-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Oct 2023 22:03:00 -0500
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 118.0.5993.70-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5218: Use after free in Site Isolation.
       Reported by @18楼梦想改造家.
     - CVE-2023-5487: Inappropriate implementation in Fullscreen.
       Reported by Anonymous.
     - CVE-2023-5484: Inappropriate implementation in Navigation.
       Reported by Thomas Orlita.
     - CVE-2023-5475: Inappropriate implementation in DevTools.
       Reported by Axel Chong.
     - CVE-2023-5483: Inappropriate implementation in Intents.
       Reported by Axel Chong.
     - CVE-2023-5481: Inappropriate implementation in Downloads.
       Reported by Om Apip.
     - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun.
     - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car].
     - CVE-2023-5479: Inappropriate implementation in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-5485: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5478: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5477: Inappropriate implementation in Installer.
       Reported by Bahaa Naamneh of Crosspoint Labs.
     - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh.
     - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy.
   * d/patches/ppc64le:
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       regenerate configs from upstream source
     - database/0001-Properly-detect-little-endian-PPC64-systems.patch:
       refresh
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh
     - fixes/fix-breakpad-compile.patch: refresh
     - fixes/fix-unknown-warning-option-messages.diff: refresh
     - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh
     - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch:
       refresh
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch:
       refresh
     - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch:
       refresh
     - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh
     - third_party/dawn-fix-ppc64le-detection.patch: refresh
     - third_party/dawn-fix-typos.patch: refresh
     - third_party/skia-vsx-instructions.patch: refresh
     - third_party/use-sysconf-page-size-on-ppc64.patch: refresh
     - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
 .
   [ Andres Salomon]
   * d/copyright:
     - blanket.js is gone, no need to remove it any more.
     - delete some khronos images marked executable.
   * d/patches:
     - upstream/memory.patch: drop, merged upstream.
     - upstream/sensor-reading.patch: add, gcc13 build fix from upstream.
     - upstream/lweight.patch: add, gcc13 build fix from upstream.
     - upstream/freetype.patch: add, fix freetype header inclusion FTBFS.
     - upstream/sizet.patch: add, libstdc++ build fix from upstream.
     - disable/unrar.patch: update for minor upstream changes.
     - bookworm/struct-ctor.patch: add various new workarounds for clang-14.
     - bookworm/structured-binding-scope-bug.patch: drop part of the patch.
     - bullseye/constexpr.patch: drop bullseye patch from bookworm.
     - ungoogled/.../disable-web-environment-integrity.patch: sync with
       ungoogled-chromium for upstream changes.
     - bookworm/i386-lock-free.patch: refresh.
Checksums-Sha1:
 61ad2342673077a52ab3f508ac422e31af28db70 1229404 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 4d27327c7c90cbfb9e1f2b1b3d0d3a8a2652353b 4820296 chromium-common_118.0.5993.70-1~deb12u1_arm64.deb
 d68027c894e7c3a3235ac7380d998e3a90482694 29083684 chromium-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 cfb98c3d9b379fc4158575cd2343aa2272701225 4842700 chromium-driver_118.0.5993.70-1~deb12u1_arm64.deb
 f2bf47ad7136e28c05dd27629f2f4a0a0d5d9caf 12904 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 817300c80b1faff87bf5fe2927a56eb010e36f4a 82980 chromium-sandbox_118.0.5993.70-1~deb12u1_arm64.deb
 8e67e8c01e1c79cc463ab66b2e14fad29ac0d1e7 23628376 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 227641e93416d2f8aae065b9b42ce61345bded0a 44072332 chromium-shell_118.0.5993.70-1~deb12u1_arm64.deb
 ad0a302ad51cdb6fed6f612f0b7b1594c49c5017 24140 chromium_118.0.5993.70-1~deb12u1_arm64-buildd.buildinfo
 bf2edc8a5298288b7812e102cb7f989b42f45258 63390372 chromium_118.0.5993.70-1~deb12u1_arm64.deb
Checksums-Sha256:
 29c5cd9338e94591a4ca40d8fedef46b73a62084942e6f5763ae3db529239662 1229404 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 700e4d5d97f9996160a0183d5a1363c12a77e2c77ae26d8f22cfbf83f51073aa 4820296 chromium-common_118.0.5993.70-1~deb12u1_arm64.deb
 46179e8002ae83f27400713cddb86f6b37012da814708ab6aa22a231259b9d42 29083684 chromium-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 014d2d312a75f28b5bb0d7d0847ffad4ae35f44a84d372e459fc9af2858b0767 4842700 chromium-driver_118.0.5993.70-1~deb12u1_arm64.deb
 034d44cd1b30fc96bb6c2779a8ae5fcab486022e5eaed4422113281b2ae61455 12904 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 862b1a24280204b0ddac0365bcaa31bbac39e15f1e6360c1d1d28f5d1a16da5c 82980 chromium-sandbox_118.0.5993.70-1~deb12u1_arm64.deb
 432dc344c71db8af8fa79818fa63b1359ac6602bf29d7eafb21d6df16b51ca1c 23628376 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 f0a3bd9a57de103fd28aba89a89ce0af9844e52c82fad736e71b97e081662677 44072332 chromium-shell_118.0.5993.70-1~deb12u1_arm64.deb
 64701e56f4f8f94b4fee94b49bab52346e42fe76e5055aea5830010326ff8a8f 24140 chromium_118.0.5993.70-1~deb12u1_arm64-buildd.buildinfo
 8c7d478c4361ec55182c12c7e7fe910cd0fa2d0eec22ff9945af5435aae19e16 63390372 chromium_118.0.5993.70-1~deb12u1_arm64.deb
Files:
 800ae43587c2e8a8a621b20691fa30be 1229404 debug optional chromium-common-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 8204c325821bfd56ff715640c8d25e78 4820296 web optional chromium-common_118.0.5993.70-1~deb12u1_arm64.deb
 1104c68cadc441c4f7542295f49ecd20 29083684 debug optional chromium-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 06895be4982f8a76ea033bf579e3a19a 4842700 web optional chromium-driver_118.0.5993.70-1~deb12u1_arm64.deb
 20a37cf069bfb291602e148a60161f74 12904 debug optional chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 df9f82b7073968861b20d373ef01659b 82980 web optional chromium-sandbox_118.0.5993.70-1~deb12u1_arm64.deb
 623b347364a8348f2e0992f736364096 23628376 debug optional chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_arm64.deb
 1002611705a2164df05ac31695a53cf3 44072332 web optional chromium-shell_118.0.5993.70-1~deb12u1_arm64.deb
 b7e5bb2bd1ace1a712d9cfcf2442058e 24140 web optional chromium_118.0.5993.70-1~deb12u1_arm64-buildd.buildinfo
 896e122c41db734a35e4a44c03162345 63390372 web optional chromium_118.0.5993.70-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEV2QMHg/7F9BmqsxiZLztDiV8cXAFAmUpaCwACgkQZLztDiV8
cXC6Bg/+KXRhyvqZfxM3ip5oi9LM0LN/yugBHrustj5J++vAyNtX67aKqqtBgOWF
px0DIiIhuiz6hq29tSXcEfAhoT2t5EDbl6t2wXobSPhAieS6B59aA9FIoJXGVrGH
/Lc2lhsIXwe4cNztQNHzRfZryffCTIhevKJ1xOLdLGTCrNmQmubG0PIZ8Cv+FZ3O
TfQ1AVzZ4FOWaJ4jf9rSf08aGc372V4+lhKUjUzLWKWTk0MvOX/dRszOTlDsEaVz
mbtG7/IAN7xXJnSHH2jwHE/uWvE2DPIGgZpchSr5JyueAVaoKJbMQb5GcpLEt98c
Ygh2GTuft0gZc897EdcOqKpPajQkbwvrlmfp0+oaFntWVv4ZJnJs1IugGsevTcWF
ZqNlPF2UHEHfJzgx5cey3xuPulYmzO9JiTY+iYvnYxtOecPJreo/BsZOjvAcutXH
7N4POK32l8fLFw+q240Il3jXWyMPNO3+lZ49oAX8O1d6zk6SOu8VAU1uEkbKozrD
4jQLYPfjLLgd4Vhh0PvglL3XIaNJ1fMWuCzv9PJWtHJLtJLXz6sU086XQMYK7zKl
FNiA4QpxZcwap7iTY7gSqtM4fNzQsby2KhGJOqNVpssV5td0ImMc69PCG91JfMbo
j1V02M+ZuouUXECfH1mY1ddEzg3bidgkTQ3mn8iqcAbNUK4x0s8=
=X8Px
-----END PGP SIGNATURE-----