Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted chromium 124.0.6367.118-1~deb12u1 (source) into stable-security
Date: Thu, 02 May 2024 06:28:15 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 30 Apr 2024 17:53:52 -0400
Source: chromium
Architecture: source
Version: 124.0.6367.118-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (124.0.6367.118-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2024-4331: Use after free in Picture In Picture.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz.
   * Build-dep on libhwy-dev and delete the bundled third_party/highway.
   * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng.
   * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d.
   * d/patches:
     - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch,
       ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch,
       ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch,
       fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed
       for bundled libdav1d.
     - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch,
       ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop
       these two patches that were needed for bundled highway.
     - upstream/ozone1.patch: drop, merged upstream.
     - upstream/ozone2.patch: drop, merged upstream.
     - fixes/bad-font-gc2.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent
       breakage of i386 build
Checksums-Sha1:
 54548370c9a562ee41876a470bd13a18348b97db 3772 chromium_124.0.6367.118-1~deb12u1.dsc
 bf147e70185544f73a8bb796737b46b51d733613 838274004 chromium_124.0.6367.118.orig.tar.xz
 978cc3d0877edf2e5d0a417407659e9a6062efec 415048 chromium_124.0.6367.118-1~deb12u1.debian.tar.xz
 bfc756b38e56b6851cf6e0f24cb0c4249945688e 21788 chromium_124.0.6367.118-1~deb12u1_source.buildinfo
Checksums-Sha256:
 281edb8d1ff4b55cc165d0bd49afaa400304fbe35038268f73634f9a667f3dec 3772 chromium_124.0.6367.118-1~deb12u1.dsc
 818218960c0d362c8f95b6b56d868d1313cf18786276996856b598a63683ef33 838274004 chromium_124.0.6367.118.orig.tar.xz
 8ba36eeb38d04d7b4be9a92a1f6a0877723f2f17be433049af7e6b2ff08bfdbe 415048 chromium_124.0.6367.118-1~deb12u1.debian.tar.xz
 8b8d1c059d32dc2d52047f2ba0c9e42b1bbb4a2a442b324f20f35b53eba90b9f 21788 chromium_124.0.6367.118-1~deb12u1_source.buildinfo
Files:
 dce3f12fc8802af8d4ca339e8407ff2c 3772 web optional chromium_124.0.6367.118-1~deb12u1.dsc
 f462cf405fa0b58c828b31e1da944114 838274004 web optional chromium_124.0.6367.118.orig.tar.xz
 80e68d34b8e00e0a47a1fa7898de5b70 415048 web optional chromium_124.0.6367.118-1~deb12u1.debian.tar.xz
 cb4f467cecb7fc9aaf4959432d77c1d2 21788 web optional chromium_124.0.6367.118-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYyYlwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdHEA/+ONs4NIBkmXynd/gbL4vYg/rivWIq
Qw3GkKtGF8wwWwyVFQUfoJOqB4FMsr2DSfEqhPMIL9O7PyoslN1W1Nd6rmf8zM0P
xGQnEZHd1qpt53S/McOZa5EUiY7noCc+XYX32+PVTa8XDrUoddOKtXrtQD6LXe1R
f1+8XukXpEBj9bi3kIo2/LItmAQpWqDNCSdu0FJ9BV9BVhH4Fyn8Xsi9IHDX9nl7
hNVEEufbnS5QaoCvOcJJdA8xvSXkPcYIAMH5KZDOoKwGOTbKcDE/X27WEMZU4XBf
XW4/1f324BVGPirDzBzth955QECG8KLM5Tq/Yw/BI99yRGh1y4S+hrjnmUFwo89S
dYlfXW2nIL7GHE1GXsUb3uINGaOph5uDzY+Y8c+lTITxcrZ7LuKlVKy2lmUr1qxu
D5Zk5MqYe98Dr7cHSEiV6lXalEI4tsXBSQqqcM4dO/yCauVDRUcFcsS0EooTZAUG
lmJf+pMaJV8UHsi/bXZ/FJS5mR2LKDOrtbW+YjIfeeRJS8FptoRaiYpJaqotVCuX
fAdVr13gYyAYjIYE81i7HjgDb7U+r9aFokdmr4kiRXQc8czhOowTrzMXFLvdbt+H
n3s79S0/e4CzRo9LrMVRNa0pdaw4rjjR4em1HPmRJpBICQWDAb2QMdol/xsr157I
MxjqlGERIHRXz6g=
=ZFSd
-----END PGP SIGNATURE-----
News for package chromium
