium
Architecture: source
Version: 119.0.6045.105-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (119.0.6045.105-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5480: Inappropriate implementation in Payments.
       Reported by Vsevolod Kokorin (Slonser) of Solidlab.
     - CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy.
     - CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy.
     - CVE-2023-5850: Incorrect security UI in Downloads.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-5851: Inappropriate implementation in Downloads.
       Reported by Shaheen Fazim.
     - CVE-2023-5852: Use after free in Printing. Reported by [pwn2car].
     - CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh.
     - CVE-2023-5854: Use after free in Profiles. Reported by
       Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.
     - CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang.
     - CVE-2023-5856: Use after free in Side Panel.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2023-5857: Inappropriate implementation in Downloads.
       Reported by Will Dormann.
     - CVE-2023-5858: Inappropriate implementation in WebApp Provider.
       Reported by Axel Chong.
     - CVE-2023-5859: Incorrect security UI in Picture In Picture.
       Reported by Junsung Lee
   * d/patches:
     - patches/bullseye/constexpr.patch: Add MiracleParameter workaround
   * d/patches/ppc64le:
     - Mass refresh all patches against 119 codebase.  No functional change.
 .
   [ Andres Salomon ]
   * d/patches:
     - fixes/gcc13-headers.patch: drop parts that have been merged upstream.
     - fixes/perfetto.patch: drop part that was merged upstream.
     - upstream/sensor-reading.patch: drop, merged upstream.
     - upstream/lweight.patch: drop, merged upstream.
     - upstream/freetype.patch: drop, merged upstream.
     - upstream/sizet.patch: drop, merged upstream.
     - disable/catapult.patch: drop an unused hunk.
     - disable/widevine-cdm-cu.patch: refresh.
     - disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium,
       and use the full ungoogled patch. The privacy sandbox config interface
       is now gone, with no way to enable it.
     - ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch:
       sync up with with ungoogled-chromium, and rename.
     - fixes/blink-frags.patch: additional build fix for libstdc++13.
     - fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16.
     - fixes/atspi.patch: fix build failure with atspi >= 2.50.
Checksums-Sha1:
 11a1d198aca563120cbd68068975356c9d4dc97e 3727 chromium_119.0.6045.105-1~deb12u1.dsc
 04a39db0924e73bea3c59eb92049e57e60bc12f9 784608532 chromium_119.0.6045.105.orig.tar.xz
 31faf907f2377fe3b7009bc799a808f36a486b9b 359172 chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
 78213d7838b597deb8add669b93a20e36204beca 21372 chromium_119.0.6045.105-1~deb12u1_source.buildinfo
Checksums-Sha256:
 fbb98c83e4bbdeb49a51864a662c91a1a5effc261f90de25e9c1865bb9b8a420 3727 chromium_119.0.6045.105-1~deb12u1.dsc
 003634027060057f135a75d71821ba85a796b1528567ca1b8e9caa83b95bf518 784608532 chromium_119.0.6045.105.orig.tar.xz
 1929d90fc48159fe09ed579ae8c5ef67429e924a8abe6caea2e00c4f858a510c 359172 chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
 18524c8ac7a4b1067ec8188e3b84af774473cd8908d0908f8ca5e687c9900c58 21372 chromium_119.0.6045.105-1~deb12u1_source.buildinfo
Files:
 4677392386b0ebd898c0d63c0e935380 3727 web optional chromium_119.0.6045.105-1~deb12u1.dsc
 f8ad84d246dd3eaaef98f0eff4f12f8b 784608532 web optional chromium_119.0.6045.105.orig.tar.xz
 8e6a32e79af2362a2c9064a1ed07c27f 359172 web optional chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
 45b4b747b0d35b67562b8148f1c53145 21372 web optional chromium_119.0.6045.105-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVDRyoUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjeb1xAAnLhcewOe+27fa1PhBiracw8tZM5p
F9Bg2e1TfkVYSoPN+1AH+ZvcQtnGIsoqM3A4VNReLwS08wokqgBLIiyFFkzwjBpI
Z/bAJ54cjI4C6AzZQ1CvDX+b9xac1pdgFbeyhBC/wnE3DoR2+FzHt1BNO/YLYXUK
7/1uKSf4Whv8rzQK0W6lxKy2RKgcTrbnZJzMc3kFH18a25XwO20MJqlY0miONPui
o2to6i2CBeQAfh27qIZp0KN5UpRUfAeGpMsyfXuTWhpgZY5u1nB8BhAeePRa0d3l
UQkp4XTFJ261Zj4LjOvsaXh458sPEs7Q/ISCECV6McBkZJR7GVpqy7fGU0yKb8Gi
5udoUhvaXmfxBeajQr2/QJCHI2aFP8x0Tu8VeXozC25EBeYfeJnhAAkhEzi00/4v
3mNMW1QRr3Tp2K9lM1B+vuprmVTCaxRH1DXHC3ja76CuDYPA527QMFyCVrzhtw7I
bH2+C4I4LOVlA9vbyFO8NA18ZxZuJNlGrXiM0upQC+ZOm6oVT01Xnsmt9xtJYSwg
Rd0SgZVx8J1WwBSKpxL+vt0Pimg6CYDE9pz6MugSb/fykt9S7YDg/Qit8x2voGml
dAlL7f85FW++hn+kM2dgbimx39/pcaALULaqvoRWI/tv6iM13lpYuvjhAnZWfN5h
bYt81YtpYU644U8=
=AEgT
-----END PGP SIGNATURE-----
News for package chromium
