-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2024 00:18:54 -0400 Source: chromium Architecture: source Version: 127.0.6533.99-1 Distribution: unstable Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 1033305 Changes: chromium (127.0.6533.99-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz. - CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security. - CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security. - CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564). . [ Timothy Pearson ] * d/patches/ppc64le: - core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion trap on ppc64el systems . [ Daniel Richard G. ] * Enable ThinLTO (slower linking, faster runtime) on archs that can support it (closes: #1033305). * Avoid some hard-coded Debian references to simplify package builds for other distributions, e.g. Ubuntu. * d/patches: - bookworm/constexpr.patch: Add no_destroy attributes to quash many "declaration requires an exit-time destructor" warnings. - fixes/highway-include-path.patch: New patch to fix highway.h path. . [ Grzegorz Szymaszek ] * Use https instead of http in initial_bookmarks.html. Checksums-Sha1: 2c05205bb95698795e0e7c0b37472b0f91dcb4ba 3770 chromium_127.0.6533.99-1.dsc 6ebd03993b83045f30a7ce8f6fc91f9b25ffec97 873165572 chromium_127.0.6533.99.orig.tar.xz f38ca23c570f03c218c299a353be75e0175fbd53 414940 chromium_127.0.6533.99-1.debian.tar.xz 016b255691925405ca4671d348df3bf2d2087594 22182 chromium_127.0.6533.99-1_source.buildinfo Checksums-Sha256: 23d4e34e240b2b83a71fe1c85c2ac55252392043dc5fd4b8942ae7b49cbb61e1 3770 chromium_127.0.6533.99-1.dsc ae38ba6e6d79fa371a2d52d96671cae478f3ac5c1a1d08748f7d8fe6095afa81 873165572 chromium_127.0.6533.99.orig.tar.xz be4034e2b57c97a8c70921015859f84b1a49bac846526d83020219da61b0a7f3 414940 chromium_127.0.6533.99-1.debian.tar.xz 1c5657b7bb98bdd3783dd3a3c73469a6f7857f065b78efe19bed51baf6c1869a 22182 chromium_127.0.6533.99-1_source.buildinfo Files: b956db80e3422622c124314f13ce1c51 3770 web optional chromium_127.0.6533.99-1.dsc d91f051b9e54c13f1c352be7da2d594e 873165572 web optional chromium_127.0.6533.99.orig.tar.xz 824b803e3580d1e50ed5082ee9a2ca22 414940 web optional chromium_127.0.6533.99-1.debian.tar.xz eaff7b1da2eab989c64631fbaa06bc61 22182 web optional chromium_127.0.6533.99-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmazly8UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcZ2w//Z3CNJpFYJUv5PW0lBd73JKzsHXz5 95zBEhJ8rA0hZGF3IyGGXNh/jx4YlV4C6+cOwzLCp6Hi2lbXuEFHJfWcRbhOHXSZ DpFHgCKCDmWendMiMQbt+N9YpsYvTxEtDf/DCMaAu79UWMzsSuwKGAckLe92H6II O2+l/h1u3NT/O1H66jfRSvBKroE9/UJpowom5q9YRdpggAh8E5D8F+3iuD1kyxrv YqdoczHktpPkd+m3ROhzwbavFGb8u8p5FAODvU5LcK8aHWiTwM/EoJklj+RVGSY2 CL1C4dIT7G5zRwXFm3JMrcH8GC8ReERsaROfQn+G1ztIeV7GHwsYefBtFZrzL6Zb UHtO7H+pcp7F1jq+ScVMvjsdL6Onyr8Dpp2Bpfd6XPUYFvSSVWdZur4JczWmAqAp vC0gPtb+TUhBkbk80cQ2KPWb9WmPkg4BiGpWaW2t1bbWEeXABP/2jOuIGBPtKCct 6JESJJhB2TYHeIKFS+JDMGQ5IBVyp6ZbAt34NBd/p0CHG1LIkYxrJptoE/9h/NhO uAo03aX13JMzt+R+k8kO/oBQYJweztf8xcyQnSA1+/YEkxMKBEL/zfSJoluM7tvs Mb/pOP0dVehrniBhT4XNdZ7Pf55W/FT9KKATGH4DthebGkugF2x2g6fPB+v1jzKJ fLrGDYScekTBP5M= =a7BM -----END PGP SIGNATURE-----
