-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Apr 2024 12:33:38 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 124.0.6367.60-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (124.0.6367.60-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
Checksums-Sha1:
 1215eb3e611ee42eed1ee9ce6036f0ead6bbf21c 1307052 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 288a14cd42c7437cb8c9aa2af8ab27cbe74e4c29 4950448 chromium-common_124.0.6367.60-1~deb12u1_armhf.deb
 12430169140817a588654f315d744299e5634baf 34862200 chromium-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 73cf4493c2b5399b6a5ef8dc9dc9be0d72065fcd 5867280 chromium-driver_124.0.6367.60-1~deb12u1_armhf.deb
 393269ce5dda55ad000f8136b5511ca3ff546baa 12220 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 5535a54585119c0ab12204471f3b7718dcec1872 88520 chromium-sandbox_124.0.6367.60-1~deb12u1_armhf.deb
 8ca4c1c1473b0350de00c6ba39a2a10b51fa2ff3 28919744 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 2515372767f5c97aebd629f76811519453dfbbb2 48485668 chromium-shell_124.0.6367.60-1~deb12u1_armhf.deb
 089439bb2448a48197923094aabc33b1124683f4 24465 chromium_124.0.6367.60-1~deb12u1_armhf-buildd.buildinfo
 3f089a24802a602e6784ca914f5c8d6de1959b0f 69359576 chromium_124.0.6367.60-1~deb12u1_armhf.deb
Checksums-Sha256:
 9fea1a126a4208ab691da1d0316b552ea7a8a0db8af8a6e4f1feac9524b47e14 1307052 chromium-common-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 68206ef615d60b664554a2040af6cf491769daddcb2f815db64d447f659068c7 4950448 chromium-common_124.0.6367.60-1~deb12u1_armhf.deb
 530bebc02232c42aea33b7abaf9235a1ff711025ea6da2a0899379197ccc322d 34862200 chromium-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 9bb1d5ce500f569a6c6a9fb2b14311be04ff76f587109f662100fbf3baaac499 5867280 chromium-driver_124.0.6367.60-1~deb12u1_armhf.deb
 cce90cc1463fdc5dfa046804fe2da6506b183152d07a99d84d24b999e808b686 12220 chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 4864fde30382cdad3920cbd3f44591f182481b107ce74ad9d32ffcecead5683d 88520 chromium-sandbox_124.0.6367.60-1~deb12u1_armhf.deb
 0b6f457d5179ad44c7b7aecb62e41bb17ea3b1e70c733171e55c141f6033e8a1 28919744 chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 5a2ef4d88f49669809f2a4e78fd87dd7b5271fd8df23fdeb11986ba09ba38a7a 48485668 chromium-shell_124.0.6367.60-1~deb12u1_armhf.deb
 a5b6cd6d2f44d66b68c74a4ded1ae04a9c4faac69a9e91cad8b2dba2d63dc900 24465 chromium_124.0.6367.60-1~deb12u1_armhf-buildd.buildinfo
 89053ed8867782b627e64626434da364555ac0f8a783835eac020b4d204e1e49 69359576 chromium_124.0.6367.60-1~deb12u1_armhf.deb
Files:
 ffd4807425a66a2f233ec4bc2a26f1b2 1307052 debug optional chromium-common-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 7fe27ae9a465b44b9133b1a1f57d6452 4950448 web optional chromium-common_124.0.6367.60-1~deb12u1_armhf.deb
 b6fea6dd4ea835eff113f057ef0fdb42 34862200 debug optional chromium-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 6dd1824e9915d5425f8b8123fb7a9f44 5867280 web optional chromium-driver_124.0.6367.60-1~deb12u1_armhf.deb
 2d45db7fcba4ce02e989de1e831a2547 12220 debug optional chromium-sandbox-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 b6981aedd39b22a896d422d0e05fa490 88520 web optional chromium-sandbox_124.0.6367.60-1~deb12u1_armhf.deb
 ef721bc5523cdb56a4f597c3e43a9a19 28919744 debug optional chromium-shell-dbgsym_124.0.6367.60-1~deb12u1_armhf.deb
 b47f308f97c23781eafea6881c0c8dcb 48485668 web optional chromium-shell_124.0.6367.60-1~deb12u1_armhf.deb
 8eab170cd226d774f7e14df671906aa8 24465 web optional chromium_124.0.6367.60-1~deb12u1_armhf-buildd.buildinfo
 8b7da5c453de8ab5a0af1aa3183c98ec 69359576 web optional chromium_124.0.6367.60-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEw2TRpv7HYIvK+TsIbEMdCP/rlD8FAmYjjecACgkQbEMdCP/r
lD/8nhAAxiZ4y6y5AXQQhO32RrZgm0AL6kGW2nEYJ+IpecF2RsONEJsZAlAQJI3u
NEVajjSM5CopwPuT+mE5rqE0MTvkoq+dEaT39ze2v1ym7doSo3q5c5liupvcu79+
PuhbJ27XzrLX0nCd76tTFIl9R+PUPClD6lAmMrNBS5at80p4p7ltUSBB20UfqYdV
nOThpUi4LDg3fpE2vk639abCOYt6dSvJElW+854gC9QcNdro9e0VqpU2BkCVc2Ms
xMBouMt0LRJIZYihW03R5T++aAHVPgZPIfr54/GbMIEdi26o7EI0SkhwCUqUshJk
EElkySZAk4nJnDqur+CgDv34MKj29RR8RN+lrwMT8ZD71djXWV2j+FZtg/dH7OpP
o2s78lkH9Iubz8WWCimtMMH9EHzJjATNn6Bxu4b4uhnRx1Fi2iIZffpm8NyJb6Ud
nZwPhRIQ1L7SBCwPoyR0gMmqYRFzaJAGveCXP8s1GNtbb/c21EviOm27Igtc5bLp
esa5R9IGhioJ0QyrL7Op/vdWehfFO7vSQRVkI/zhfQ+VuTEhBdGiDTI0VPwSl56Z
alf9YLALQqnzSz5ccKigtSP/o0bcgwav7Ufrveua3LNAnjA+weQTTmVpXFbJTHQw
N5iVHM21LON0naE9FSJ6pzIVwCoPjcff/PP7KHgNt6Q/zE5zHAU=
=mXO+
-----END PGP SIGNATURE-----