Changelog
chromium (121.0.6167.85-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-0807: Use after free in WebAudio.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2024-0812: Inappropriate implementation in Accessibility.
Reported by Anonymous.
- CVE-2024-0808: Integer underflow in WebUI.
Reported by Lyra Rebane (rebane2001).
- CVE-2024-0810: Insufficient policy enforcement in DevTools.
Reported by Shaheen Fazim.
- CVE-2024-0814: Incorrect security UI in Payments.
Reported by Muneaki Nishimura (nishimunea).
- CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01.
- CVE-2024-0806: Use after free in Passwords.
Reported by 18楼梦想改造家.
- CVE-2024-0805: Inappropriate implementation in Downloads.
Reported by Om Apip.
- CVE-2024-0804: Insufficient policy enforcement in iOS Security UI.
Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) .
- CVE-2024-0811: Inappropriate implementation in Extensions API.
Reported by Jann Horn of Google Project Zero.
- CVE-2024-0809: Inappropriate implementation in Autofill.
Reported by Ahmed ElMasry.
* d/copyright: drop another eu-strip binary.
* d/patches:
- fixes/atspi.patch: drop, merged upstream.
- fixes/gcc13-headers.patch: drop portions that were merged upstream.
- upstream/nullptr_t.patch: drop, merged upstream.
- upstream/string-include.patch: drop, merged upstream.
- ungoogled/disable-web-environment-integrity.patch: remove, upstream
wisely backed off and removed WEI.
- disable/signin.patch: refresh for minor upstream changes.
- disable/catapult.patch: refresh for minor upstream changes.
- system/openjpeg.patch: refresh for minor upstream changes.
- bookworm/clang16.patch: drop portion that was merged upstream.
- upstream/vector.patch: missing header fix, pulled from upstream.
- upstream/display-header.patch: missing header fix, pulled from upstream.
- upstream/bitset.patch: missing header fix, pulled from upstream.
- upstream/once_flag.patch: missing header fix, pulled from upstream.
- bookworm/constexpr-equality.patch: add clang-16 workaround.
- bookworm/nvt.patch: revert an upstream c++-20 change that confuses
clang-16.
- fixes/libxml-parseerr.patch: revert change from a newer libxml than
debian's.
[ Timothy Pearson ]
* d/patches:
- fixes/std-to-address.patch: work around incorrect template selection
in Mojo ConvertTo()
- fixes/stdint.patch: add missing stdint include to performance manager
* d/patches/ppc64le:
- fixes/fix-rust-linking.patch: allow linking C and Rust libraries in full
archive mode
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- third_party/skia-vsx-instructions.patch: refresh for upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
refresh for upstream changes
- third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
refresh for upstream changes
-- Andres Salomon <email address hidden> Tue, 23 Jan 2024 17:59:49 -0500
