-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Apr 2024 12:33:38 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 124.0.6367.60-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (124.0.6367.60-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
Checksums-Sha1:
 f97139c0704dfd2fef66471505f8c0cebf57b1a1 1178604 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 0ebd0f21609a6d58cf8884cac9a648fb2e8f87f0 4999064 chromium-common_124.0.6367.60-1~deb12u1_i386.deb
 4117e3a0e7506776b0452b00ad525d084e5ca26d 35505056 chromium-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 6f2d00c2df2c5dabb45ae130701935f6aba50426 6336928 chromium-driver_124.0.6367.60-1~deb12u1_i386.deb
 104852868f5fa356235a12bc072bcd229b348030 13952 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 cf3b61c10bbe774b7c72bebe3046ec0cc6869b32 88844 chromium-sandbox_124.0.6367.60-1~deb12u1_i386.deb
 5bc76c8f253fe1650645a6c4011191004c469938 30905528 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 2b2d5d3ab4bc4cccdc7ba547585c071b7ea1b120 53561220 chromium-shell_124.0.6367.60-1~deb12u1_i386.deb
 8e89f605aa4737b8f604925b112a10f2b850e78c 24553 chromium_124.0.6367.60-1~deb12u1_i386-buildd.buildinfo
 92e19db17bd9b9422325e7b9c7733180ab8e12c0 76269300 chromium_124.0.6367.60-1~deb12u1_i386.deb
Checksums-Sha256:
 12846d712308e4990bed720614b05f9669bdefee3a16cbf8107fef3d0a923275 1178604 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 02c17c9f7c54af9e6f92399bfaab59a02e70df9634dfac9a1d1614e42eeabfc5 4999064 chromium-common_124.0.6367.60-1~deb12u1_i386.deb
 c643fdefc2356ffa8ecdb470ec5e2de4bf507e3456d4fac8255d6d6e9bcc1e92 35505056 chromium-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 3ee25e566fa8b8e752afb83661c430b3e68cf30924aa106d139cfc654ff430a3 6336928 chromium-driver_124.0.6367.60-1~deb12u1_i386.deb
 fcca9f85f03fbf370862845e5c706730b9b47526e5e14c3babf99ca7ce785b11 13952 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 80590756a2322a2a0e2a668afbd7d0bb7c34a7f8a95dce6895d8afb1c68e34f1 88844 chromium-sandbox_124.0.6367.60-1~deb12u1_i386.deb
 6a5aedd4bbf009deeb4dfff63108f240d84556197cf19b6a37a16bea48fc78e6 30905528 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 4c788f852d9d31dbb3904b167b2b716670606bd6a8ed6da41b107d546aa70b7c 53561220 chromium-shell_124.0.6367.60-1~deb12u1_i386.deb
 55b0495665c2cc4441f95ae870f031addd60099bde17518b2d4fc41e58df4d9e 24553 chromium_124.0.6367.60-1~deb12u1_i386-buildd.buildinfo
 20080d3a531b9c0c1f92fc6bb08ceb4d643556edd51fb373e83b3d293dc0629e 76269300 chromium_124.0.6367.60-1~deb12u1_i386.deb
Files:
 f2a172fd2e3872533e5bfab170f3acfe 1178604 debug optional chromium-common-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 52c872d27b027a90ae5f23f6ef165e8d 4999064 web optional chromium-common_124.0.6367.60-1~deb12u1_i386.deb
 562b364a114176caac59cf49aef03dce 35505056 debug optional chromium-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 5931e43d4316c98ca30ef6d6eadcc3de 6336928 web optional chromium-driver_124.0.6367.60-1~deb12u1_i386.deb
 522c445edbd08994d91fcf32b47e0a42 13952 debug optional chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 a711781621e4ae6b710e9dadbcf292da 88844 web optional chromium-sandbox_124.0.6367.60-1~deb12u1_i386.deb
 df98683bb2e65e0743b9b84107a6a51d 30905528 debug optional chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_i386.deb
 7b26c1c274d27735873fca333e3b56d5 53561220 web optional chromium-shell_124.0.6367.60-1~deb12u1_i386.deb
 62a4230cf06f1cd34db13e8e654e48ac 24553 web optional chromium_124.0.6367.60-1~deb12u1_i386-buildd.buildinfo
 fbb3b308d677c353c2e0231b84b0c996 76269300 web optional chromium_124.0.6367.60-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmYjlmAACgkQU9a0/Lca
TpPewA/+NrOPoFcNB607QlztrFwyHSyflJHX1NTivE3vVhnZ9ZGDldsrBCK/ukIj
5sGXCm6FT4PTXfS5pOYvAVbCaWb6JHFI7yLHiYxph5y7XT3G5+Ypej0mM4mJq2nO
dkMh3n/CUIuQ6NxFmWXsMFulCTAVif7CCYT/LiAsGTABRuZq8BRdqWtOk/dUYeMs
amkwB/uZBvFWZd1zublR48O8/w1mBBAgJNrzCqzVDqIbCMVfaSD+dZEtbQIH2aCM
AZ7Vaqf/BxWsNaumtVVdS5MpTf+TRmgYPmWvRUnaXIhvQhxwKPqfwcnoq040Z50V
u06zDBCKifgkNpvxWN7GgWs6sbIEXpBtdNfINnuiPk6XRlvrJPCP8U74shKyNIO0
T1kuNVDVpoMOVZQ6XQqU5zBUVVKyQShWSOUBxXU+zOdRVhFps+HKWAXfkiCTkYUK
8eGJX+wfheSz0ANCZbFFMAJsSRlkdQyHFBaeSLzc3k00o9bLypsasP5cfTlcx65R
e1sDX2Vkk8Z0mVgLhM6+3PVnTCl2PWiUZuZdy46q9u38PmMLx18musgu9z/g2wg5
4soQErr5fFGkbRHkYjQdKGzfVva4UGk01wJuZxT+6c2TqC3GZN2LFnhJtlQqQsh+
EfHvmycqB/In+5ic3fFe5iFzSvnBxzR+HQkw1dc9v+qkP9yNkx4=
=LSPt
-----END PGP SIGNATURE-----