-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 31 May 2023 12:36:00 -0500
Source: chromium
Architecture: source
Version: 114.0.5735.90-2~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Timothy Pearson <tpearson@raptorengineering.com>
Changes:
 chromium (114.0.5735.90-2~deb11u1) bullseye-security; urgency=high
 .
   [ Timothy Pearson ]
   * d/patches:
     - Add upstream/feature-list-static.patch
       This patch fixes an out of scope array access that can lead to crashes at startup
 .
   [ Andres Salomon ]
   * d/patches: add bullseye/av1-vaapi.patch to disable av1 encoding on bullseye;
     libav-dev is too old.
 .
 chromium (114.0.5735.90-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2023-2929: Out of bounds write in Swiftshader.
       Reported by Jaehun Jeong(@n3sk) of Theori.
     - CVE-2023-2930: Use after free in Extensions. Reported by asnine.
     - CVE-2023-2931: Use after free in PDF.
       Reported by Huyna at Viettel Cyber Security.
     - CVE-2023-2932: Use after free in PDF.
       Reported by Huyna at Viettel Cyber Security.
     - CVE-2023-2933: Use after free in PDF. Reported by
       Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong.
     - CVE-2023-2934: Out of bounds memory access in Mojo.
       Reported by Mark Brand of Google Project Zero.
     - CVE-2023-2935: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-2936: Type Confusion in V8.
       Reported by Sergei Glazunov of Google Project Zero.
     - CVE-2023-2937: Inappropriate implementation in Picture In Picture.
       Reported by NDevTK.
     - CVE-2023-2938: Inappropriate implementation in Picture In Picture.
       Reported by Alesandro Ortiz.
     - CVE-2023-2939: Insufficient data validation in Installer.
       Reported by ycdxsb from VARAS@IIE.
     - CVE-2023-2940: Inappropriate implementation in Downloads.
       Reported by Axel Chong.
     - CVE-2023-2941: Inappropriate implementation in Extensions API.
       Reported by Jasper Rebane.
   * d/copyright: properly delete some android & chromeos stuff.
   * d/patches:
     - fixes/clang-and-gcc11.patch: refresh.
     - upstream/webview-cstr.patch: drop, merged upstream.
     - upstream/monostate.patch: drop, merged upstream.
     - disable/unrar.patch: additional upstream changes required more reworking.
     - disable/android.patch: refresh, & add one more build fix.
     - disable/catapult.patch: refresh.
     - disable/swiftshader.patch: refresh.
     - disable/angle-perftest.patch: refresh.
     - system/jpeg.patch: refresh.
     - upstream/mojo.patch: regenerate from git.
     - upstream/sizet.patch: add an upstream build fix.
     - bookworm/typename.patch: include more build fixes.
     - bookworm/lambda-bug.patch -> bookworm/structured-binding-scope-bug.patch,
       and add another place it's happening (turns out it's not just lambdas).
   * Add build-dep on libevdev-dev - now required by upstream.
 .
   [ Timothy Pearson ]
    * d/patches:
      - Refresh ppc64le patches
Checksums-Sha1:
 3ad093ef387a1806a274b4d0d7a7015b39e4d1ba 3787 chromium_114.0.5735.90-2~deb11u1.dsc
 b39cca4f9df9d089c1fe6171b57d908e8b3f14a8 636061904 chromium_114.0.5735.90.orig.tar.xz
 10fb73b1e754839afb6a7424e63da2f314929ceb 356300 chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
 d96082ef37b148c1202634269d0e114e913bb0e9 22863 chromium_114.0.5735.90-2~deb11u1_source.buildinfo
Checksums-Sha256:
 99a96e36077d81b423fc28dfbb00175d6da2b74bffb74296bdcd0a3fec131a0c 3787 chromium_114.0.5735.90-2~deb11u1.dsc
 0d9f486511e906c4afc51c16260d85bc0a08fba1f9d46cab71dbded463c7ad91 636061904 chromium_114.0.5735.90.orig.tar.xz
 602a472b1971640245e9a9450405c744a8a5f736556c82fcb22e5c1731f53f3f 356300 chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
 de6775b8fabc04edf69a103554d9309f9ca464c8aeedccb8300f81ee3cb701a0 22863 chromium_114.0.5735.90-2~deb11u1_source.buildinfo
Files:
 29238cf3dc66c4d487afcc62c2a98d8e 3787 web optional chromium_114.0.5735.90-2~deb11u1.dsc
 fe828327dbb42984b09df838177adf90 636061904 web optional chromium_114.0.5735.90.orig.tar.xz
 66cff462947b2da33aab979c3bd362bd 356300 web optional chromium_114.0.5735.90-2~deb11u1.debian.tar.xz
 0f1a396f48a196935f45cbc271750f7c 22863 web optional chromium_114.0.5735.90-2~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmR3/xIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcIsg//ULvjXfF2EiNTlwNz4O+yLWvF1e+g
LvsVWZHvr/EmJeIbC8FfJbioUEXfYK4/C4DUxMjZ+Dn2kHXX54idvOJWJ0cpnKcb
DGYcvlwKgBP1jBU+taUeEd+kVGKvNJ72L0RIOtJ8KqLP5hPSeUEl/N1KZRPX99bI
lKYwymZAUzavWEwKjzXkHS6NlhKb/ksc01bQJ2FwvppUkbC6Wi66NtshiRJGLa+I
OO0DyHGqJMzhYpGGDuChmlI31ISE9vF0fqr6AjTb9pEmXqDELJnW0YGRy9yOrPqY
lvJ3Z3pjC7Pj0QT42nhRMbnMqzZAXQ/ZHL0/YSvA/E49O6I8kxEzQkLj4WdVFGfg
6oOIgemaU+Ig2ML7by0DyPq8EbNlbfUfFLdVbrJuk1xbDCFc5XA9iezZtrRkTwlX
O4r7cXaVA8vfUZzJwbsTQobrHPPdgEpovCG4jY3fS6TGyUq9pC85x2VlH7q13m96
SF67M1pwd1g7fRirrAHQKm6FKQJRCWgtmWsC8LAofX1bFXd5lzSrz7dkHWqw4hlT
oHtsAT30pILOzMbB7IV7t2sotdZtYoNy6EB44F+zPY/F6HFTNy8AN+k7RZPbKtml
YzvNsIcEXECIZM6H7BDJjJwv2k/O4KjUSPkKS3neuCZGQPlZVQn4W6fbZESFRO3E
E5Ec3XrMbxDdIyA=
=dLD/
-----END PGP SIGNATURE-----