-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Oct 2023 22:03:00 -0500
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 118.0.5993.70-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (118.0.5993.70-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2023-5218: Use after free in Site Isolation.
       Reported by @18楼梦想改造家.
     - CVE-2023-5487: Inappropriate implementation in Fullscreen.
       Reported by Anonymous.
     - CVE-2023-5484: Inappropriate implementation in Navigation.
       Reported by Thomas Orlita.
     - CVE-2023-5475: Inappropriate implementation in DevTools.
       Reported by Axel Chong.
     - CVE-2023-5483: Inappropriate implementation in Intents.
       Reported by Axel Chong.
     - CVE-2023-5481: Inappropriate implementation in Downloads.
       Reported by Om Apip.
     - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun.
     - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car].
     - CVE-2023-5479: Inappropriate implementation in Extensions API.
       Reported by Axel Chong.
     - CVE-2023-5485: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5478: Inappropriate implementation in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-5477: Inappropriate implementation in Installer.
       Reported by Bahaa Naamneh of Crosspoint Labs.
     - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh.
     - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy.
   * d/patches/ppc64le:
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
       regenerate configs from upstream source
     - database/0001-Properly-detect-little-endian-PPC64-systems.patch:
       refresh
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh
     - fixes/fix-breakpad-compile.patch: refresh
     - fixes/fix-unknown-warning-option-messages.diff: refresh
     - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh
     - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch:
       refresh
     - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
       refresh
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch:
       refresh
     - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch:
       refresh
     - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh
     - third_party/dawn-fix-ppc64le-detection.patch: refresh
     - third_party/dawn-fix-typos.patch: refresh
     - third_party/skia-vsx-instructions.patch: refresh
     - third_party/use-sysconf-page-size-on-ppc64.patch: refresh
     - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
 .
   [ Andres Salomon]
   * d/copyright:
     - blanket.js is gone, no need to remove it any more.
     - delete some khronos images marked executable.
   * d/patches:
     - upstream/memory.patch: drop, merged upstream.
     - upstream/sensor-reading.patch: add, gcc13 build fix from upstream.
     - upstream/lweight.patch: add, gcc13 build fix from upstream.
     - upstream/freetype.patch: add, fix freetype header inclusion FTBFS.
     - upstream/sizet.patch: add, libstdc++ build fix from upstream.
     - disable/unrar.patch: update for minor upstream changes.
     - bookworm/struct-ctor.patch: add various new workarounds for clang-14.
     - bookworm/structured-binding-scope-bug.patch: drop part of the patch.
     - bullseye/constexpr.patch: drop bullseye patch from bookworm.
     - ungoogled/.../disable-web-environment-integrity.patch: sync with
       ungoogled-chromium for upstream changes.
     - bookworm/i386-lock-free.patch: refresh.
Checksums-Sha1:
 98996de28a55d4402a298ac005b8c2684f031506 1142356 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 ec688a58c0daf1c2fe796548a8b7f186c310d009 4976516 chromium-common_118.0.5993.70-1~deb12u1_i386.deb
 ff7ec6e23b09fa92477af97611da7c1fa3d8ccec 30282188 chromium-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 fecaba21ccbbde21ef628f8326e3a31c9481aa0a 5986352 chromium-driver_118.0.5993.70-1~deb12u1_i386.deb
 2c09f33a339bd2ef9d6707b5d1836a1c04c88285 12576 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 0e557a59ec1521b840c73cac846e1b8870172a74 83004 chromium-sandbox_118.0.5993.70-1~deb12u1_i386.deb
 ce24167f4ec12e195870fcc77a02bbebf4f4d9d1 25662092 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 78d66e22d5b947985a1cfd3bcaa3da6e5abebfe3 50787756 chromium-shell_118.0.5993.70-1~deb12u1_i386.deb
 7adcdf5637133983293a032d5b731377ce103b22 24051 chromium_118.0.5993.70-1~deb12u1_i386-buildd.buildinfo
 2a90514233fb4d9b4973907c588334d548cb72d8 72908448 chromium_118.0.5993.70-1~deb12u1_i386.deb
Checksums-Sha256:
 2034de6e729cb8d7cfd150b6e33aee332bf7c385f2ca8eeab4e9fde2cd457131 1142356 chromium-common-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 1ce308fde94794a031e7849902fc40699e6b2ed84b2bef2a03ee24b4fc0255b3 4976516 chromium-common_118.0.5993.70-1~deb12u1_i386.deb
 cb81a925b0fc87e3c0d668de3f488100816089ebcde6274cb2279c82ccaf2c7d 30282188 chromium-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 28cf85101f2ab45779c574ebbacf92232528947e3cc63c88992d49a892757c92 5986352 chromium-driver_118.0.5993.70-1~deb12u1_i386.deb
 794886df346fd85ec3e428417fac1e1b74f50e35465a4aff9115b8d11ffedc74 12576 chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 96e870d179c2834d905b708f8c01d5fb1910d6a859ed0d927ed6c50bc66c62c3 83004 chromium-sandbox_118.0.5993.70-1~deb12u1_i386.deb
 fb699eed2ee6abc0538e0f90e46914ad1beb8bbb697630b9b5c265f643a9b80e 25662092 chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 09ae2dd367541f1c0af7ba0a21d8e0dc2b507bfdb6b115202f3eb9feae8936eb 50787756 chromium-shell_118.0.5993.70-1~deb12u1_i386.deb
 56cba77907344ed2da2eb03e43dc4ff161e791f9df6f8a6e5bc6d9ff919d2143 24051 chromium_118.0.5993.70-1~deb12u1_i386-buildd.buildinfo
 84d0e810242eac3b3e2a132b058f687e258bcff8a2c5313ad67f1d253ad5aaf5 72908448 chromium_118.0.5993.70-1~deb12u1_i386.deb
Files:
 e2d65bee72ff22e53a073e720366725a 1142356 debug optional chromium-common-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 f8d82f2a86191c8222060ea1e2faa54c 4976516 web optional chromium-common_118.0.5993.70-1~deb12u1_i386.deb
 8ed9a52837880f030886d28612b508a8 30282188 debug optional chromium-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 41043cad178181460e2ec5f8a6a69cfe 5986352 web optional chromium-driver_118.0.5993.70-1~deb12u1_i386.deb
 529eaa699806479fa86c30d1b2a8ab80 12576 debug optional chromium-sandbox-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 01ff27db04ebfe157522147e6d9fd757 83004 web optional chromium-sandbox_118.0.5993.70-1~deb12u1_i386.deb
 72dc508ab773fcadb7d1dd7c28e17c32 25662092 debug optional chromium-shell-dbgsym_118.0.5993.70-1~deb12u1_i386.deb
 7fc8c1eb715874fe84d6b578ffc2a1b5 50787756 web optional chromium-shell_118.0.5993.70-1~deb12u1_i386.deb
 e02181b2674af2ad43855d8de6219334 24051 web optional chromium_118.0.5993.70-1~deb12u1_i386-buildd.buildinfo
 2484e182eacb48bdb384f64ba7b940e8 72908448 web optional chromium_118.0.5993.70-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7bJOCbihllHz5a8G6bGbnoZY/NwFAmUnXq4ACgkQ6bGbnoZY
/Nxuyg/+LOvSzS3xETsKdz3TP28pB/O5F5A7GjuRSTEtzRLH4h9Rri3elpZ2yj9E
wy7MwlBpFeXJYxh6u2m0wOpUYl+aBU3kf6DqXbwqMFKacf8sUNImjNIH1CPmhf4q
7q4oO8vukU6eBHhWkqrVIvp40mYnTEIDOUcx4rc1SV9E3rFQ7C2NGL0Ud7vfHmTX
f+l64dtgV4rarmSiFv2vC2r4xayzgT/FsRp3/kbSRRQGFhVL9l6VQucjrD++/+eu
YTr7Cmpm4BYp9M+OW1AqvqLLcMwZi/vZLAj9093xpjJAm6AUj3Wjv/Ueqn79/8oV
Qywvi3Q57R9U6nndFaU4cCy9EKcfrHHDtKJBJJwKsMiFKsWoe4iZo24tGiB4Ii1B
HrorqyJy0zPCwwj27waBJIfGvPHTELKQZe96i8hNi1AcwI0EP0NLpVrGEGYYYqwR
+nqxiGm1O0JpEitxuwAv2Yl4CRIE8Hcau/GsToOi0DpzLOUEP8HSg/YaJLrRdmoH
fVrayacVZ5jVYnTurlRGsw/3XbxYB3cA3jrQZjDeoXH2F2LgoYsjreEwTipgqcLr
N+c9MxZ+z8mqGO2g4Z+wpm/QPjrqeG77WMEQknqg2hqYpap0XSfmX4ppPgLOU0fd
rNbzJ1dMruILWgEGQldn55VemZlTuaZzZ73q0nICNkdPUfspqi0=
=IXZG
-----END PGP SIGNATURE-----