-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 Dec 2023 12:31:48 -0500 Source: chromium Architecture: source Version: 120.0.6099.71-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (120.0.6099.71-1~deb11u1) bullseye-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani. - CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car]. - CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip. * d/copyright: adjust path for chai.js & mocha.js deletion. - delete third_party/libsecret. * d/control: new build depends on libsecret-1-dev. * d/scripts/unbundle: keep bundled libhwy; it's not available in bullseye. - also keep vulkan_memory_allocator and flatbuffers. * d/patches: - fixes/gcc13-headers.patch: refresh. - fixes/blink-frags.patch: drop part of patch & refresh. - disable/catapult.patch: refresh. - disable/driver-chrome-path.patch: update for minor upstream changes. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - ungoogled/disable-web-environment-integrity.patch: update from from ungoogled-chromium. - upstream/mojo.patch: update patch from upstream's git. - bookworm/clang16.patch: new patch working around upstream's clang18 flags. - upstream/nullptr_t.patch: more libstdc++13 build fixes. - upstream/string-include.patch: add a simple header include build fix. - fixes/absl-optional.patch: add a workaround for a clang bug (https://github.com/llvm/llvm-project/issues/50248) by providing our own 'optional' header. - bookworm/constcountrycode.patch: add workaround for older libstdc++. - bullseye/constexpr.patch: drop due to upstream changes. - bullseye/downgrade-typescript.patch: refresh. - bullseye/devtools-ts-return.patch: add build fix needed for older typescript. - bullseye/pathmax.patch: another simple missing header build fix. - bullseye/framesensorconst.patch: constexpr -> const workaround. - bullseye/node-trustedtypes.patch: add a bunch more workarounds for our older node-typescript. * d/rules: grab typescript from third_party/devtools (which is downgraded from 5.1 to 5.0 via downgrade-typescript.patch) to overwrite third_party/node/node_modules/typescript (which was upgraded to 5.2). * d/NEWS: document the end of security support for bullseye. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-libdav1d.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - third_party/skia-vsx-instructions.patch: refresh for upstream changes - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream changes - Mass refresh all other patches against 120 codebase. No functional change. Checksums-Sha1: 7241967126fdb8fbe4299d342311ce23e4a0fbee 3773 chromium_120.0.6099.71-1~deb11u1.dsc c3144a7d6cad23975cf06fa4d64da6a4dd913000 792499468 chromium_120.0.6099.71.orig.tar.xz 28c42953f2bea799b787827b966d020bb1e1ecca 1501128 chromium_120.0.6099.71-1~deb11u1.debian.tar.xz 09eef61f968b9a597567adb5fe3042fa6c34e0d2 22991 chromium_120.0.6099.71-1~deb11u1_source.buildinfo Checksums-Sha256: ffcbbd633c1063ed3205ee3edcfdfb96d4f1980da27ecc6636f65da78320cb6c 3773 chromium_120.0.6099.71-1~deb11u1.dsc c5fe64346783113cb2f62c3e99ab33552c891609297f2791fda32ee440423d44 792499468 chromium_120.0.6099.71.orig.tar.xz 64712764b29af75ae33df0a0da941c52bd85e3b04c8d1cfb75c24725158711fc 1501128 chromium_120.0.6099.71-1~deb11u1.debian.tar.xz 33080b5f42a871fa7465209bd84e4eae418ea272a557836fa809ea360d92d1b5 22991 chromium_120.0.6099.71-1~deb11u1_source.buildinfo Files: b466b561742da4045552bb6c8fdeb8cb 3773 web optional chromium_120.0.6099.71-1~deb11u1.dsc fca7891decb6f31586eeba635845226a 792499468 web optional chromium_120.0.6099.71.orig.tar.xz 0b438a626c8108cff70db28f41a27035 1501128 web optional chromium_120.0.6099.71-1~deb11u1.debian.tar.xz aa921f80a08f23ab06fa5c7b425c03c0 22991 web optional chromium_120.0.6099.71-1~deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmV0yOcUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjciPxAAwknc8dS351/gyxjXWGqikUBRXoUI bIhZgTj7O2bsi+HCiZnUoUgUWtMg9QSez+2XpzLVOGQDYjivikPxQUCPXuNWot08 ghAsSwOVKnMQ6lNbMmLfWxb4O1BXKgffyx1jJPizg8+SQ+SCPG282AwA9WJiNe0Y M6CFpW/yxgLkUIKw+M2HXLDlhOHyhIo1JCJOPU3B27RZ9FWWCD3u+f2LqTzSQe/G 0LIfkiTO2HhtMEzCTOgbjidyhi0wQ1lf3PPR9zOR6pX1LV4joBZ6k7Orhl4fBvhN YjWQKqitbSrIsnb53AnP3R0ZA6l6RoGT47e/Bqx499h/IbIUnIetxrhM0c/V9Xwb CRpjJIcq3lWoy18TAZlHfszxSz6Mco+fP0mQT4qcraSGYfmA31YIW4qzHWXgxr9R vnO16mV9BMeTqaWTyg9fd2ODWDoXu2IP6FjdiVKcM+baQf1elCNbkk1EwYArzLbm +caNrY64yuTQUgne4xSn0Wt/gajocml0Sx+6soHxXQnYd22QRM4+6WQZZXv4iCSV Xymbo+wuDj+AYhto3XSyAVciJdtlc+Pw84uGxt99k/m+irq++8A8LVm42e+7nvhS CMnJLi2ThtSwPTwN8AECw/kez0CearAZiIWixlOEOne1BYqXze4QAfTHoSiQF0DO +BThLVG1nByhdYM= =pcqX -----END PGP SIGNATURE-----