Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 130.0.6723.58-1 (source) into unstable
Date: Sat, 19 Oct 2024 06:39:14 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 19 Oct 2024 01:12:11 -0400
Source: chromium
Architecture: source
Version: 130.0.6723.58-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (130.0.6723.58-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
     - CVE-2024-9955: Use after free in Web Authentication.
       Reported by anonymous.
     - CVE-2024-9956: Inappropriate implementation in Web Authentication.
       Reported by mastersplinter.
     - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
       fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-9958: Inappropriate implementation in PictureInPicture.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
     - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9961: Use after free in Parcel Tracking. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
       Legendsec at QI-ANXIN Group.
     - CVE-2024-9962: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
     - CVE-2024-9963: Insufficient data validation in Downloads.
       Reported by Anonymous.
     - CVE-2024-9964: Inappropriate implementation in Payments.
       Reported by Hafiizh.
     - CVE-2024-9965: Insufficient data validation in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-9966: Inappropriate implementation in Navigations.
       Reported by Harry Chen.
   * d/copyright: rollup -> @rollup  deletion.
   * d/patches:
     - debianization/sandbox.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - disable/catapult.patch: refresh.
     - system/zlib.patch: drop. Upstream removed courgette, and its
       replacement (zucchini) doesn't appear to use zlib.
     - system/rollup.patch: update path due to upstream renaming; call
       ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
     - system/event.patch: drop half of patch due to upstream deletions.
     - upstream/mojo-null.patch: merged into mojo.patch.
     - upstream/mojo.patch: update based on 130 test files.
 .
   [ Daniel Richard G. ]
   * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
     they are no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
       platforms
     - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
       when starting Chromium from within a VNC session
   * d/patches/ppc64le:
     - core/add-ppc64-pthread-stack-size.patch: Define correct pthread
       stack size on ppc64 systems
     - core/cargo-add-ppc64.diff
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
       .patch: Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
Checksums-Sha1:
 6457b5b619fd1a1373f9e93a1554dc0d486c51ec 3773 chromium_130.0.6723.58-1.dsc
 459f8f8697616c7d28eacb85e21a91d7804b9c9a 814710360 chromium_130.0.6723.58.orig.tar.xz
 2984842c05375b88a561da8e8846ad83519148f9 416820 chromium_130.0.6723.58-1.debian.tar.xz
 fcfc890ec15bf41055245783a98bac12293f8294 22910 chromium_130.0.6723.58-1_source.buildinfo
Checksums-Sha256:
 c3fef4e6d23e24b04eb3d0771ec2ef25c023b179f439a61f0d9513cf37c1c3d8 3773 chromium_130.0.6723.58-1.dsc
 7e2d6b1769bb8116e1fa6cdb5221a9b1296183723be014627ffd6762245bdd96 814710360 chromium_130.0.6723.58.orig.tar.xz
 460ff8cdc010b1607a957beaabc65d711e7d6327857c66172ba918ba635b25cc 416820 chromium_130.0.6723.58-1.debian.tar.xz
 36415ad1be1a8c86e6b7d0b86ba276b08149405bd06ad9907a5c42a660bdd146 22910 chromium_130.0.6723.58-1_source.buildinfo
Files:
 99fb3e74ad81349b06c7057f33bfc39b 3773 web optional chromium_130.0.6723.58-1.dsc
 0674b973214cb49e0865d56e68f9e239 814710360 web optional chromium_130.0.6723.58.orig.tar.xz
 d36a617a654bbf1a9a323eeb4596be23 416820 web optional chromium_130.0.6723.58-1.debian.tar.xz
 e26582b1b70647451b02fd1ad71d5e64 22910 web optional chromium_130.0.6723.58-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcTRr0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcyRBAAwAh4ULu79UfUe1wfpdc4fsH5Pnlf
1JbZ+0JfTzie94dqv5zhJiz+pxfCgaTS6GyZzDnSiXK2vJ81jc7i1w1THvxWo9Kl
CWTf+4R9i0JkJpsSQMClEvE9mhiOgZp+tSgP4CHW8EGJGp87vvhlSvZ5PBzOn3kA
9JDZrop69McD1qJ5Z3vyvQAhWauETBDAUI83ju8k87BoPlTxpoySAdIkg/zJlH/J
h32mZ/WES1IO8Sq7h6mV1ZMx0RBRHX+AAHetmKnKJ3enFeKnmc1gRgRHPypqVNsC
oDahZVw/1f/ui5ct4NWn/sP0b892sDDWPKrcAhsC9UhSxmrUBUoeusa9OMvMtGZA
xUZ86MIUbMRTLRkaQkUdwpLgAr8mePqoS3lgrUyeeUrnycUsfUzT6OdJKkjzq4nW
+DswNz2+/jrsgy72wpM+V51Z0CirT0/fsonW2pV/nMyxtvRFcfAdXakhfu8DeH1e
5C4UjACREwoPpNDZSJZOCm8X/qcKmJKrYeziOhEYZDlumYXaukoyyEl4PQqtJS+6
cC53YFe+F+DVv5igvXdw5otSRwXr1BJCdy9koV+oyISu3e1Mr/jDfTQHATXlKUvC
ebIgeAk4mOdEQv3vOKQyJWoHCWz+WVfnqyDBUXbm7tHtoLGn1JU0UMFCiRpLC0qp
iJFR4eWfkx+02Ww=
=ul0d
-----END PGP SIGNATURE-----
News for package chromium
