-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Dec 2023 15:00:36 -0500 Source: chromium Architecture: source Version: 120.0.6099.71-1 Distribution: unstable Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (120.0.6099.71-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani. - CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car]. - CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip. * d/copyright: adjust path for chai.js & mocha.js deletion. - delete third_party/libsecret. * d/control: new build depends on libsecret-1-dev. * d/scripts/unbundle: keep bundled libhwy; it's not available in bullseye. - also keep vulkan_memory_allocator and flatbuffers. * d/patches: - fixes/gcc13-headers.patch: refresh. - fixes/blink-frags.patch: drop part of patch & refresh. - disable/catapult.patch: refresh. - disable/driver-chrome-path.patch: update for minor upstream changes. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - ungoogled/disable-web-environment-integrity.patch: update from from ungoogled-chromium. - upstream/mojo.patch: update patch from upstream's git. - bookworm/clang16.patch: new patch working around upstream's clang18 flags. - upstream/nullptr_t.patch: more libstdc++13 build fixes. - upstream/string-include.patch: add a simple header include build fix. - fixes/absl-optional.patch: add a workaround for a clang bug (https://github.com/llvm/llvm-project/issues/50248) by providing our own 'optional' header. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-libdav1d.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - third_party/skia-vsx-instructions.patch: refresh for upstream changes - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream changes - Mass refresh all other patches against 120 codebase. No functional change. Checksums-Sha1: cbc472e1ae2d77fc5f054dc54c5455fa41c00ec0 3699 chromium_120.0.6099.71-1.dsc c3144a7d6cad23975cf06fa4d64da6a4dd913000 792499468 chromium_120.0.6099.71.orig.tar.xz 93287ee5f66591e67827b19cf865a65fe364764e 368516 chromium_120.0.6099.71-1.debian.tar.xz 4a2a04512c0e3d554989e7266121a505a7ac3db0 21196 chromium_120.0.6099.71-1_source.buildinfo Checksums-Sha256: 0b51d45f2d9fefaf682195b5db3ca67dc7094544171e26e7ff7c6581ef8f056e 3699 chromium_120.0.6099.71-1.dsc c5fe64346783113cb2f62c3e99ab33552c891609297f2791fda32ee440423d44 792499468 chromium_120.0.6099.71.orig.tar.xz 76d10f0f8f01d31a41c8774090aa5bf26f682547634b89b6f3c7e2f3212e00a2 368516 chromium_120.0.6099.71-1.debian.tar.xz f4df36f041af91f50393cdc312bf2321757bd0e1ed9507360e08b773913f3063 21196 chromium_120.0.6099.71-1_source.buildinfo Files: 412a19b0809fce97fb245371326d8b59 3699 web optional chromium_120.0.6099.71-1.dsc fca7891decb6f31586eeba635845226a 792499468 web optional chromium_120.0.6099.71.orig.tar.xz 57921144c443a210d7dddbb0ed4d536d 368516 web optional chromium_120.0.6099.71-1.debian.tar.xz 2a7008306c7f1f374246d034dbab25d7 21196 web optional chromium_120.0.6099.71-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVyJj0UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjehcQ//Uqri1o8Y6h7Fm3gytAr1m4L7BRKu g2wTF5lbjFVelA/bVRtg8n42kIVKbQgofjls4dYKTlo9Mr0/mF5scP2GUUkmtjYb nE8Bl/+VVJ58Hx+EXBbH0/UCd5raOOvHKtilcUQp5lYY7B94f3W1kMQH1boq+F+n SywbMeLraw0fcQxF65jJ627tDTv+mmsXBpU+57Mey/Q3cshbM9nojxY625a7H1wh ztShXHsssL9EMXvR91ZEmHPU/2vCnVSs1K9HyjHYCwxJLgQzuJFGs+3zV5nHSOaw uzvpGmyQSXSeGI6I8/1Zmj9xSLBI3dvus4HqtV9CJcpZbsrHtmtpyonUqYMMGTM5 AepUESe5X5j4zwpzSFdDKESn+SvvlWk6IICA4939F+qzYkcZXu+Ti6JJ+2t4Wv8N A1o+7F3k/uyao9mJ5lt9wfpUyFpdTpMgJ7f9j+LvDC8vWXFu1ISRey/L8SiCwmWY p1hiYxf4bJM6lCLAegVOw6kve5jTk6Hyj+eAc5O1KGiTdp5KNnnOEy4+LM9L6eqc IE1kOf+uUODqKGEM52dNLudALsC4WZUmO6Sm3cV9uHr9l5uOg81QbptDv7/QmEsP VEDDRXm378VLcdc6OXspEVu9IderBAjhaVayAWs+Re92X+I91U18oI3T6QI0vg4O 4AZ6DJMiO1wPIZg= =neKK -----END PGP SIGNATURE-----