-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 117.0.5938.62-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
 7696ce2ca2b1b58a366166cc0b767f84b0322f24 1204672 chromium-common-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 adc37bd14086d98eadbef11d9dfed2339397a2a9 4977688 chromium-common_117.0.5938.62-1~deb12u1_amd64.deb
 9b9562afeccd4547e2247871b3922a96f2cf50b4 31250324 chromium-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 7f257414593c8e13a66c32d1fd5c4d736d7f0147 5346388 chromium-driver_117.0.5938.62-1~deb12u1_amd64.deb
 d72fa2758160223da112e56ac026e00b6591563d 12648 chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 98cc029a479ab6a0983a2c1fc1ce0a097606ca4b 81996 chromium-sandbox_117.0.5938.62-1~deb12u1_amd64.deb
 48d2689f1ca09be9e8330b531ad400dbd65e4708 26590360 chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 4390e8c46e81423457ef42650cc199bfda849a1a 49571652 chromium-shell_117.0.5938.62-1~deb12u1_amd64.deb
 aa9f34e5cb89082b1b37989447c4f8c5aa0cf75d 23931 chromium_117.0.5938.62-1~deb12u1_amd64-buildd.buildinfo
 6eb129ebd783303d1705f3740fc25b7f1f3e5eaf 70870052 chromium_117.0.5938.62-1~deb12u1_amd64.deb
Checksums-Sha256:
 7e6ecfd2b1d5fcd0762f811fd9deed45170bb6e5142f333bb0c1c186d4dd0511 1204672 chromium-common-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 db51836ab61414ec02e17c7a392b20b2751a62033e7042cefa19e990d5d6ca02 4977688 chromium-common_117.0.5938.62-1~deb12u1_amd64.deb
 f202301aad67f4c41508c9a23cfc3799b12aa1ad0c06135b36c914efba566f2f 31250324 chromium-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 57f9ba2c9e45d0172b196716674c9984d83381a2e33e0928b61e6997294420b4 5346388 chromium-driver_117.0.5938.62-1~deb12u1_amd64.deb
 ac6942f02ee8bd345c2b604e6c699104e2e335538bfad04a6d47015208b10079 12648 chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 43b975119a82893d6a360d9723a9fd452e7d1835505ec31cb1000835a55167ae 81996 chromium-sandbox_117.0.5938.62-1~deb12u1_amd64.deb
 6483dbeada26f40da83bd6d417422a7bc2acda01ef81204869c5e291998a6e52 26590360 chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 2b05f60446dac41554af86ad5a439f0e71a065c1715814d50f59bc6c87266631 49571652 chromium-shell_117.0.5938.62-1~deb12u1_amd64.deb
 3545abc8092d6eae9c26e25f3da33a5a24b19c655a3da6094d4c738f1b2c1b7d 23931 chromium_117.0.5938.62-1~deb12u1_amd64-buildd.buildinfo
 115cd3f2edc5449847143498afff16c92902a1d1a25d11942482737174f2dd65 70870052 chromium_117.0.5938.62-1~deb12u1_amd64.deb
Files:
 139d9753748a279f15799dbe89cde9c2 1204672 debug optional chromium-common-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 636037d9fc266d414e5ff6bc10dcf678 4977688 web optional chromium-common_117.0.5938.62-1~deb12u1_amd64.deb
 9f89e7283ea2d41e01a6abd668198b8f 31250324 debug optional chromium-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 1dc0433edbb61b4df040501514e124ed 5346388 web optional chromium-driver_117.0.5938.62-1~deb12u1_amd64.deb
 ed05912150448b1933ae43a7be44f201 12648 debug optional chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 2962ed911ca08d4ddb0945b905d5955f 81996 web optional chromium-sandbox_117.0.5938.62-1~deb12u1_amd64.deb
 2ea0208eb3f16431ea7fe95d5057b9dc 26590360 debug optional chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_amd64.deb
 91e6f813f4c1e2a003ff8f538ac3a9c8 49571652 web optional chromium-shell_117.0.5938.62-1~deb12u1_amd64.deb
 35a54bf6329db62ff43fcccd95f70d5c 23931 web optional chromium_117.0.5938.62-1~deb12u1_amd64-buildd.buildinfo
 bf961ea8344e06f4a441ad6e301247da 70870052 web optional chromium_117.0.5938.62-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfSHphWe6nwpTFrNNZXl/6h5+iU4FAmUEFc4ACgkQZXl/6h5+
iU6YdQ//cd9NZ8rr79JpFHAPhIbD63nq7NglYkI5E+fQhTb1PzJkXm6r2jHAGglP
CS8k2fkC5IlpREhhoNWVOnuOIHBMMg+aDN4ohK83cwBS+d6nJdkSsBeDaX7/+J7S
uDR9nNVBToyfBxppZ33BGDDb0QKNhXFrrkB9eOgvHMSi4OOTiwi+eRuU3IWx8+K2
3PDHB7HCwGMHl24h5MbDcEKntVBmH6XZowQuWYrz8fiZr1ZEnLP3Lj302aA3xgvK
lhE9HyzlmxW5WLzwLSw93py0iQbfm/evG9obY0E/AZdsejaAhqfZUWGm0NxkpJFJ
DZTb60FJS4NvM3WNC47wSyC0/w43SjC9eu95cxyN7+MDv68l+RajG2QXYQdodCQc
CU+3LQDs3Bkd81PwAB67KJJR/rrYzoHIO9RyPCOxydatDmYz0QgOQDndVZN1zKf/
5iMmsqN3J7/w9skxJdsi0FBdTWgWnVjCUUMa/835mAYn0v3oa0SsO0ORqjhIljYe
UYi/aL4S3BeSk3DPw5LFzjrOjZaf0kbDA3DC9jB2aJa6OZcxszVyTdV4Pf5rMNDv
RFiqjjyRmV66bjroRcmEgPUYaHnF4Pn9BZ0uYaqAWWEnbtpcNqLIlb1mAl+bDheD
DJcssVPNAEfUdnLiPDyC2tQut6219LxRbVZu5kFc6hGIDlDpOF0=
=e8oo
-----END PGP SIGNATURE-----