-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Sep 2023 19:16:28 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 117.0.5938.62-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb11u1) bullseye-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bullseye's older gn.
     - bullseye/default-equality-op.patch: refresh.
     - bullseye/lerp.patch: add a new build fix for libstdc++ 10.
     - bullseye/downgrade-typescript.patch: drop parts of patch that don't
       apply and simply update typescript node dependencies.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
 aeb97c34e1244a8ed7f06115527d1c81913186d5 1101968 chromium-common-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 e476dec4c4b289d0b60a876478576c1f1c9f1c31 5032120 chromium-common_117.0.5938.62-1~deb11u1_amd64.deb
 b1e7eba13c923b76886cf3ae062119af9429b30e 30493400 chromium-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 4a20c768406a3d62d3a11ca1dbccc6bf61530127 5434344 chromium-driver_117.0.5938.62-1~deb11u1_amd64.deb
 7c4531d062fc1763effe4f358af907d259b05ab4 12252 chromium-sandbox-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 fd60ada856fa2ffd87201750236b4862ae130f29 137148 chromium-sandbox_117.0.5938.62-1~deb11u1_amd64.deb
 15b981ee73a0b06140202a01164178b3f339cd46 26024052 chromium-shell-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 616cd2b4fb11aea75a99c42a1e2bb7bb28ec3c5b 49840184 chromium-shell_117.0.5938.62-1~deb11u1_amd64.deb
 1cf6efd37ad99e8a76a528d60740f6e6d557f5bf 25778 chromium_117.0.5938.62-1~deb11u1_amd64-buildd.buildinfo
 da5dc0baa29b74f68a8221ee44e77bd01efdb5d1 71157152 chromium_117.0.5938.62-1~deb11u1_amd64.deb
Checksums-Sha256:
 aa7eef27742eac314e1c98f9a9f14e0b3c2bb2bc73ba4443099b112681255556 1101968 chromium-common-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 7df83cf4e84e03f215eb06e9dfccd9ff21b119285023758f1be434bf562fa37a 5032120 chromium-common_117.0.5938.62-1~deb11u1_amd64.deb
 327d0bcfe786085ba564db64a0bd59026c943cb1427c5c1b0f85b920c0fff4d6 30493400 chromium-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 a86d04ac4070c66d14652338adf3510b195c0c9fcec3a5748914119c0ec6b407 5434344 chromium-driver_117.0.5938.62-1~deb11u1_amd64.deb
 5ded1293f8e6c5fb7dad3a1c6971558f5e7e5e8ab3b48bc915e269d526861bbf 12252 chromium-sandbox-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 636d7c7641c94f2c351f8c0d5ae34e696e234a97522fd3e3c26f93c9b8f36305 137148 chromium-sandbox_117.0.5938.62-1~deb11u1_amd64.deb
 4cb79381d0f13514fa38364d9c9341cc69f83cb1a6fffc7ce12bbcad12df28c7 26024052 chromium-shell-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 f86851f879bc4830bfe43e9bb1477b4babe8195cae5fdd60cb477540d786050d 49840184 chromium-shell_117.0.5938.62-1~deb11u1_amd64.deb
 7ff7097913e5e50da1ee85e24eef08f5e886885156dc3aa6d16e195976abdcb1 25778 chromium_117.0.5938.62-1~deb11u1_amd64-buildd.buildinfo
 db7ca8263e84b03915d0be1d96694ccc095c5cb4668d7769ebdc8a2d32f33a54 71157152 chromium_117.0.5938.62-1~deb11u1_amd64.deb
Files:
 49afa359ac94edbe7b53eaadfdd5f97a 1101968 debug optional chromium-common-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 96fd430a3c1e001d95656b690d2f3143 5032120 web optional chromium-common_117.0.5938.62-1~deb11u1_amd64.deb
 970f65838144b36d7f4e9713927ff76a 30493400 debug optional chromium-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 f9845673f73e04a6319656ba50827d85 5434344 web optional chromium-driver_117.0.5938.62-1~deb11u1_amd64.deb
 243815a04e62d685162cb360253e243f 12252 debug optional chromium-sandbox-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 f9f92305aff9da32a9aaf5d565f2d647 137148 web optional chromium-sandbox_117.0.5938.62-1~deb11u1_amd64.deb
 e8bdc74cf9ceba84b87b5fffe55dc21b 26024052 debug optional chromium-shell-dbgsym_117.0.5938.62-1~deb11u1_amd64.deb
 0798ae7a0052a68dfab553410585efd6 49840184 web optional chromium-shell_117.0.5938.62-1~deb11u1_amd64.deb
 1cb531f35f131f256f4acb77003d78bc 25778 web optional chromium_117.0.5938.62-1~deb11u1_amd64-buildd.buildinfo
 58c954f39b9281ef018618d89ba49b4a 71157152 web optional chromium_117.0.5938.62-1~deb11u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmUHjeAACgkQDZWW6X29
YdpF3A/9F7bbfNJsNNrl2MeUoXoRzTKe5H6+wPPwCGXQiz5mdLAG3iS7XWm1IrpQ
NqKDtvwcSfEmTIpSbFG9ZZ7BeYkomjbFcR18H1s1On2l9BdKY++Vwu2tzqICXfTB
7hwHXyX5RusbRsgdDTnGtkdXbJcOPgSVZeESu1oBQTksrcbg8jiDrWNj7ldbtpl3
MIfJDvnhKUnPVT5VE7zUrdnwjgEGAukTb5BJmSHm0BTY8dHo6JtFkqv0915uw6Av
+sJrkZVjmInVVMTZ+6DGb2JZdk1RGFmPLrLtZMGQrA170+0lyjTVDpJVC98X0lUz
On/JPb1hAn7sOYMoKaOQlu5xyAbzu3zfjL0hPo/TMN1tIqjjFbfNiz+iz9AWuQ6H
0CevIFHM292hwaqSQs9HY42U7Pzrvwl4SKBrNUFDywSc1b+t6UxDbp+2us37z8SS
jA4nYbXL0UR3l9W09AWTbfdbHAHS1/Q8ZMY4jYbUARAKKjz+KAynCfHu2J7JBKIe
T6lbRjs12q8o+KeTjP1hFz9prqD1CdiR3hJo3IlshWB/Qoi72BJ/dJ4/ANVzghhS
Vg1CJ26V3Ymmz+SyPR8zY3obmSw/UaBf5omIXrIUlGQ4fCtPQ1AJb0lTo6kKjYXS
FWRXCR7rKCDD6cZdHBWOs5fgLvXgTbDpMA0UyajR64AkLeUFyfA=
=1w2P
-----END PGP SIGNATURE-----