-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Mar 2023 18:12:37 -0500
Source: chromium
Architecture: source
Version: 111.0.5563.64-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (111.0.5563.64-1~deb11u1) bullseye-security; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2023-1213: Use after free in Swiftshader.
Reported by Jaehun Jeong(@n3sk) of Theori.
- CVE-2023-1214: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous.
- CVE-2023-1216: Use after free in DevTools.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2023-1217: Stack buffer overflow in Crash reporting.
Reported by sunburst of Ant Group Tianqiong Security Lab.
- CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous.
- CVE-2023-1219: Heap buffer overflow in Metrics.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-1220: Heap buffer overflow in UMA.
Reported by Sergei Glazunov of Google Project Zero.
- CVE-2023-1221: Insufficient policy enforcement in Extensions API.
Reported by Ahmed ElMasry.
- CVE-2023-1222: Heap buffer overflow in Web Audio API.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2023-1223: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-1224: Insufficient policy enforcement in Web Payments API.
Reported by Thomas Orlita.
- CVE-2023-1225: Insufficient policy enforcement in Navigation.
Reported by Roberto Ffrench-Davis @Lihaft.
- CVE-2023-1226: Insufficient policy enforcement in Web Payments API.
Reported by Anonymous.
- CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel.
- CVE-2023-1228: Insufficient policy enforcement in Intents.
Reported by Axel Chong.
- CVE-2023-1229: Inappropriate implementation in Permission prompts.
Reported by Thomas Orlita.
- CVE-2023-1230: Inappropriate implementation in WebApp Installs.
Reported by Axel Chong.
- CVE-2023-1231: Inappropriate implementation in Autofill.
Reported by Yan Zhu, Brave.
- CVE-2023-1232: Insufficient policy enforcement in Resource Timing.
Reported by Sohom Datta.
- CVE-2023-1233: Insufficient policy enforcement in Resource Timing.
Reported by Soroush Karami.
- CVE-2023-1234: Inappropriate implementation in Intents.
Reported by Axel Chong.
- CVE-2023-1235: Type Confusion in DevTools.
Reported by raven at KunLun lab.
- CVE-2023-1236: Inappropriate implementation in Internals.
Reported by Alesandro Ortiz.
* Document upcoming security support in README.Debian.security.
* Document switching the default search engine in README.debian.
* d/patches:
- upstream/clamp.patch: drop, merged upstream.
- upstream/pwman-const.patch: drop, merged upstream.
- upstream/move-stack-to-isolate.patch: drop, merged upstream.
- upstream/blink-dbl-float.patch: drop, merged upstream.
- upstream/v4l2-fix.patch: drop, merged upstream.
- disable/catapult.patch: refresh & remove unnecessary android bits.
- disable/google-api-warning.patch: refresh.
- bullseye/mulodic.patch: add missing import.
.
[ Timothy Pearson ]
* d/patches:
- ppc64le/third_party/0005-third_party-dav1d-crash-fix.patch: drop,
merged upstream
- ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch:
skia musttail is back in upstream, disable on ppc64le due to
contining Clang bugs
- ppc64le: refresh libaom configuration
Checksums-Sha1:
aa435545296c91cf5a23fe27be0a34f4efea51ae 3801 chromium_111.0.5563.64-1~deb11u1.dsc
d8c14fdb7853f61e157a4c87427dae124a6c1563 653798792 chromium_111.0.5563.64.orig.tar.xz
42b376bf3b797ed0ef7113823e4b1be5d3975efa 297936 chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
8bdae78d564aaf066382c286b61ec3666ce7171c 21311 chromium_111.0.5563.64-1~deb11u1_source.buildinfo
Checksums-Sha256:
0686fcf58f4c12ea4f5e0567429c6ca87c262106d5b46266b23962836c2b96f7 3801 chromium_111.0.5563.64-1~deb11u1.dsc
68dc1f957c93a199571acea663a68ce59f8c028b522d010639f657d6442d154d 653798792 chromium_111.0.5563.64.orig.tar.xz
fb84bc348278cecea73c3fcc7006f5c9bbb429889b7c269c32664d78605f8817 297936 chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
c770936605181a767cfa2f0df124b954351b284fec1e10fdba8963b920b8bf27 21311 chromium_111.0.5563.64-1~deb11u1_source.buildinfo
Files:
0c79c8393a2214bd627ad17cda602f49 3801 web optional chromium_111.0.5563.64-1~deb11u1.dsc
caa4104f8f64bcdb1a6fa63531cee231 653798792 web optional chromium_111.0.5563.64.orig.tar.xz
2b9afdaf44bda35a5bfa5d13fd68c751 297936 web optional chromium_111.0.5563.64-1~deb11u1.debian.tar.xz
c1cca27d96b216e5108a15d9ee7e8341 21311 web optional chromium_111.0.5563.64-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmQIFzgUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdOpQ//e6HHNmAkAtDr2PmVlbEu/xYw5qSn vdOKOyX1oi1AD/sDnCYf/r4HYeX2AovsBT9XDuHxlYJa1V+Zik0dSzrWToZbJT5J xY9BYa90Alus7zvKYICwZNFFaae7bMpsILTzrII0+DNJFUlYyNK3nyP3AcuSvdnz k9WC4rwDOgJ/yixLndTicAUhzTn+Yhih848dtBtd0aI7tBeVh/vesoyePjRoId3d eJaU3Eg6CLG9Is2TOBF2jNenFsf6iqLSQwYXhDhifJsgmUCB0MntdO/M/HVvuaYP 2dc8C38xPARhFh+cXMVq38psC3p7FvMxzJyWv/vnl2Rlu/+Ecd2+OuXE2wQdHPf7 EL8qScxqtghXUwVgCXT5yg2Cz28jD/+iHBrWINrq/fyD4g1J7vqcx/fJcoJZbiMu tigI9HdfXu+1do2kHbRHQusQxUZSKsW30peJ5MeWWHIkin/wh3gltTJaa0VvrID+ H6GSjjysDjcK0SdNQTgF6kBSco7S+KSnleB8p8pgQsbHgREpBmRncXBAfIpuKe6B F23ffw7KFpTP609JB6Sq5Yubf7ZoW8ypUt4f0S7WyVUCjN5mUNtr25IEG4W6DH/s WTsyvUfCeizKdAedze4AMqPhFuusPpyO/Xu9YIoW5Rvr8R6lNNQ3rtuxGq9wzMjk vg6XoJPFt+mrBls=
=pPNK
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)