-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 19 Oct 2024 01:12:11 -0400
Source: chromium
Architecture: source
Version: 130.0.6723.58-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (130.0.6723.58-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
     - CVE-2024-9955: Use after free in Web Authentication.
       Reported by anonymous.
     - CVE-2024-9956: Inappropriate implementation in Web Authentication.
       Reported by mastersplinter.
     - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
       fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-9958: Inappropriate implementation in PictureInPicture.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
     - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9961: Use after free in Parcel Tracking. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
       Legendsec at QI-ANXIN Group.
     - CVE-2024-9962: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
     - CVE-2024-9963: Insufficient data validation in Downloads.
       Reported by Anonymous.
     - CVE-2024-9964: Inappropriate implementation in Payments.
       Reported by Hafiizh.
     - CVE-2024-9965: Insufficient data validation in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-9966: Inappropriate implementation in Navigations.
       Reported by Harry Chen.
   * d/copyright: rollup -> @rollup  deletion.
   * d/patches:
     - debianization/sandbox.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - disable/catapult.patch: refresh.
     - system/zlib.patch: drop. Upstream removed courgette, and its
       replacement (zucchini) doesn't appear to use zlib.
     - system/rollup.patch: update path due to upstream renaming; call
       ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
     - system/event.patch: drop half of patch due to upstream deletions.
     - upstream/mojo-null.patch: merged into mojo.patch.
     - upstream/mojo.patch: update based on 130 test files.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/gn-funcs.patch: refresh.
     - bookworm/cacheline.patch: add patch to revert usage of
       std::hardware_destructive_interference_size, which clang-16 lacks.
     - bookworm/constexpr2.patch: add around clang16 build failure
       workaround related to constexpr.
     - upstream/stack-header.patch: add missing include.
 .
   [ Daniel Richard G. ]
   * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
     they are no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
       platforms
     - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
       when starting Chromium from within a VNC session
   * d/patches/ppc64le:
     - core/add-ppc64-pthread-stack-size.patch: Define correct pthread
       stack size on ppc64 systems
     - core/cargo-add-ppc64.diff
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
       .patch: Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
Checksums-Sha1:
 9b58a912ed64ca3fc2ed71c778c1b5e54c0d6c4d 3812 chromium_130.0.6723.58-1~deb12u1.dsc
 459f8f8697616c7d28eacb85e21a91d7804b9c9a 814710360 chromium_130.0.6723.58.orig.tar.xz
 3582fed395fd3f5587135b0cf26a6a7e59d72ccf 8498460 chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
 97f952bbad0d7321fce934c11ffa6c511a4f6584 22071 chromium_130.0.6723.58-1~deb12u1_source.buildinfo
Checksums-Sha256:
 5487b114e847bc1093c27a38305d8f297f19f0c2a00fbae3662929c409a5ad59 3812 chromium_130.0.6723.58-1~deb12u1.dsc
 7e2d6b1769bb8116e1fa6cdb5221a9b1296183723be014627ffd6762245bdd96 814710360 chromium_130.0.6723.58.orig.tar.xz
 f796bfb84be710bb28bac308d4bf9317feb1e4aaa73968257a337d7f4fd9e2b6 8498460 chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
 a6bf7d3b650ab789a6768a9d3dd1dcce6dd3ceef91cf910cd8e7dd4743e6c12b 22071 chromium_130.0.6723.58-1~deb12u1_source.buildinfo
Files:
 e28169a30325e308969c3ae2c40b6284 3812 web optional chromium_130.0.6723.58-1~deb12u1.dsc
 0674b973214cb49e0865d56e68f9e239 814710360 web optional chromium_130.0.6723.58.orig.tar.xz
 011dab044f29a6281419993a4d129e00 8498460 web optional chromium_130.0.6723.58-1~deb12u1.debian.tar.xz
 36df75e1b4d35eb9f3e4f97a66bf6f80 22071 web optional chromium_130.0.6723.58-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcT9CMUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcA7w/+IqenBR/8ACltbIDbV5u7G4qbZkK3
rYbRjd9EsEvylCqdxVeOjQLNEWwqmxOA2Ax3lrMJ/fI4RPfhygMO0V47wvStZAJ4
DL9IFcBOY0xF2o8q6US+x6LqC8ONH7XmlERZaiTsrzSw+2ks1UgFq/kICPjbghJA
GelBvjcw0ZUpzPwDXMzkryJB69fpY7C368D4h4YQZeuJX95YyvLQRgnAQ9JOF3Ri
zzLfED/JyEKeVjxJr0sQdm2ozUhb41vd4FBPu3z7TFl399fgx86cvzLXskA88H8P
ciMbpJqy7tKPueWoTmYmKu08SCnYushODZp19CBiBh8bcNsQOpqw0kQQV0qD23sJ
aWOfhSIx+FKZHC3AWwsIjd5p4GyG/uaedjzKEkR5NGlAKUgOPHZP3YAmAWQHCdLw
hptXJPc22VWM4QCJmLJgv89FYI6eWt9qhGbDnVgg+AKQPmItgjMhncIPgltbTRwd
IcIvLK4L00wg3BoBzoogedKoUOyWRzzsxhn8nQZI05GS2KzBdef/0RdA6OzOYYhO
4MMyISdbkCtcT1td41AUMO5zVVwTG/bhm5WDOYZHOyQTvK/5M53HxakhlHamc0uU
A+y0pEvpRS8o8+QbAmeASyw3v7bE0aokKnGOLlmTLeri0bjMYBdvbb2FcHfJ7FSI
P9S7sytFYckavCE=
=Zy5c
-----END PGP SIGNATURE-----