Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 128.0.6613.84-1~deb12u1 (source) into proposed-updates
Date: Sun, 25 Aug 2024 08:32:31 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 22 Aug 2024 14:06:28 -0400
Source: chromium
Architecture: source
Version: 128.0.6613.84-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (128.0.6613.84-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-7964: Use after free in Passwords. Reported by Anonymous.
     - CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog.
     - CVE-2024-7966: Out of bounds memory access in Skia.
       Reported by Renan Rios (@HyHy100).
     - CVE-2024-7967: Heap buffer overflow in Fonts.
       Reported by Tashita Software Security.
     - CVE-2024-7968: Use after free in Autofill.
       Reported by Han Zheng (HexHive).
     - CVE-2024-7969: Type Confusion in V8.
       Reported by CFF of Topsec Alpha Team.
     - CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat
       Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC).
     - CVE-2024-7972: Inappropriate implementation in V8.
       Reported by Simon Gerst (intrigus-lgtm).
     - CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax.
     - CVE-2024-7974: Insufficient data validation in V8 API.
       Reported by bowu(@gocrashed).
     - CVE-2024-7975: Inappropriate implementation in Permissions.
       Reported by Thomas Orlita.
     - CVE-2024-7976: Inappropriate implementation in FedCM.
       Reported by Alesandro Ortiz.
     - CVE-2024-7977: Insufficient data validation in Installer.
       Reported by Kim Dong-uk (@justlikebono).
     - CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
       Reported by NDevTK.
     - CVE-2024-7979: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7980: Insufficient data validation in Installer.
       Reported by VulnNoob.
     - CVE-2024-7981: Inappropriate implementation in Views.
       Reported by Thomas Orlita.
     - CVE-2024-8033: Inappropriate implementation in WebApp Installs.
       Reported by Lijo A.T.
     - CVE-2024-8034: Inappropriate implementation in Custom Tabs.
       Reported by Bharat (mrnoob).
     - CVE-2024-8035: Inappropriate implementation in Extensions.
       Reported by Microsoft.
   * d/copyright: delete third_party/siso/ which contains binaries.
   * d/rules: set safe_browsing_use_unrar=false to disable unrar.
   * d/patches:
     - fixes/blink-frags.patch: drop, merged upstream.
     - fixes/stats-collector.patch: drop, upstream deleted broken code.
     - fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream.
     - upstream/armhf-ftbfs.patch: drop, merged upstream.
     - upstream/containers-header.patch: drop, merged upstream.
     - upstream/crabbyav1f.patch: drop, merged upstream.
     - upstream/lock-impl.patch: drop, merged upstream.
     - upstream/paint-layer-header.patch: drop, merged upstream.
     - disable/unrar.patch: drop, merged upstream w/ build arg.
     - bookworm/nvt.patch: drop, no longer needed.
     - fixes/ps-print.patch: refresh.
     - system/openjpeg.patch: refresh.
     - bookworm/clang16.patch: refresh & remove another unsupported option.
     - bookworm/constexpr.patch: refresh & add more fixes.
     - bookworm/lex-3way.patch: pull in another STL function from clang-17.
     - bookworm/blink-attrib.patch: add build fix to reorder __attribute__.
     - fixes/highway-include-path.patch: upstream fixed the original issue
       in a broken way, making this worse. Add more to this patch to work
       around that.
     - bookworm/bubble-contents.patch: refresh.
     - bookworm/crabbyav1f.patch: refresh.
     - bookworm/gn-absl.patch: refresh.
 .
   [ Daniel Richard G. ]
   * d/rules: Parameterize Rust sysroot to simplify using a different one.
   * d/patches:
     - bookworm/highway-blink.patch: Avoid armhf/arm64 FTBFS by disabling
       Blink feature that requires newer libhwy-dev version.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/dawn-fix-typos.patch: Refresh for upstream changes
     - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
       Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable
       musttail on ppc64el platforms
 .
 chromium (127.0.6533.119-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
   * d/patches/upstream/armhf-ftbfs.patch: armhf FTBFS fix from upstream.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - ppc64le/crashpad/0002-Include-cstddef-to-fix-build.patch: Drop, as
       the original FTBFS that this fixed is no longer reproducible.
   * d/rules: Add to ppc64el CXXFLAGS to quash copious AltiVec warnings.
Checksums-Sha1:
 e8f751f5f5f05be5b14cf3cf08d8de786002cda8 3789 chromium_128.0.6613.84-1~deb12u1.dsc
 486e5db00ef5b4172968180c825c7e2ad4e8e364 906389068 chromium_128.0.6613.84.orig.tar.xz
 d38b29c288d98328836c16e4be4761d7999df222 8490040 chromium_128.0.6613.84-1~deb12u1.debian.tar.xz
 faa1b8470a806cfc92699f76a050c9c8f92ae149 22054 chromium_128.0.6613.84-1~deb12u1_source.buildinfo
Checksums-Sha256:
 41805ac829dd47486aae81aa220abee3c1823b1ccfbb6736377ec90866b1832d 3789 chromium_128.0.6613.84-1~deb12u1.dsc
 247d056eb23920a261e3be2f1df48cb715e3e3438591b450f1204b12a22e349a 906389068 chromium_128.0.6613.84.orig.tar.xz
 98f7a05bd5eceaeda114071c89b2c35af986d36d6d1314d4bb2cb1e47386410c 8490040 chromium_128.0.6613.84-1~deb12u1.debian.tar.xz
 98b532aa98466ef083d6ba4d2d33a8f2c41635575830462ea3b13a5d24f82a68 22054 chromium_128.0.6613.84-1~deb12u1_source.buildinfo
Files:
 f728fe13294c44d18e17203a4942050f 3789 web optional chromium_128.0.6613.84-1~deb12u1.dsc
 92bdb7804fd2baef329ad84275fd8333 906389068 web optional chromium_128.0.6613.84.orig.tar.xz
 f6f9ab8885fea0c5df0874d43bf13895 8490040 web optional chromium_128.0.6613.84-1~deb12u1.debian.tar.xz
 e7e8cf9e4c60f8427d5110b0203f4e4d 22054 web optional chromium_128.0.6613.84-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbH44cUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcZAw//UvHldQZ4fAKnv6KUsEMIcdao56CD
lr0BfzXSsyAHfyK6kI9tZUHOOL01KUz9qPTD8dpDQKkt9fIGoGkTRJP4z2uMDWGt
Q94+FgbVQEEhe2U0fKDkD6ILDg46WAWPtfZOwwufDZi9Nuq3vmcLcN++fZZkREhH
W99Lo/PMDwtVyWQwES192lp5DVP50e/GkUcKpnKj7vif6aZJDu7cgia8hNkeQbXR
Lz7Prgs3gmxo2Dg+2DXANyf3c5z9fVt0L29/88wn5D0DWD0Aij0vvUD3aFNRbwYG
BNHKPl3I5NbswiLKuoD+8cZYDT/hL1zQ8jpPOO/Un3sx+uELCxvxEk4r7ydDTE7P
XLfLtOFrl9S/c5Q/m98UvvIkXWtVa2s5ivkQXMAZIBNAnYujWnZZQwjxnFtfb0co
+8jxw8A/GapMqh4nVmlRMGM1XGWUeo3HcZfwUrn/Xv7UrcZE9H4r7gPsGHFVc/mq
qA0hrBhbkZgylBpqqlOdditZJUWriJ/nilcXDTPvtJTTXG8Izoda7gdlQ17yDEB7
WZKsDr7PP3yL1g6TqiqR29am1aNuZjSYttfEr24ccAORxbOTuSK5Zcuzzqer5D3J
+y+74jfne749eCuAPKiE07yZsy11rp1HP+wu0cUWAJw5ShTzpiSHeygbbjO11kL9
mKCGqh9fdP9j9CE=
=6Ryv
-----END PGP SIGNATURE-----
News for package chromium
