-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Oct 2024 01:12:11 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 130.0.6723.58-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (130.0.6723.58-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
     - CVE-2024-9955: Use after free in Web Authentication.
       Reported by anonymous.
     - CVE-2024-9956: Inappropriate implementation in Web Authentication.
       Reported by mastersplinter.
     - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
       fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
     - CVE-2024-9958: Inappropriate implementation in PictureInPicture.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
     - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
     - CVE-2024-9961: Use after free in Parcel Tracking. Reported by
       lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
       Legendsec at QI-ANXIN Group.
     - CVE-2024-9962: Inappropriate implementation in Permissions.
       Reported by Shaheen Fazim.
     - CVE-2024-9963: Insufficient data validation in Downloads.
       Reported by Anonymous.
     - CVE-2024-9964: Inappropriate implementation in Payments.
       Reported by Hafiizh.
     - CVE-2024-9965: Insufficient data validation in DevTools.
       Reported by Shaheen Fazim.
     - CVE-2024-9966: Inappropriate implementation in Navigations.
       Reported by Harry Chen.
   * d/copyright: rollup -> @rollup  deletion.
   * d/patches:
     - debianization/sandbox.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - disable/catapult.patch: refresh.
     - system/zlib.patch: drop. Upstream removed courgette, and its
       replacement (zucchini) doesn't appear to use zlib.
     - system/rollup.patch: update path due to upstream renaming; call
       ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
     - system/event.patch: drop half of patch due to upstream deletions.
     - upstream/mojo-null.patch: merged into mojo.patch.
     - upstream/mojo.patch: update based on 130 test files.
     - bookworm/gn-absl.patch: refresh.
     - bookworm/gn-funcs.patch: refresh.
     - bookworm/cacheline.patch: add patch to revert usage of
       std::hardware_destructive_interference_size, which clang-16 lacks.
     - bookworm/constexpr2.patch: add around clang16 build failure
       workaround related to constexpr.
     - upstream/stack-header.patch: add missing include.
 .
   [ Daniel Richard G. ]
   * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
     they are no longer needed.
 .
   [ Timothy Pearson ]
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
       platforms
     - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
       when starting Chromium from within a VNC session
   * d/patches/ppc64le:
     - core/add-ppc64-pthread-stack-size.patch: Define correct pthread
       stack size on ppc64 systems
     - core/cargo-add-ppc64.diff
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
       .patch: Refresh for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       Refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
       for upstream changes
Checksums-Sha1:
 1fca0b49716c0431011e22f5a8ddf6b2a367fcbc 7752052 chromium-l10n_130.0.6723.58-1~deb12u1_all.deb
 c425f1ac7add4cf6fd553dfb13d644d57958a80f 22165 chromium_130.0.6723.58-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 5169d06cf1dbd585cff97314e1b710fb7b412ef12e4fd1142e3184f9c82c6f6a 7752052 chromium-l10n_130.0.6723.58-1~deb12u1_all.deb
 0ef038ec2863af3cf0ce705a1cfd75e481c99db28b5ea516a90e9e0780586a1a 22165 chromium_130.0.6723.58-1~deb12u1_all-buildd.buildinfo
Files:
 3cae39e09a59ed4e4e2ff69a034d3460 7752052 localization optional chromium-l10n_130.0.6723.58-1~deb12u1_all.deb
 736b773dfb1df1389e068fb1bfe58358 22165 web optional chromium_130.0.6723.58-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmcUVLEACgkQ4cagXJhO
TXuYnw//coNJ/Oeaoxoo5VPAgWPyjgGeNaL00FJsVVHigSG/xd+W5YEkl8klpRfo
UUPVMkV52p667q+YtX7xgzUdUgYE/I2qPQFmXXZ5yRH509ABsTVPGCLm2NMBLov4
q9Pv/ic8jpm/jW75n1IscjwEOcL1Dx8aQW+hGpXcv9NJXvSw2qxgf4WODJDQ2izF
FNIoZ27+0LKatxfRd3xUYwxsp5Si//G9N16f0CTpUw3mJpcVy5Py+K39crmsrVFJ
X01qrH22bJmIxAwLXP9SHC5qI6TyuOIkRxfZtfpWL33utjA8Jo1cmjYOAxXhhH+O
Qwb8CipdJEY23jQIfH8OAnmglzARZMv3BMSYkAjlngsZmg83PHBR1L6ZABZOwVJD
X0sA5WUDNS2F2ytB3Udbg7+e+FjL+jF/Ml9lswFySp1WOs0RdKVZpPplv1ryMhWU
mrONZGk8GDhVI5LnGEDIxzSQ023jXah/vtPegqc4pdh4ejaDr7vaTwiz+rC8P0rQ
JzgQhNL7o+666ecLoiA0WAO8ppKDGBrneIrP3dR59RvyZHyCnMTJ/chGb8baFbKK
6IVSqBi2e+ZlSrTgiP6b8VcY/gIajtGI8RAWFtURM4GxaksMjbaVo2Uohr8ujTze
C8t6qKtDzN+YOf2QLtiFONKwYytu/2eZEMbGA6h2AoTZDjSs1EE=
=4RAl
-----END PGP SIGNATURE-----