Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 126.0.6478.56-1 (source) into unstable
Date: Fri, 14 Jun 2024 05:46:35 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Jun 2024 21:31:56 -0400
Source: chromium
Architecture: source
Version: 126.0.6478.56-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (126.0.6478.56-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
Checksums-Sha1:
 e01392e76d23f531b476e1c50303adadf0ad1f22 3759 chromium_126.0.6478.56-1.dsc
 e4867275d055f2cb7d3790d9e31ad72a33c86274 962541116 chromium_126.0.6478.56.orig.tar.xz
 25e22b0905a5a9cd8bb22f7c01789dc143a2ce64 429788 chromium_126.0.6478.56-1.debian.tar.xz
 51ad85d50f3d7432f5f04385762c0925f5536ae1 22112 chromium_126.0.6478.56-1_source.buildinfo
Checksums-Sha256:
 6aee6b368ae805dfed16138fd2c437fd274fc9b3075bc9c7175737bf5e579b61 3759 chromium_126.0.6478.56-1.dsc
 8d914f722284ee25400b9ea501d377a6b630d2c9a1cb00c83feea9a487d87777 962541116 chromium_126.0.6478.56.orig.tar.xz
 c27f79a4cabfea6445eae27aa8184d3e5a357edaa457e128b80757c4cb2fd4fa 429788 chromium_126.0.6478.56-1.debian.tar.xz
 23df452f9a63292ce20e41815bc49e785cf04308b23768cee9d2feef59cf78f4 22112 chromium_126.0.6478.56-1_source.buildinfo
Files:
 01cb76c234970158d8e3eae82b0722d5 3759 web optional chromium_126.0.6478.56-1.dsc
 cf298e36c87cf391def94420201703e6 962541116 web optional chromium_126.0.6478.56.orig.tar.xz
 503e5f2da3f9954d4f3e51071bcddead 429788 web optional chromium_126.0.6478.56-1.debian.tar.xz
 da955e3a889b3c6fa98d1266d808ecd1 22112 web optional chromium_126.0.6478.56-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZryR0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcynA//Z6g8b5V01XM5ZbAIy884bNRv5nts
CVXKwQwqXctDp+oLbUNqNRRy5/oH0SSEnpQQuYCoxPAXYkcEEs6yMkY+odBpmA6W
t3hBjT7QvVXJ8/qqboHcYG0NyqIwFCK8axK2zLYT1XLgbRjNqXl8dk1ldEvgJTjD
Q2yJ6ngdLLyDKxNmwtTlF2YrCWzrEKqOFNd134piw2qhZvW/ChNdAljv4F453KhZ
xHUcgBwpyHHQb3DLy237dwX2TrJKsnyLl2NBn3/Mjb/75BSL88TIwVtyt/JQ7ZVS
Nvkqfb/VHmz3kmlUrsHz+DWWcA7WM4JMYMZIZtMrfiOB6MhWsFNRSVX11WWSJnKm
cUmG5EOVvURP1jLI4V25/SRCwrJ+dIEWM5O6pVt1S3/boyl9CrCTEnaNW0L1BLeG
7NhXWjyK+WZcg7lWGuZQrjbOm0WLHGz1APb9zD51TxE0CMOtS+tM+vmOTXCgN2m6
crQD8Xem9BWHlsyMBWAJknq89xT+Pmtj3jfHr1pa+eec7i/FH1oOx5fA1G2AI5g3
eZnPAl2x1hYuwQFJGaJ4grYu/Sl+6aKBvpXzg3gHK8iq/eaL1MK1lk8YKZ3T9ffl
SA6hzGlvmnVWgeaCasi2sZS0aqdRxUZsk2qg0URphJeYKqxfUF9mjWgadiP02YPh
lO3qBc4nAc0R6KI=
=O/LE
-----END PGP SIGNATURE-----
News for package chromium
