-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Apr 2024 17:53:52 -0400 Source: chromium Architecture: source Version: 124.0.6367.118-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (124.0.6367.118-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz. * Build-dep on libhwy-dev and delete the bundled third_party/highway. * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng. * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d. * d/patches: - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch, ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch, ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch, fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed for bundled libdav1d. - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch, ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop these two patches that were needed for bundled highway. - upstream/ozone1.patch: drop, merged upstream. - upstream/ozone2.patch: drop, merged upstream. - fixes/bad-font-gc2.patch: refresh. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent breakage of i386 build Checksums-Sha1: 54548370c9a562ee41876a470bd13a18348b97db 3772 chromium_124.0.6367.118-1~deb12u1.dsc bf147e70185544f73a8bb796737b46b51d733613 838274004 chromium_124.0.6367.118.orig.tar.xz 978cc3d0877edf2e5d0a417407659e9a6062efec 415048 chromium_124.0.6367.118-1~deb12u1.debian.tar.xz bfc756b38e56b6851cf6e0f24cb0c4249945688e 21788 chromium_124.0.6367.118-1~deb12u1_source.buildinfo Checksums-Sha256: 281edb8d1ff4b55cc165d0bd49afaa400304fbe35038268f73634f9a667f3dec 3772 chromium_124.0.6367.118-1~deb12u1.dsc 818218960c0d362c8f95b6b56d868d1313cf18786276996856b598a63683ef33 838274004 chromium_124.0.6367.118.orig.tar.xz 8ba36eeb38d04d7b4be9a92a1f6a0877723f2f17be433049af7e6b2ff08bfdbe 415048 chromium_124.0.6367.118-1~deb12u1.debian.tar.xz 8b8d1c059d32dc2d52047f2ba0c9e42b1bbb4a2a442b324f20f35b53eba90b9f 21788 chromium_124.0.6367.118-1~deb12u1_source.buildinfo Files: dce3f12fc8802af8d4ca339e8407ff2c 3772 web optional chromium_124.0.6367.118-1~deb12u1.dsc f462cf405fa0b58c828b31e1da944114 838274004 web optional chromium_124.0.6367.118.orig.tar.xz 80e68d34b8e00e0a47a1fa7898de5b70 415048 web optional chromium_124.0.6367.118-1~deb12u1.debian.tar.xz cb4f467cecb7fc9aaf4959432d77c1d2 21788 web optional chromium_124.0.6367.118-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYyYlwUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdHEA/+ONs4NIBkmXynd/gbL4vYg/rivWIq Qw3GkKtGF8wwWwyVFQUfoJOqB4FMsr2DSfEqhPMIL9O7PyoslN1W1Nd6rmf8zM0P xGQnEZHd1qpt53S/McOZa5EUiY7noCc+XYX32+PVTa8XDrUoddOKtXrtQD6LXe1R f1+8XukXpEBj9bi3kIo2/LItmAQpWqDNCSdu0FJ9BV9BVhH4Fyn8Xsi9IHDX9nl7 hNVEEufbnS5QaoCvOcJJdA8xvSXkPcYIAMH5KZDOoKwGOTbKcDE/X27WEMZU4XBf XW4/1f324BVGPirDzBzth955QECG8KLM5Tq/Yw/BI99yRGh1y4S+hrjnmUFwo89S dYlfXW2nIL7GHE1GXsUb3uINGaOph5uDzY+Y8c+lTITxcrZ7LuKlVKy2lmUr1qxu D5Zk5MqYe98Dr7cHSEiV6lXalEI4tsXBSQqqcM4dO/yCauVDRUcFcsS0EooTZAUG lmJf+pMaJV8UHsi/bXZ/FJS5mR2LKDOrtbW+YjIfeeRJS8FptoRaiYpJaqotVCuX fAdVr13gYyAYjIYE81i7HjgDb7U+r9aFokdmr4kiRXQc8czhOowTrzMXFLvdbt+H n3s79S0/e4CzRo9LrMVRNa0pdaw4rjjR4em1HPmRJpBICQWDAb2QMdol/xsr157I MxjqlGERIHRXz6g= =ZFSd -----END PGP SIGNATURE-----
Attachment:
pgp7wOhkDtVgm.pgp
Description: PGP signature