-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 117.0.5938.62-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
 4da7be9ca59f485a3df961055ea573b6ee698070 1229120 chromium-common-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 e1d8e23b4f1e64ca0e21fb37745632419fd0ffb2 4819228 chromium-common_117.0.5938.62-1~deb12u1_arm64.deb
 abdec9d416f79dcd91819b343c53fea88c743e5a 28880120 chromium-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 7a4e3e28b07ec6d571c497af5d366bdd33875563 4828380 chromium-driver_117.0.5938.62-1~deb12u1_arm64.deb
 9e1a43becb135ff1726d69cbdd5546f10df51384 12920 chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 11c04de3c520aa893195639db94d95561a6f70ec 81916 chromium-sandbox_117.0.5938.62-1~deb12u1_arm64.deb
 4b6702afac0d972b53bb5277af5bee754ef76b80 23503112 chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 379124cdeb1fff434b924317c07be2c8437e12f6 43671300 chromium-shell_117.0.5938.62-1~deb12u1_arm64.deb
 08d96f74ca0b4afa35cdbd6549fef9ed60f11c84 24002 chromium_117.0.5938.62-1~deb12u1_arm64-buildd.buildinfo
 537eb377f57b94bacb3c5001af598955a584c5f5 62778132 chromium_117.0.5938.62-1~deb12u1_arm64.deb
Checksums-Sha256:
 80930445e54cf7f1c14e1a472b9f0d2305529162f8f256f3ce294ccea6faee96 1229120 chromium-common-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 067f5c4a2b7eeff40dfca682551d9a22a5f8c5cc63d1a60107cdce7c6f1f941e 4819228 chromium-common_117.0.5938.62-1~deb12u1_arm64.deb
 94c0d711631f4fab21eac92a16e2b9bd83d6febe28395fbeba8cd90278686297 28880120 chromium-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 42a7d2a61477d04417c89ff73abb9715839c008dc65d85bfdbd72776ca547393 4828380 chromium-driver_117.0.5938.62-1~deb12u1_arm64.deb
 76ccbd9537a33d7170d933ee4e7e54c982dc12e359de6f978fdc4181d8ad7584 12920 chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 da801b4f6e0a30beb6f8bb48f6c8f8b6415b254cdbfa8320859bf3e97d203b25 81916 chromium-sandbox_117.0.5938.62-1~deb12u1_arm64.deb
 9f66cc7e0d00fb9367e18bf3037158a9eeac4c530727d54c49402d17ac25141f 23503112 chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 661fa6f462045954f0c41f0f5d6f7b1a4255ff6eff2551212398f6a9c3909c3d 43671300 chromium-shell_117.0.5938.62-1~deb12u1_arm64.deb
 5cdefe4343e24bd98a1843c5554f694259485bbd4da868506798e057069f6c95 24002 chromium_117.0.5938.62-1~deb12u1_arm64-buildd.buildinfo
 922c3d098ed343165df307420af487d2d704de3d6693890137b8b64cb0bf99e1 62778132 chromium_117.0.5938.62-1~deb12u1_arm64.deb
Files:
 3dbe83f9d9f188f3ce8764864d16994a 1229120 debug optional chromium-common-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 98148384d631a0449fe25beaa3272186 4819228 web optional chromium-common_117.0.5938.62-1~deb12u1_arm64.deb
 2c5a196955acfb9aee98db7d039038c6 28880120 debug optional chromium-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 963d1492f9a50ffd9187a1d128065516 4828380 web optional chromium-driver_117.0.5938.62-1~deb12u1_arm64.deb
 5a1c87e04349d761d55137f373a3a1a2 12920 debug optional chromium-sandbox-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 6ae2f818ed093a5f5f824dd6882f0901 81916 web optional chromium-sandbox_117.0.5938.62-1~deb12u1_arm64.deb
 a31d050a9477bff3c37fdd7643e4f3f1 23503112 debug optional chromium-shell-dbgsym_117.0.5938.62-1~deb12u1_arm64.deb
 9b4fdecb140e1fa887e80677f624a64d 43671300 web optional chromium-shell_117.0.5938.62-1~deb12u1_arm64.deb
 bed76e2d75c36268989149c465294322 24002 web optional chromium_117.0.5938.62-1~deb12u1_arm64-buildd.buildinfo
 c0d2cb97ec83fe6b0a3530d598ccd33e 62778132 web optional chromium_117.0.5938.62-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmUG1GYACgkQyAdpDL98
SQ6pEQ//VUmLcMZcOEW4HJ4OLN5QJcIxxX3fuRAx2aSyhOxBk4IY2AaCByVYqTqn
C1En1TXDWm+LXEqEZLIxpSK/V8yImyOGXxFoMGk7zoeJuspo6k26Ff/BQJ802QFP
Ok63+qbGOvyN/aaVCn354NJrBJxWdkPMPcZ0eV3HKnE9TgVvxsk2p4AsEDzYJj/y
cyAqUTScuErcaGo6WGJCWOAUjDfaOsNTZNSR3ieqKZ5L7O89iZPxZx9B1/hA/VIT
8tgWcqAlwwBRzWUmoH2NMZ3llSTGhDXfvYt3D2VTf8oqGPopRm7IabM7BZzCwkGE
1Pcm6jB5zXoUuQ0FvWIIXmTtS3X7jHPni4zTnfqx4+hjNmgZUyH5EoRSxgJC8xzO
AFhlJ1GL4Rx6LoZPlNfQP7cJ+Rksu0nZ81leD3A7rRw7SIwluvrwMVYiqyEuSM79
n17tV54J4dghhFB2vRuaedwSYDMWCVw7USldzyBfNovBDeLlxlWIMyPgOCrf9Ufq
eTk11H2nMFAavv3X8Zfq61WK1IN4zTFZn0yuyPR2YgfR07gwHvYydy2NW+JRl5Gd
ZGpcLQ0N2caYtUd/ubfdeIzCAmgLSOVNHDKkdU1VRnrMLFREwJcwkYddSsLLX6nz
dD+aywCxfCph/Ta5sohocNNZszGvRDEOxi0EVHFGvnHLnoeKDlk=
=NkAS
-----END PGP SIGNATURE-----