-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 19 Oct 2024 01:12:11 -0400
Source: chromium
Architecture: source
Version: 130.0.6723.58-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <
chromium@packages.debian.org>
Changed-By: Andres Salomon <
dilinger@debian.org>
Changes:
chromium (130.0.6723.58-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
- CVE-2024-9955: Use after free in Web Authentication.
Reported by anonymous.
- CVE-2024-9956: Inappropriate implementation in Web Authentication.
Reported by mastersplinter.
- CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-9958: Inappropriate implementation in PictureInPicture.
Reported by Lyra Rebane (rebane2001).
- CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
- CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
- CVE-2024-9961: Use after free in Parcel Tracking. Reported by
lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
Legendsec at QI-ANXIN Group.
- CVE-2024-9962: Inappropriate implementation in Permissions.
Reported by Shaheen Fazim.
- CVE-2024-9963: Insufficient data validation in Downloads.
Reported by Anonymous.
- CVE-2024-9964: Inappropriate implementation in Payments.
Reported by Hafiizh.
- CVE-2024-9965: Insufficient data validation in DevTools.
Reported by Shaheen Fazim.
- CVE-2024-9966: Inappropriate implementation in Navigations.
Reported by Harry Chen.
* d/copyright: rollup -> @rollup deletion.
* d/patches:
- debianization/sandbox.patch: refresh.
- fixes/bindgen.patch: refresh.
- disable/catapult.patch: refresh.
- system/zlib.patch: drop. Upstream removed courgette, and its
replacement (zucchini) doesn't appear to use zlib.
- system/rollup.patch: update path due to upstream renaming; call
./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
- system/event.patch: drop half of patch due to upstream deletions.
- upstream/mojo-null.patch: merged into mojo.patch.
- upstream/mojo.patch: update based on 130 test files.
- bookworm/gn-absl.patch: refresh.
- bookworm/gn-funcs.patch: refresh.
- bookworm/cacheline.patch: add patch to revert usage of
std::hardware_destructive_interference_size, which clang-16 lacks.
- bookworm/constexpr2.patch: add around clang16 build failure
workaround related to constexpr.
- upstream/stack-header.patch: add missing include.
.
[ Daniel Richard G. ]
* d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
they are no longer needed.
.
[ Timothy Pearson ]
* d/patches:
- upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
platforms
- fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
when starting Chromium from within a VNC session
* d/patches/ppc64le:
- core/add-ppc64-pthread-stack-size.patch: Define correct pthread
stack size on ppc64 systems
- core/cargo-add-ppc64.diff
- third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
upstream changes
- third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
.patch: Refresh for upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
Refresh for upstream changes
- third_party/skia-vsx-instructions.patch: Refresh for upstream changes
- workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
for upstream changes
Checksums-Sha1:
9b58a912ed64ca3fc2ed71c778c1b5e54c0d6c4d 3812 chromium_130.0.6723.58-1~deb12u1.dsc
459f8f8697616c7d28eacb85e21a91d7804b9c9a 814710360 chromium_130.0.6723.58.orig.tar.xz
3582fed395fd3f5587135b0cf26a6a7e59d72ccf 8498460 chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
97f952bbad0d7321fce934c11ffa6c511a4f6584 22071 chromium_130.0.6723.58-1~deb12u1_source.buildinfo
Checksums-Sha256:
5487b114e847bc1093c27a38305d8f297f19f0c2a00fbae3662929c409a5ad59 3812 chromium_130.0.6723.58-1~deb12u1.dsc
7e2d6b1769bb8116e1fa6cdb5221a9b1296183723be014627ffd6762245bdd96 814710360 chromium_130.0.6723.58.orig.tar.xz
f796bfb84be710bb28bac308d4bf9317feb1e4aaa73968257a337d7f4fd9e2b6 8498460 chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
a6bf7d3b650ab789a6768a9d3dd1dcce6dd3ceef91cf910cd8e7dd4743e6c12b 22071 chromium_130.0.6723.58-1~deb12u1_source.buildinfo
Files:
e28169a30325e308969c3ae2c40b6284 3812 web optional chromium_130.0.6723.58-1~deb12u1.dsc
0674b973214cb49e0865d56e68f9e239 814710360 web optional chromium_130.0.6723.58.orig.tar.xz
011dab044f29a6281419993a4d129e00 8498460 web optional chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
36df75e1b4d35eb9f3e4f97a66bf6f80 22071 web optional chromium_130.0.6723.58-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcT9CMUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcA7w/+IqenBR/8ACltbIDbV5u7G4qbZkK3 rYbRjd9EsEvylCqdxVeOjQLNEWwqmxOA2Ax3lrMJ/fI4RPfhygMO0V47wvStZAJ4 DL9IFcBOY0xF2o8q6US+x6LqC8ONH7XmlERZaiTsrzSw+2ks1UgFq/kICPjbghJA GelBvjcw0ZUpzPwDXMzkryJB69fpY7C368D4h4YQZeuJX95YyvLQRgnAQ9JOF3Ri zzLfED/JyEKeVjxJr0sQdm2ozUhb41vd4FBPu3z7TFl399fgx86cvzLXskA88H8P ciMbpJqy7tKPueWoTmYmKu08SCnYushODZp19CBiBh8bcNsQOpqw0kQQV0qD23sJ aWOfhSIx+FKZHC3AWwsIjd5p4GyG/uaedjzKEkR5NGlAKUgOPHZP3YAmAWQHCdLw hptXJPc22VWM4QCJmLJgv89FYI6eWt9qhGbDnVgg+AKQPmItgjMhncIPgltbTRwd IcIvLK4L00wg3BoBzoogedKoUOyWRzzsxhn8nQZI05GS2KzBdef/0RdA6OzOYYhO 4MMyISdbkCtcT1td41AUMO5zVVwTG/bhm5WDOYZHOyQTvK/5M53HxakhlHamc0uU A+y0pEvpRS8o8+QbAmeASyw3v7bE0aokKnGOLlmTLeri0bjMYBdvbb2FcHfJ7FSI P9S7sytFYckavCE=
=Zy5c
-----END PGP SIGNATURE-----
--==============338628446355562184=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZyI6DwAKCRCb9qggYcy5 ISSQAQDFFAVJK0C3pwyhr+bGp3y8w8QnvBS2cP54XTvV4QzFnAEAmn+n3u5sJodL jX6PjvcI9ttN2yqhSZrFirondbfUJQg=Hbwp
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)