-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Apr 2024 12:33:38 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 124.0.6367.60-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (124.0.6367.60-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
Checksums-Sha1:
 98de0d73399bbdf96bdf12f9e660bf9e2a22ff40 1220780 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 78627e407b68076eae23a78fb8a8ba666ee51560 5006296 chromium-common_124.0.6367.60-1~deb12u1_amd64.deb
 4a149ed4f4c7ea67536e48b43df9834bd7016bc0 35546900 chromium-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 a4aed931038c251f850842ececceedb2bfadca31 6143868 chromium-driver_124.0.6367.60-1~deb12u1_amd64.deb
 154cd48d4861f5d34ba6ac57ce5387ff0ef60a4f 14128 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 632103c6122523b5a4b259b699f61bd143ad75f9 88984 chromium-sandbox_124.0.6367.60-1~deb12u1_amd64.deb
 5bf432ac6e81f55bbdbc1f94b3869dd322ca8dac 30974212 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 9fa057a75cc0e9da62b38a5070c3fdcfea63b0ec 52712572 chromium-shell_124.0.6367.60-1~deb12u1_amd64.deb
 4de97881a58cd8707bf3328485b1fed1e2120713 24541 chromium_124.0.6367.60-1~deb12u1_amd64-buildd.buildinfo
 e23666d15188b45c4a99f48153ff40868e16c55c 74678680 chromium_124.0.6367.60-1~deb12u1_amd64.deb
Checksums-Sha256:
 77ec4c472936b91b9fc335fbacf51292c86d8d4466de4ca89a9edd9543322392 1220780 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 ab601e9f109e6c383e378211625a173a5050c6d5554f2fc5aaa5d97e8d0e05db 5006296 chromium-common_124.0.6367.60-1~deb12u1_amd64.deb
 871b7c0440d5888e596811f38f1b51d6e99cc804ca4591ce21927f357819d82f 35546900 chromium-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 3f3cd604c21421466472f84f95289e390b87d9697758f50a26c8bf5d616fbf73 6143868 chromium-driver_124.0.6367.60-1~deb12u1_amd64.deb
 c5172979086fb7bbf70130c81500dac673437719f3f36443edcfea6fe081607b 14128 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 aef0608273a1f0f48bc4d78ffa2e4798915d95571bcd398af813425398d111a6 88984 chromium-sandbox_124.0.6367.60-1~deb12u1_amd64.deb
 8f54c69d89bc15d07e2cef451a6763e63afb1fc6eee35ae548ffa04b89eb7f0d 30974212 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 835a6fe3e954943bd61b0f92aaf1d81741746861222f96225bc56534b2fc48d2 52712572 chromium-shell_124.0.6367.60-1~deb12u1_amd64.deb
 8405ad91e1b2526537d15c10161bb405e1885e9808c31ce802d85248566eb9a4 24541 chromium_124.0.6367.60-1~deb12u1_amd64-buildd.buildinfo
 78a1981cc1dc65f62d15ab62b5c043857d52f8941a3e5e08a4daac6e38232951 74678680 chromium_124.0.6367.60-1~deb12u1_amd64.deb
Files:
 0796ab1856cb0ec79ffa336eaed262cd 1220780 debug optional chromium-common-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 c0a7ef1784ea2cf503b5ca7f9dfb9db4 5006296 web optional chromium-common_124.0.6367.60-1~deb12u1_amd64.deb
 26d65897af9dd85eb43884c9dbeadf73 35546900 debug optional chromium-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 2af38c94ad05e558dc343da56a73d51c 6143868 web optional chromium-driver_124.0.6367.60-1~deb12u1_amd64.deb
 7573bbe5891923da965426ebaf462a2f 14128 debug optional chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 02f3df459ee246166ba6dc276ce02854 88984 web optional chromium-sandbox_124.0.6367.60-1~deb12u1_amd64.deb
 78cb28859630104cf1d657651ff4ad5c 30974212 debug optional chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_amd64.deb
 4a1c85950007980bd91af502836aa7e1 52712572 web optional chromium-shell_124.0.6367.60-1~deb12u1_amd64.deb
 32e8fed756c7eedd01f3d55f1d8822cd 24541 web optional chromium_124.0.6367.60-1~deb12u1_amd64-buildd.buildinfo
 0f3d14a950df153df98401795434d636 74678680 web optional chromium_124.0.6367.60-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmYjiZEACgkQgDm7h4zf
CpK0nw//bs3bo8fWFCw9nK1942jKhtNquGQE7IZPGqKht3NvsSTWq0bulnjXuiGw
bTY/Gucj4yuCaCIpBOXHpwO48TPEItnCiyIt/5HUZr4yNLFVonskuYvUpYcICK69
bhbG57J+F8kI+VZVQf5X3SwWOt13HYQiQrPZuPdofjt9yqtilhHDP+1pDuZuQw7A
8L6/oSRMcyjJj68Kut/gYXCPngZ1d1PidigY35tjLp08amCcaAxHpwhC8fxMRZD4
lk86TvEvBCDNNQveH8iyyRDylreau/MHDShsfXlE4RVDxSv4TxzBJFwYeWi0rijY
GWljNJRpGUoXKk/NGxvwEAH6j1eMfuamK4FLU1KFPWJJQy6Dysdt2i0rTc0v2N5f
8Tveb+/xEP6/Ds7fF82UN7U6WplFX6oAO75pefB3ABQ6ftRFsM72StGtrMNiBUuF
JWGtkMDoBamQUbBrNtUr1zqgcS0kPSf+4kOm6zScyRDravBRcswL4UaPDGudRyvy
WbfIzJXtrMLk6tcdh4ZgJPd+/k+KxHi6eTpKDke61Xl/jbV7C9qs1e7LNgFPSw0O
wn23qmyZo4maUQI2oGY4RUL1CTMScEmfwGFpYrXXWaTN6yfzRYi5Na3tfSgiTQyc
2eATyawAf7JW5PFsGO7mVHcbPsGzi8f3REi3qE7hSKHAozImZK8=
=/dK5
-----END PGP SIGNATURE-----