-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 10 Sep 2024 21:56:02 -0400 Source: chromium Architecture: source Version: 128.0.6613.137-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (128.0.6613.137-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100). - CVE-2024-8637: Use after free in Media Router. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-8638: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-8639: Use after free in Autofill. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. . [ Timothy Pearson ] * d/patches/ppc64le: - core/add-ppc64-architecture-string.patch - fixes/fix-study-crash.patch . [ Daniel Richard G. ] * d/copyright: Add some more Files-Excluded: entries. * d/rules: Ensure all files in orig source tarball are user-writable. * d/patches/disable: - tests.patch: Break out SwiftShader tests deletion to... - tests-swiftshader.patch: ...a separate file, to simplify resolving conflicts with the ungoogled-chromium patch series. Checksums-Sha1: 6a49d062748a57e2b854fd3fd697e5b55af381fd 3806 chromium_128.0.6613.137-1~deb12u1.dsc 9aec51d0d91d7cdeceafec7238c395bb36e44adc 790404204 chromium_128.0.6613.137.orig.tar.xz bf2043432340e83418f8529caf219b198826d942 8489128 chromium_128.0.6613.137-1~deb12u1.debian.tar.xz f7d6d7913f710bcf753512b19519571b1de9964c 22059 chromium_128.0.6613.137-1~deb12u1_source.buildinfo Checksums-Sha256: 8fc94f95a69b4dcd46ffff52cdab7c24b985d51a3dc65a73f85c20c89e7c5815 3806 chromium_128.0.6613.137-1~deb12u1.dsc 006d4d68d919679913c619012a67f8e784217faccf26861e804345fc8c2b919b 790404204 chromium_128.0.6613.137.orig.tar.xz f854e16720c83a0a51127e46ca698bb729ac4905831bc8c37d1a207e13b6ffa1 8489128 chromium_128.0.6613.137-1~deb12u1.debian.tar.xz e6c4c09a5190ceb59cf25714a8372e68c9d1f4add92f1a195ade7813d2a2b503 22059 chromium_128.0.6613.137-1~deb12u1_source.buildinfo Files: 4352845afdb24014dcc8231ac83c7fec 3806 web optional chromium_128.0.6613.137-1~deb12u1.dsc 863ab68b92eab8b81ceab00c212bfe05 790404204 web optional chromium_128.0.6613.137.orig.tar.xz d197fa5b5b0e443b9d7e5388f8d3b4a9 8489128 web optional chromium_128.0.6613.137-1~deb12u1.debian.tar.xz bd3cd97377b4c284faf4950bfe99bcc2 22059 web optional chromium_128.0.6613.137-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbhUAAUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcnJBAAtNQWVZQGFfaW4eW/iU4v7GEdNBbs ferC790N+wn/quHwXOE4zcV1Tf2zJ6kYV3LOznpeCea/b2IoYxOhFzGVkInWALKK 6ltE2LPVMvXhqiO7MCUmCMmuce3scUtSaGIBMw2ZZhbES/qZI5mgkiqR7ZplkWoT ocZHMwcPZL/VLM1MvfQhLfRn0wogsZUTjAZhwWu61IVQxAi50YaVa2Xh91Y7CfHn Jr+/HSMrBWBqhDDYhMOhNZTUfbbADSvnfL/bnVL41lvAjEH95EF42nrPT01UOk2C dp9QMQXwFWIorsJxlr3EXLYwD+FoMr2FsHv52XJyffV0pQu5GgFsIL/W4Zb/zqVS F1nCclKFkJhtdLeoJeDp4ViMBaDclnbSAZbQfiVkZ3GJHHzlZtRKOgQICrZtUdcl JxxZfB7nMepMLfMdnalmMT1tKLcYU79iCc9bt6tUChsoMXZPfZ/lv05o6cXrgCqn cCzATEtl7HqQZXMZVrseDKVhZ0WD+Hc/tF5a/3sJL+WQH0ETiwD6xuKU+iK0k6Y1 ynM1R10Aem8TasHbVAKZimqs1n2eUC9qtlI7l63nCTr+oL7CcyamK4IXAMzSK+91 fQg3y2TEWRsFpl37S1BQkc/cPt8+Bm3c0x34+1C1243EoUCWpv6QhJzqQhR/KdV2 tsBnibVo4DpklbY= =QrVS -----END PGP SIGNATURE-----