-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jun 2025 16:01:10 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 138.0.7204.49-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
Checksums-Sha1:
 141d46d8546151d5dd87c7d2a91c2d0019663a56 5192920 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 3792f9169bdc64bcf979a4460ae9e6359c816049 22347904 chromium-common_138.0.7204.49-1~deb12u1_amd64.deb
 cb6aee7908701e59d566abdb9f28aa121138a963 33065880 chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 6fb5398ea61b4add57e6091e7b81778fe4c593b1 7848692 chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb
 038621b0a5526c6009f90ab911496b047fab8882 27594564 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 50e442fa069a80bfb00a79c8bca128ca87029353 54814276 chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb
 b39ed1893165e0ab4f2040ea3bd4737c2d2a66e3 19364 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 e3015df5a493e330abc6ec80b012cbd4f3ee6478 105216 chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb
 11c9b38799957bc91763406fa5a66231e4a15c66 29711476 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 a89633223ffacd2b26cdfaef11cb95461ce398a3 59482048 chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb
 f44ed81c2beb767a5b7759ad90e1bb7e720dbace 30303 chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo
 c642ca6ed91f27eefaca440e5107929de2a8978d 69828492 chromium_138.0.7204.49-1~deb12u1_amd64.deb
Checksums-Sha256:
 a49c9f8779578e6ac45d29577cc9b39f2e077ac87e61b229984498a8d8d70e13 5192920 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 2728c01dbfdc5f5cb110a8693a8e5dd8653686afd76cf16a2c93b7497cfcd6c4 22347904 chromium-common_138.0.7204.49-1~deb12u1_amd64.deb
 4a3b2d69b01f1798d2a2f1aeb9ce01120ceddf4b98f31ea1cda33fc2e6076407 33065880 chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 41cf3ff32e4995b9fc558bcb740e60a533c59c18b725b519046abf755cd9b234 7848692 chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb
 b0eb74fb0f450ccb873e9fd2be93bdddd5d8c1079f8c3b73649fe0a277312989 27594564 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 f7ab3da18a0b6c9fb4bcfdca61452acfe08dd18844e514a7f95d1d5a473fd8a6 54814276 chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb
 e941f3e50221ca022aa649771d6d8f00963107e305fe6346291a77074db39a9c 19364 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 69b8c9f66303c6fb8e0158437c18451b74cf85a380691d44ba948b685809ac1c 105216 chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb
 bc2af92a7a320c3ce088098482b921942fd444bf93ef19b3c4da57cec0a5eac8 29711476 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 19b2f2a80e4f64ec2b113c0a31179f9a61055909af6d50c42fe9a04b564285ba 59482048 chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb
 e89de1a6a4f5f073ba9cfb6f81d07b7709c0fb089321c60683026c964a0077bf 30303 chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo
 381464c1f2c083aa515b6c19fe3291f6e4f362beab80c86ef3be8bedf72e7dcd 69828492 chromium_138.0.7204.49-1~deb12u1_amd64.deb
Files:
 608a876683284b532313995e97748bf5 5192920 debug optional chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 aa9cd26182970132ebd607e1a8a445c3 22347904 web optional chromium-common_138.0.7204.49-1~deb12u1_amd64.deb
 52c217ef5bb3f875172aa2197098a8e7 33065880 debug optional chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 708e798a55976616f8bc177465b59e8f 7848692 web optional chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb
 2f47e37db8c2a717d42f3a0c98ff2db1 27594564 debug optional chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 278a46b7c13deadbd0c174ffce8725db 54814276 web optional chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb
 e2c03614624f75b540cad3cbcdd21ef1 19364 debug optional chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 06fea722de1760191452961638eb21b3 105216 web optional chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb
 559d5449815ae240c4c3abcb181c7c20 29711476 debug optional chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb
 ae73f2130401f623516a40f6f9420cc2 59482048 web optional chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb
 a9cbcdf118bcb7a40004454a3fb8f1b2 30303 web optional chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo
 a6a6d7833e63e5496fcb492478349348 69828492 web optional chromium_138.0.7204.49-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmheL6AACgkQiZlfn74W
V6nrfA//WdjaEw/KvccDNOfTDTTXIq0p4fEkyPtHImvrbBXfsa7sKMeABGwNadXA
L29dPVwpMF2JWXsXPNvSvgIdh0qG52jDjvRTAn6NvxEtv6NasPcy9RpY8+42f/3P
+EyKCcAj7I/n9E9tdV2FxFWRjVrDsRkolndi7o1EWmD16rK4MHKePj/ArzwGlkA3
mAFYL7Hk3a2Uq2iUYVPIpTForkqFk69bey4uMEKtOJI+aPtFZAEacqpuwmmMOvzH
7XeUR5BTp3WqghnxpQneIVeaIgLkTo00v6bzGFA2r7tsLFH9dSqwT2J3ISrC16Do
rJugheP0hTeeu3XBG3twQYSbLoND6fMAQdUtBE8SjzwCA3+nIY1XQR5XXqLbYm8U
/MHYwo7KMLhALygoBqtcTTHDhI774tV2PjGzWAxo14TAAPUFZiBHxXVj9wr2RFV1
nI0hGy9PjZKO3aP8ylEHjv45XN96McV7XWdQGck9Bs5W5PTMEcCybRF6TEtePlhR
kiWy3lVELkyT10fdmSbB4z/7WrmkNv6pigMX5/5ZzeqbRF/egzWt0d892dgxreYx
NbzFC0Auy40DfmDJHBtMlw3e2oEH5wJPjtwtWjViCMZRqE4g+jhVu8QBQ8gImSJ/
01a10UGHcCA0p67xXdj3zeWrsQFl5Yv4f+caUEyXcsDBTmUB4b8=
=ADaL
-----END PGP SIGNATURE-----