-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Oct 2023 22:03:00 -0500
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 118.0.5993.70-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5218: Use after free in Site Isolation.
       Reported by @18楼梦想改造家.
     - CVE-2023-5487: Inappropriate implementation in Fullscreen.
       Reported by Anonymous.
     - CVE-2023-5484: Inappropriate implementation in Navigation.
       Reported by Thomas Orlita.
     - CVE-2023-5475: Inappropriate implementation in DevTools.
       Reported by Axel Chong.
     - CVE-2023-5483: Inappropriate implementation in Intents.
       Reported by Axel Chong.
     - CVE-2023-5481: Inappropriate implementation in Downloads.
       Reported by Om Apip.
     - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun.
     - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car].
     - CVE-2023-5479: Inappropriate implementation in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-5485: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5478: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5477: Inappropriate implementation in Installer.
       Reported by Bahaa Naamneh of Crosspoint Labs.
     - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh.
     - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy.
   * d/patches/ppc64le:
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       regenerate configs from upstream source
     - database/0001-Properly-detect-little-endian-PPC64-systems.patch:
       refresh
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh
     - fixes/fix-breakpad-compile.patch: refresh
     - fixes/fix-unknown-warning-option-messages.diff: refresh
     - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh
     - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch:
       refresh
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch:
       refresh
     - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch:
       refresh
     - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh
     - third_party/dawn-fix-ppc64le-detection.patch: refresh
     - third_party/dawn-fix-typos.patch: refresh
     - third_party/skia-vsx-instructions.patch: refresh
     - third_party/use-sysconf-page-size-on-ppc64.patch: refresh
     - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
 .
   [ Andres Salomon]
   * d/copyright:
     - blanket.js is gone, no need to remove it any more.
     - delete some khronos images marked executable.
   * d/patches:
     - upstream/memory.patch: drop, merged upstream.
     - upstream/sensor-reading.patch: add, gcc13 build fix from upstream.
     - upstream/lweight.patch: add, gcc13 build fix from upstream.
     - upstream/freetype.patch: add, fix freetype header inclusion FTBFS.
     - upstream/sizet.patch: add, libstdc++ build fix from upstream.
     - disable/unrar.patch: update for minor upstream changes.
     - bookworm/struct-ctor.patch: add various new workarounds for clang-14.
     - bookworm/structured-binding-scope-bug.patch: drop part of the patch.
     - bullseye/constexpr.patch: drop bullseye patch from bookworm.
     - ungoogled/.../disable-web-environment-integrity.patch: sync with
       ungoogled-chromium for upstream changes.
     - bookworm/i386-lock-free.patch: refresh.
Checksums-Sha1:
 0bdc4eec97ed6e9f618b0a97ef42b82cd677ffae 1240500 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 ff3fcf0996e2dc0e8b93a88f52d85eeb832508d9 4885560 chromium-common_118.0.5993.70-1~deb12u1_armhf.deb
 eae08100333602cc2f4f684237edcbbe4cde3435 30655140 chromium-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 6437346a95b8fc72f3f7e38698f372092a073528 5487348 chromium-driver_118.0.5993.70-1~deb12u1_armhf.deb
 d094f1153a6a9362a7c2f41c4de0d46e1a0c6024 11428 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 9bde4160537ffa46d3f3e7fe23b5793a6c93d763 82684 chromium-sandbox_118.0.5993.70-1~deb12u1_armhf.deb
 72e5d9484db6686b234cf821683ec2609636ef03 24808616 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 bfc4a6ed81c0dcb529cd136eb4ee1cc856371985 45847980 chromium-shell_118.0.5993.70-1~deb12u1_armhf.deb
 7ffd93a20f1b5c035cf61c3c44ba34c6ae54212e 24082 chromium_118.0.5993.70-1~deb12u1_armhf-buildd.buildinfo
 c0ec3c5691b0461c0d0ea8914259d0d3e7745fee 65933572 chromium_118.0.5993.70-1~deb12u1_armhf.deb
Checksums-Sha256:
 6ab3d8944cbeb9ce2195a6d11d09df5752d9c7e1469121c424bab76621f377e4 1240500 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 9667d92e83a06b430c2aa454f1f0d26ce7a8be3b425dc56d253a6b19e4038ef7 4885560 chromium-common_118.0.5993.70-1~deb12u1_armhf.deb
 aee6187377f8c8e005ac17ee7257e401c54bf29d2b8b0bc0b247db42e0915c36 30655140 chromium-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 78112b58b1bb0ce756564ca89643cf0fbbe896213fe373e21eb68d3cf9f8946e 5487348 chromium-driver_118.0.5993.70-1~deb12u1_armhf.deb
 1882d14806382e65947dbb85d3c46f89d9fc22ec39f762df5b8ebe1fc76d8a22 11428 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 4545521f7f4d1a3a2edf827f0c966991e3d05132957a30ca43afa18f8d2fae01 82684 chromium-sandbox_118.0.5993.70-1~deb12u1_armhf.deb
 612dd44f10438bb3a198baaf16851866b546a86a4a5f669d16ad438409726728 24808616 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 803113f9f02f6e9e45ea16c00393d177d2b404be1d0662a07a7f9c6f40a6ad6f 45847980 chromium-shell_118.0.5993.70-1~deb12u1_armhf.deb
 b52908f67d7ace80cd0abb7534c2d4d3608b50fbc038d2ce55aa2053c2bb7cea 24082 chromium_118.0.5993.70-1~deb12u1_armhf-buildd.buildinfo
 c72812cd8aa0a0f268d621a9967edaea1a165d0aee2731bf83755c5f3e6da2ab 65933572 chromium_118.0.5993.70-1~deb12u1_armhf.deb
Files:
 a113aef1e7e64b2a9879ddc25687ee7a 1240500 debug optional chromium-common-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 dcc9016d91a0effb5e7e1c7a82748f8b 4885560 web optional chromium-common_118.0.5993.70-1~deb12u1_armhf.deb
 2a250db4071866fad3bbfbef8d982f36 30655140 debug optional chromium-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 bbbf9794c5262e60f767fa4c728d5df7 5487348 web optional chromium-driver_118.0.5993.70-1~deb12u1_armhf.deb
 bfa307df256c6742a25279f6396f19ed 11428 debug optional chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 0ca587f817664c8bd1a0da6c1419367b 82684 web optional chromium-sandbox_118.0.5993.70-1~deb12u1_armhf.deb
 2c821f082cf12ba205176fd744a18dc9 24808616 debug optional chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_armhf.deb
 2e0bf79d267a5a3d9c73cb3b2df045f3 45847980 web optional chromium-shell_118.0.5993.70-1~deb12u1_armhf.deb
 f5ea5188223c9a479270f666f4cf92d8 24082 web optional chromium_118.0.5993.70-1~deb12u1_armhf-buildd.buildinfo
 f0cc0532b04b1e3589a30b0caceec75b 65933572 web optional chromium_118.0.5993.70-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElif5H+pIB11ZS5Aay8vyjiVDuNYFAmUrAm8ACgkQy8vyjiVD
uNZz7A/+JfLNNrgniAkwtsLwbwY146k9Q9+sQpn8aUkwGpCbCGgXR9sRVSZi901R
7WjG58STF1Or3dH2+4zdu9CXZFr4t6fFxHAb2A/p+dQemhuuMv359kGjfmzRWRww
vMGuwX7h3iuj4UNlE9eQMLneJyu3aFxI7kUSfWlRRtbKu5Tr3hfcee5BvdTxj262
AAKyPBWglEZ+HUkVyvGfEmwotBOIjOW+LWx1JUN5eJ8torc/avUHl1kgrowqI9lO
miy+LJNZh882sU6xTXIyO2EsesTiVWlXBi6BoR9noX0Abc3/wObKIYS14fKK9uvo
jKNYHn0Q2vSunZ50EUDQyNeHeyYBIyO+2QXb/Hz7Yk65c5QbXxOPvgGy+0lpyKT9
so38icZQXNyob6qrhVNNqb4GSQDY40wRlHSXWQmXqhtBW0swNGm4LANpSD4tkuuq
oGo9/uwT+rba1JyTwVEvlneJo+ha2yfol9s3jAYqjE6HIEV7o1FSjwrW/sOf2Joc
D+C263aUdJQWQ2OlfBGBf9/QSDf8ttu+1xg6870IkxHmeLo7BEZR7xVYaZtAe3ml
mKNb2HR0BEXY1Mei8v5c4Y0sBFPXI6qkv+ir7mAbacG3rIwyyaTHLmD32f4r8O3l
5L2BKhwGfojKkynbQDaLljcuqxK7NDaBq0Kqk1iqDslUkUc25Jw=
=LcwA
-----END PGP SIGNATURE-----