-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Jun 2024 21:31:56 -0400
Source: chromium
Architecture: source
Version: 126.0.6478.56-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (126.0.6478.56-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-5830: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
     - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
     - CVE-2024-5834: Inappropriate implementation in Dawn.
       Reported by gelatin dessert.
     - CVE-2024-5835: Heap buffer overflow in Tab Groups.
       Reported by Weipeng Jiang (@Krace) of VRI.
     - CVE-2024-5836: Inappropriate Implementation in DevTools.
       Reported by Allen Ding.
     - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
     - CVE-2024-5838: Type Confusion in V8.
       Reported by Zhenghang Xiao (@Kipreyyy).
     - CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
       Reported by Mickey.
     - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
     - CVE-2024-5841: Use after free in V8.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-5842: Use after free in Browser UI.
       Reported by Sven Dysthe (@svn_dy).
     - CVE-2024-5843: Inappropriate implementation in Downloads.
       Reported by hjy79425575.
     - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
     - CVE-2024-5845: Use after free in Audio. Reported by anonymous.
     - CVE-2024-5846: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
     - CVE-2024-5847: Use after free in PDFium.
       Reported by Han Zheng (HexHive).
   * d/copyright: delete bullseye environment that upstream ships (??).
   * d/patches:
     - upstream/appservice-include.patch: drop, merged upstream.
     - upstream/lens-include.patch: drop, merged upstream.
     - upstream/mojo-bindings-include.patch: drop, merged upstream.
     - upstream/ninja.patch: drop, merged upstream.
     - upstream/no-vector-consts.patch: drop, merged upstream.
     - upstream/vulkan-include.patch: drop, merged upstream.
     - system/clang-format.patch: drop it; we broke it some time ago, and
       didn't notice. Guess we don't need it?
     - bookworm/clang16.patch: refresh.
     - fixes/bad-font-gc00000.patch: refresh
     - fixes/bad-font-gc11.patch: refresh
     - fixes/bad-font-gc2.patch: refresh
     - disable/signin.patch: refresh
     - upstream/quiche-deque.patch: gcc build fix pulled from upstream.
     - upstream/gpu-header.patch: add header build fix from upstream.
     - upstream/blink-header.patch: add header build fix from upstream.
     - upstream/blink-header2.patch: add header build fix from upstream.
     - upstream/blink-header3.patch: add header build fix from upstream.
     - upstream/realtime-reporting.patch: gcc build fix from upstream.
     - upstream/urlvisit-header.patch: add header build fix from upstream.
     - upstream/accessibility-format.patch: gcc build fix from upstream.
     - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
       explicit constructor.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
       changes
     - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
       for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
       for upstream changes
Checksums-Sha1:
 25f48d7a518d94c2a19f6cfb1e459d90945e167f 3775 chromium_126.0.6478.56-1~deb12u1.dsc
 e4867275d055f2cb7d3790d9e31ad72a33c86274 962541116 chromium_126.0.6478.56.orig.tar.xz
 f354233a6b92e4939dd6a68307ee52ee9cc8dcd6 432320 chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
 02ff27b6ecce3eff2c6b0b3f4fe375f555212383 21913 chromium_126.0.6478.56-1~deb12u1_source.buildinfo
Checksums-Sha256:
 2992de9632d5f722cdf802511da583cc17097d3f9042669271a499fa72168c4e 3775 chromium_126.0.6478.56-1~deb12u1.dsc
 8d914f722284ee25400b9ea501d377a6b630d2c9a1cb00c83feea9a487d87777 962541116 chromium_126.0.6478.56.orig.tar.xz
 6fdb3979c43b63d77f584def86ab26a269476b5a62f06c036ecb32c1e42ad0ba 432320 chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
 d2a0cff4a24288bfb6ceca23cdc18064fd16233b71f126f195b253cb6f6394c5 21913 chromium_126.0.6478.56-1~deb12u1_source.buildinfo
Files:
 96c99370572d671abe1066e5b2fe05c8 3775 web optional chromium_126.0.6478.56-1~deb12u1.dsc
 cf298e36c87cf391def94420201703e6 962541116 web optional chromium_126.0.6478.56.orig.tar.xz
 79dd10f7a5662857661166a90878249c 432320 web optional chromium_126.0.6478.56-1~deb12u1.debian.tar.xz
 1338fd4ef9636821732d4d82ccdab158 21913 web optional chromium_126.0.6478.56-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZryxMUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjed4w/+N+qGADXxlvo4CsVk1Fx55ym/Bn+t
5RA5U4DtDYPfCBTzkNUki+MqH7ec813fYjj16rJ6FGDdUjpOZnLuCMWVCuaOcxV7
W2mbVEE7rvsFc25oc5vqr83+HRxC42V2Pit2SuIEs3W779WRvADhDpWTEfe8JoqE
c6gQpNvMd+yzZ/VbhorP6Nont4hQk4sOdUcjvuxrUrp1HdKhiUmowp9JT2OUug/b
UYknBl0kYMLwo2/IPPAFL6KEjOkXJRzUt97G1w9cGUuU+iBVG8SJNOyzelED14iB
FrSWGt74p5qoTknk/vELJaJwH+1UWcT7Kez5H9M/el+i6NKMDQyPNL4xC1IshcCR
REqDe7d2YoaY7f4iQ9nH/+cxaiJFKTuVRw3wmZNIDdK+PP5FDoHZEqgvUcozlEUp
aMKdq2lL/8yLq/wqtaGoj0CekrSsNNon0L92Elh/SasgIld+Oo+w9UdoPNPEmBFZ
XceeAXrqFf3drh2ky3gPjc5rI0+7aeWNQ1i7ip1PBJPBTSRLpyVIxraiywsnJVwm
1P0C1TuVYHOmCPDJqYAFdz602UKs9qefBMZxqRNI6UQXVJpO09a1ZzaTqY8+86+g
cYpbP+67XPPVB+VHnVWBSLvMnIrEkjJBUrIa5QCDE74VQaxM4ijQlBUt+GP+OcDr
6wfwKBEaUHwyZcs=
=q4A6
-----END PGP SIGNATURE-----