-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Oct 2023 22:03:00 -0500 Source: chromium Binary: chromium-l10n Architecture: all Version: 118.0.5993.70-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Timothy Pearson Description: chromium-l10n - web browser - language packs Changes: chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家. - CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous. - CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita. - CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong. - CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong. - CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip. - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun. - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car]. - CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong. - CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs. - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh. - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy. * d/patches/ppc64le: - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh - ffmpeg/0001-Add-support-for-ppc64.patch: refresh - fixes/fix-breakpad-compile.patch: refresh - fixes/fix-unknown-warning-option-messages.diff: refresh - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch: refresh - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: refresh - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch: refresh - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch: refresh - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh - third_party/dawn-fix-ppc64le-detection.patch: refresh - third_party/dawn-fix-typos.patch: refresh - third_party/skia-vsx-instructions.patch: refresh - third_party/use-sysconf-page-size-on-ppc64.patch: refresh - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh . [ Andres Salomon] * d/copyright: - blanket.js is gone, no need to remove it any more. - delete some khronos images marked executable. * d/patches: - upstream/memory.patch: drop, merged upstream. - upstream/sensor-reading.patch: add, gcc13 build fix from upstream. - upstream/lweight.patch: add, gcc13 build fix from upstream. - upstream/freetype.patch: add, fix freetype header inclusion FTBFS. - upstream/sizet.patch: add, libstdc++ build fix from upstream. - disable/unrar.patch: update for minor upstream changes. - bookworm/struct-ctor.patch: add various new workarounds for clang-14. - bookworm/structured-binding-scope-bug.patch: drop part of the patch. - bullseye/constexpr.patch: drop bullseye patch from bookworm. - ungoogled/.../disable-web-environment-integrity.patch: sync with ungoogled-chromium for upstream changes. - bookworm/i386-lock-free.patch: refresh. Checksums-Sha1: 9b5f0d43044e324cccc8799fbf36ed2acfb542f5 6656444 chromium-l10n_118.0.5993.70-1~deb12u1_all.deb 4d3af9ff4d39ffb17cbcf37ac3bc29d6ae6729fa 21341 chromium_118.0.5993.70-1~deb12u1_all-buildd.buildinfo Checksums-Sha256: cf659e72132c95737d1cb97aee861bcb11daa2d8ab06c7ba35a30eedcdc8fd8d 6656444 chromium-l10n_118.0.5993.70-1~deb12u1_all.deb 64d811bb0dfc4670a05e27089fc78b5b370bed24a5812be54dba798b2111ebb7 21341 chromium_118.0.5993.70-1~deb12u1_all-buildd.buildinfo Files: d72adf976473f822fe8350e14165278b 6656444 localization optional chromium-l10n_118.0.5993.70-1~deb12u1_all.deb f258400adb012350dffee4ac643aae93 21341 web optional chromium_118.0.5993.70-1~deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtzb3SVunlrB0F8t8ExOkVqF4GXMFAmUnLtUACgkQExOkVqF4 GXPVoQ/+IhnAmlSNIg3T1BuRJ+01fSmT28wzM3vwmvI+7DHVwkPRX6OrWzJTa9GZ KYH91PJcVrm0XD8MRIOL4zb/BKthpAIvpABl88d+pbp9B9Lzsz6gdMwacF2kaESf 7D/QQXnqKyxc6Ib1hrT2bRiiPfM2CywtjnS2pjaNDqIPn8MF3ghI6NtoUE5pfUAK TvPGfeFLTtNRBuJ2MfoLE+cPr53mdk+TvaGm9NSqTvSQnONXbMJJYDbYh3kUacZ5 b3uyBNRmTbtNkL9NcahDLK3xeoLkAdc8bPIdS47aOoeSfPmkZzzVpB3f6wRyAy3J 5TZDj6+kDi4u+TeVqcft0o34CP+CPpkAyOlELXji7uVzCraWRzsDJGofgx0kRktH bOZFWPFrD3ljTtCdPI6PfvIRyyar+JGN7r/C0jW9WJhqVSyECFG1jtbVv7MOUNc3 XfiId+K5jshhGeYi8dc03vynb/GDtKGbzG2YXm3oXWZlI2f/cCOKIq5Pr4FcUPvc quwbeuzc0GWBd00nY3Sj13gioYrButLZETa3dMqMeUGIK7LpJfA37hj6sdikHuNC d5Dl7S4a2fHKwEmI+T6zD9ia/PW965XaJWzEvzGDSH/oUUBrxfvw9060OKHNUy7z lWVU0Xn8VF4is0F92K/CuL+LjphC2h/gledkg6p/2WiKsniH6fE= =10N8 -----END PGP SIGNATURE-----