-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jun 2024 21:31:56 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 126.0.6478.56-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
Checksums-Sha1:
 36791a7a1efcaa1f4745505fcf4b06c544d7ac1d 7282520 chromium-l10n_126.0.6478.56-1~deb12u1_all.deb
 c306f73acf93217b9b3f2184bd9cc6d9dbfcd8b0 22007 chromium_126.0.6478.56-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 4bffa181deabbd76797172ef994faa62129351a4545e9f91e2a7b930805de502 7282520 chromium-l10n_126.0.6478.56-1~deb12u1_all.deb
 304e5e715d343bdfdf17364c4b89e07b09cfc77f44552e8d099b83cfde0d1968 22007 chromium_126.0.6478.56-1~deb12u1_all-buildd.buildinfo
Files:
 05a018804d2c0a18ed9d03ef5fc9bf9a 7282520 localization optional chromium-l10n_126.0.6478.56-1~deb12u1_all.deb
 205a91388efa9e2d9548b76d8a3eefce 22007 web optional chromium_126.0.6478.56-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmZsKiAACgkQ4cagXJhO
TXveRBAAobT/LDi7XRKz6HFFBgDs1yxueoyiNWbiMZG5H0tpsUC2nF5GNXqKKcCS
b6Vd/fUYacYNQoB0jCSe0DM2vnajMkVGw/OfcI3IXDyJaqNXYjXLFKmvqyW25m/q
651brdeSr3n7k4k0mB/jK5n/bae6z74bKk3hwPR4eMJ0c6cEm2LEO/nfWVNlbrDo
fTnHXLU5M/OY/m+crF42j1uUf528KMrL/0rZF1HJU3IRhcYHimXCd0vh3bm8Me46
VKOoSFJoWmgIis9noBLHXVfKaHjM5US1EC45A3PXwYDcK2kik3VqGTUcf/bb6W7F
Wr8DFP/G1LpbzixubnPMDUj4aMSRGKge+LA44fx3KwYXO2aMbrB40+4nqsO38xqm
HWrPKUW4j1fkoaP4HNcGHuo+zE6Gym5aXOwIk1rvev47J+Y7sufUWFSbsHPW+tBT
i1GXlcGDWKkBu/pvZLB5QvESWRiYgEpbTW57bM9/iheRPUYhwVAH//OMPohMMzPB
x9eqz2xhw+f2ufmvFgLJBKoQ3SRCoJncJE2d03z2i7O4VHFal+3j2EQ9ShePKUEZ
yGdHdYyCIzcWjciQysGpnDkTStyaueBbjquR1MM6LGleAAlWhj49JaR3vkr+8Rhf
gl0umPHBQwZyvv0jJQYDj+jQTJKS4YOFGPsk5S4pAILVHp5eZcY=
=FDTn
-----END PGP SIGNATURE-----