Accepted chromium 119.0.6045.105-1~deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted chromium 119.0.6045.105-1~deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 05 Nov 2023 17:47:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: chromium_119.0.6045.105-1~deb12u1_source.changes
- Debian-source: chromium
- Debian-suite: proposed-updates
- Debian-version: 119.0.6045.105-1~deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=N7D09ZXNZ+HKG+Cs9eXaNQ3jGLRa3lm9MnOpSPxuwMg=; b=QNP3ecvU3OEtFEvHe7kkcP8Kh5 mqzsceaha/35ST3rNgmsxl7CGSfKEhbzk2C+c58Co65aTSk3ebBQ0av+rwRJVaT/irgI1JKgEGccs kR1l+6ql6w3ZZ34AtbRt4JOBuv3k6rSZ1HGEY0cpe18MKk+hMwZegXOTdA/xh5dh8tyhb+5yuP14D HTHSfdyWNoSIO6Hhw/pE2bvvJFhvnZdOzhbIKiy8D4GbhQzO2TRjF08N/qMMwTeCxo3gLwNLv3GAH miedhsfYQJh7SbynHbctmy0jazTHeNbQiif7kuLpm7X3Mf41GWRg/ep5XHN41aGY9MV2vUpkzFKJb bsgyE5ZQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzhDT-007PmG-5z@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 31 Oct 2023 23:50:00 -0500
Source: chromium
Architecture: source
Version: 119.0.6045.105-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
chromium (119.0.6045.105-1~deb12u1) bookworm-security; urgency=high
.
* New upstream stable release.
- CVE-2023-5480: Inappropriate implementation in Payments.
Reported by Vsevolod Kokorin (Slonser) of Solidlab.
- CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy.
- CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy.
- CVE-2023-5850: Incorrect security UI in Downloads.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-5851: Inappropriate implementation in Downloads.
Reported by Shaheen Fazim.
- CVE-2023-5852: Use after free in Printing. Reported by [pwn2car].
- CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh.
- CVE-2023-5854: Use after free in Profiles. Reported by
Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.
- CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang.
- CVE-2023-5856: Use after free in Side Panel.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-5857: Inappropriate implementation in Downloads.
Reported by Will Dormann.
- CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Reported by Axel Chong.
- CVE-2023-5859: Incorrect security UI in Picture In Picture.
Reported by Junsung Lee
* d/patches:
- patches/bullseye/constexpr.patch: Add MiracleParameter workaround
* d/patches/ppc64le:
- Mass refresh all patches against 119 codebase. No functional change.
.
[ Andres Salomon ]
* d/patches:
- fixes/gcc13-headers.patch: drop parts that have been merged upstream.
- fixes/perfetto.patch: drop part that was merged upstream.
- upstream/sensor-reading.patch: drop, merged upstream.
- upstream/lweight.patch: drop, merged upstream.
- upstream/freetype.patch: drop, merged upstream.
- upstream/sizet.patch: drop, merged upstream.
- disable/catapult.patch: drop an unused hunk.
- disable/widevine-cdm-cu.patch: refresh.
- disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium,
and use the full ungoogled patch. The privacy sandbox config interface
is now gone, with no way to enable it.
- ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch:
sync up with with ungoogled-chromium, and rename.
- fixes/blink-frags.patch: additional build fix for libstdc++13.
- fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16.
- fixes/atspi.patch: fix build failure with atspi >= 2.50.
Checksums-Sha1:
11a1d198aca563120cbd68068975356c9d4dc97e 3727 chromium_119.0.6045.105-1~deb12u1.dsc
04a39db0924e73bea3c59eb92049e57e60bc12f9 784608532 chromium_119.0.6045.105.orig.tar.xz
31faf907f2377fe3b7009bc799a808f36a486b9b 359172 chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
78213d7838b597deb8add669b93a20e36204beca 21372 chromium_119.0.6045.105-1~deb12u1_source.buildinfo
Checksums-Sha256:
fbb98c83e4bbdeb49a51864a662c91a1a5effc261f90de25e9c1865bb9b8a420 3727 chromium_119.0.6045.105-1~deb12u1.dsc
003634027060057f135a75d71821ba85a796b1528567ca1b8e9caa83b95bf518 784608532 chromium_119.0.6045.105.orig.tar.xz
1929d90fc48159fe09ed579ae8c5ef67429e924a8abe6caea2e00c4f858a510c 359172 chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
18524c8ac7a4b1067ec8188e3b84af774473cd8908d0908f8ca5e687c9900c58 21372 chromium_119.0.6045.105-1~deb12u1_source.buildinfo
Files:
4677392386b0ebd898c0d63c0e935380 3727 web optional chromium_119.0.6045.105-1~deb12u1.dsc
f8ad84d246dd3eaaef98f0eff4f12f8b 784608532 web optional chromium_119.0.6045.105.orig.tar.xz
8e6a32e79af2362a2c9064a1ed07c27f 359172 web optional chromium_119.0.6045.105-1~deb12u1.debian.tar.xz
45b4b747b0d35b67562b8148f1c53145 21372 web optional chromium_119.0.6045.105-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVDRyoUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjeb1xAAnLhcewOe+27fa1PhBiracw8tZM5p
F9Bg2e1TfkVYSoPN+1AH+ZvcQtnGIsoqM3A4VNReLwS08wokqgBLIiyFFkzwjBpI
Z/bAJ54cjI4C6AzZQ1CvDX+b9xac1pdgFbeyhBC/wnE3DoR2+FzHt1BNO/YLYXUK
7/1uKSf4Whv8rzQK0W6lxKy2RKgcTrbnZJzMc3kFH18a25XwO20MJqlY0miONPui
o2to6i2CBeQAfh27qIZp0KN5UpRUfAeGpMsyfXuTWhpgZY5u1nB8BhAeePRa0d3l
UQkp4XTFJ261Zj4LjOvsaXh458sPEs7Q/ISCECV6McBkZJR7GVpqy7fGU0yKb8Gi
5udoUhvaXmfxBeajQr2/QJCHI2aFP8x0Tu8VeXozC25EBeYfeJnhAAkhEzi00/4v
3mNMW1QRr3Tp2K9lM1B+vuprmVTCaxRH1DXHC3ja76CuDYPA527QMFyCVrzhtw7I
bH2+C4I4LOVlA9vbyFO8NA18ZxZuJNlGrXiM0upQC+ZOm6oVT01Xnsmt9xtJYSwg
Rd0SgZVx8J1WwBSKpxL+vt0Pimg6CYDE9pz6MugSb/fykt9S7YDg/Qit8x2voGml
dAlL7f85FW++hn+kM2dgbimx39/pcaALULaqvoRWI/tv6iM13lpYuvjhAnZWfN5h
bYt81YtpYU644U8=
=AEgT
-----END PGP SIGNATURE-----