-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Sep 2023 22:26:10 -0400 Source: chromium Architecture: source Version: 117.0.5938.62-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team Changed-By: Andres Salomon Closes: 1042111 Changes: chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon] * New upstream stable release. - CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya. - CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali. - CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong. - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry. - CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks. - CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh. - CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry. - CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) . - CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong. - CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong. * d/copyright: drop rust, llvm, siso, & cargo binaries. * d/patches: - fixes/size.patch: drop, merged upstream. - fixes/variant.patch: drop, merged upstream. - fixes/vector.patch: drop, merged upstream. - upstream/contains.patch: drop, merged upstream. - upstream/hvec.patch: drop, merged upstream. - upstream/limits.patch: drop, merged upstream. - upstream/statelessV4L2.patch: drop, merged upstream. - fixes/widevine-locations.patch: refresh for minor upstream changes. - disable/android.patch: drop half the patch. - disable/catapult.patch: refresh for minor upstream changes. - disable/tests.patch: refresh for minor upstream changes. - disable/unrar.patch: refresh for minor upstream changes. - fixes/material-utils.patch: build fix for clang w/ libstdc++. - rename fixes/null.patch to fixes/perfetto.patch. - upstream/memory.patch: build fix for missing header. - bookworm/struct-ctor.patch: add a bunch more build workarounds for clang-14. - bookworm/stringpiece3.patch: another clang-14 StringPiece to std::string explicit conversion. - bookworm/typename.patch: add more explicit typename declarations for clang-14. - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding scope workarounds. - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a const member inside a struct. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are off by default. - bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn. * Switch to using bundled brotli, as the version in debian is too old. And so we can drop d/patches/bookworm/brotli.patch, too. . [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - 0002-third-party-boringssl-add-generated-files.patch: refresh for upstream changes - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop * d/patches/ungoogled: - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable "Web Environment Integrity" trial and remove from build (closes: #1042111) Checksums-Sha1: c7357089169d708faf24aca71e0520720a79f67b 3700 chromium_117.0.5938.62-1~deb12u1.dsc 698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 chromium_117.0.5938.62.orig.tar.xz 40e0c1ddf89760d1c8804512033c9d59ed8905c9 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz 44e117863808ea9aea9e65811bd0643572df5c45 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo Checksums-Sha256: ec4b24e0ce10cce25b267320987a3714b4ca1081691d68c85c3a465c6ab44c51 3700 chromium_117.0.5938.62-1~deb12u1.dsc f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 chromium_117.0.5938.62.orig.tar.xz d231683c70ae406612fff71f882adb6ac94450e2e4836e39dc9263f8b4a59127 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz 275fb9daad189eebcc09ebf686d874a0870af008f3754c43c62ed56c2de88045 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo Files: 1b55d8820a152310d9b75ba7015526f6 3700 web optional chromium_117.0.5938.62-1~deb12u1.dsc e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional chromium_117.0.5938.62.orig.tar.xz c575a5304f7c17ff9b6bcda3164a9639 385420 web optional chromium_117.0.5938.62-1~deb12u1.debian.tar.xz b87c0a4d87e12e665dd1f598851abb7a 21171 web optional chromium_117.0.5938.62-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUDFTUUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjepixAApgaavUlt7GpJ4pSoYPmOTEcXBkNK q73blR10FsnBSOZQkKO5zUyFbrclg2twYf8ytdp+YL44Y62X8c7VNVeHnWdQPWqy vdv6ylae8yqZQWyzZ69lVOj9FsdVjaqfrqMD++eLLDlPxDbsMyNwH7/2vjLngwiE UfODzvysIY6XJhEEUWbpuw3X9hHHnA7d/pHLS04vGzactM5JT6KJFYsE7j2cFBwH 2/+Z9dn+ABYTIcqWq6s0NZUvbQIgiPtDNP7cgtBDaKTdkctSD0cMWEsxm/Ax0iJi TD4PK4X7e02xVwKB2t3802PxPMmmsxWHmp+VBeCjqkAVnh2HevnBzKJBqJzNCCZA 54nkQRq2ZQ3w8GvSk2lVFQQxJCCbeT4xoOVV1gSEIDN18WqBuiV8zZzTd1Bzdgcg KcGG1E9I65KrLB3kbrHUDOWJXmEaSVaFPEJ/FzceKk/gUHsaQ6PswzuN3E4Xr/0z 9T3pjko601hUHlXd97UL/GfS+8iWiUzM1f8nmft9FjhS3OXmQzXlTGNjvM88oDcg EJlBhE7sjbz8cW2JsLT+8wQamDP4Wf9B/BekrnLDFCp8zg9+We+On0+S258UmU2/ g90IC6VfC//e4fUBPLqdykWpgscl3bLO42IdvIUdKQldhsXpv0laBaVUnpF9wAsG ne9G7OyWCa0otrQ= =Yfkn -----END PGP SIGNATURE-----