-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jun 2025 16:01:10 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 138.0.7204.49-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001). - CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim. - CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K. * d/rules: - drop enable_reading_list=false, as Reading List is now supported for all architectures. - disable ThinLTO due to build failure with older rust. * d/patches: - upstream/arm32-crel.patch: drop, merged upstream. - upstream/cross-build-target.patch: drop, merged upstream. - upstream/span-fwd.patch: drop, merged upstream. - upstream/mojo-optional.patch: drop, merged upstream. - upstream/opener-heur.patch: drop, merged upstream. - upstream/allowed-state.patch: drop, merged upstream. - upstream/pdfium-libpng.patch: drop, merged upstream. - upstream/safety-hub-set.patch: drop, merged upstream. - fixes/media-cstdint.patch: drop, merged upstream. - debianization/clang-version.patch: refresh. - fixes/bindgen.patch: refresh. - fixes/armhf-icf.patch: refresh. - disable/catapult.patch: refresh. - disable/google-api-warning.patch: refresh. - disable/buildtools-libc.patch: refresh. - bookworm/clang19.patch: drop part of patch. - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed config variable kMaxBucketed. - disable/node-version-ck.patch: disable nodejs version check in protobuf. - bookworm/stdarch-arm.patch: drop redundant portion of patch. - bookworm/rust-is-none-or.patch: drop portion of patch due to upstream changes. - bookworm/gn-hpp11.patch: add another workaround for older gn. - bookworm/rust-split-at-checked.patch: enable unstable rust feature split_at_checked. - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable going out of scope. - rust-unstable-features.patch: enable a bunch more unstable rust features. - bookworm/rust-box-to-vec.patch: work around older rustc not being able to implicitly handle converted a boxed slice into a vector. . [ Daniel Richard G. ] * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid "argument unused" warnings on armhf due to -fstack-clash-protection. * d/control, d/rules: Apply cross-build feedback from Helmut Grohne. * d/control: Add myself to Uploaders:, with Andres's blessing of course :) . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes Checksums-Sha1: 141d46d8546151d5dd87c7d2a91c2d0019663a56 5192920 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 3792f9169bdc64bcf979a4460ae9e6359c816049 22347904 chromium-common_138.0.7204.49-1~deb12u1_amd64.deb cb6aee7908701e59d566abdb9f28aa121138a963 33065880 chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 6fb5398ea61b4add57e6091e7b81778fe4c593b1 7848692 chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb 038621b0a5526c6009f90ab911496b047fab8882 27594564 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 50e442fa069a80bfb00a79c8bca128ca87029353 54814276 chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb b39ed1893165e0ab4f2040ea3bd4737c2d2a66e3 19364 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb e3015df5a493e330abc6ec80b012cbd4f3ee6478 105216 chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb 11c9b38799957bc91763406fa5a66231e4a15c66 29711476 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb a89633223ffacd2b26cdfaef11cb95461ce398a3 59482048 chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb f44ed81c2beb767a5b7759ad90e1bb7e720dbace 30303 chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo c642ca6ed91f27eefaca440e5107929de2a8978d 69828492 chromium_138.0.7204.49-1~deb12u1_amd64.deb Checksums-Sha256: a49c9f8779578e6ac45d29577cc9b39f2e077ac87e61b229984498a8d8d70e13 5192920 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 2728c01dbfdc5f5cb110a8693a8e5dd8653686afd76cf16a2c93b7497cfcd6c4 22347904 chromium-common_138.0.7204.49-1~deb12u1_amd64.deb 4a3b2d69b01f1798d2a2f1aeb9ce01120ceddf4b98f31ea1cda33fc2e6076407 33065880 chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 41cf3ff32e4995b9fc558bcb740e60a533c59c18b725b519046abf755cd9b234 7848692 chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb b0eb74fb0f450ccb873e9fd2be93bdddd5d8c1079f8c3b73649fe0a277312989 27594564 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb f7ab3da18a0b6c9fb4bcfdca61452acfe08dd18844e514a7f95d1d5a473fd8a6 54814276 chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb e941f3e50221ca022aa649771d6d8f00963107e305fe6346291a77074db39a9c 19364 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 69b8c9f66303c6fb8e0158437c18451b74cf85a380691d44ba948b685809ac1c 105216 chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb bc2af92a7a320c3ce088098482b921942fd444bf93ef19b3c4da57cec0a5eac8 29711476 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 19b2f2a80e4f64ec2b113c0a31179f9a61055909af6d50c42fe9a04b564285ba 59482048 chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb e89de1a6a4f5f073ba9cfb6f81d07b7709c0fb089321c60683026c964a0077bf 30303 chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo 381464c1f2c083aa515b6c19fe3291f6e4f362beab80c86ef3be8bedf72e7dcd 69828492 chromium_138.0.7204.49-1~deb12u1_amd64.deb Files: 608a876683284b532313995e97748bf5 5192920 debug optional chromium-common-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb aa9cd26182970132ebd607e1a8a445c3 22347904 web optional chromium-common_138.0.7204.49-1~deb12u1_amd64.deb 52c217ef5bb3f875172aa2197098a8e7 33065880 debug optional chromium-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 708e798a55976616f8bc177465b59e8f 7848692 web optional chromium-driver_138.0.7204.49-1~deb12u1_amd64.deb 2f47e37db8c2a717d42f3a0c98ff2db1 27594564 debug optional chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 278a46b7c13deadbd0c174ffce8725db 54814276 web optional chromium-headless-shell_138.0.7204.49-1~deb12u1_amd64.deb e2c03614624f75b540cad3cbcdd21ef1 19364 debug optional chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb 06fea722de1760191452961638eb21b3 105216 web optional chromium-sandbox_138.0.7204.49-1~deb12u1_amd64.deb 559d5449815ae240c4c3abcb181c7c20 29711476 debug optional chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_amd64.deb ae73f2130401f623516a40f6f9420cc2 59482048 web optional chromium-shell_138.0.7204.49-1~deb12u1_amd64.deb a9cbcdf118bcb7a40004454a3fb8f1b2 30303 web optional chromium_138.0.7204.49-1~deb12u1_amd64-buildd.buildinfo a6a6d7833e63e5496fcb492478349348 69828492 web optional chromium_138.0.7204.49-1~deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmheL6AACgkQiZlfn74W V6nrfA//WdjaEw/KvccDNOfTDTTXIq0p4fEkyPtHImvrbBXfsa7sKMeABGwNadXA L29dPVwpMF2JWXsXPNvSvgIdh0qG52jDjvRTAn6NvxEtv6NasPcy9RpY8+42f/3P +EyKCcAj7I/n9E9tdV2FxFWRjVrDsRkolndi7o1EWmD16rK4MHKePj/ArzwGlkA3 mAFYL7Hk3a2Uq2iUYVPIpTForkqFk69bey4uMEKtOJI+aPtFZAEacqpuwmmMOvzH 7XeUR5BTp3WqghnxpQneIVeaIgLkTo00v6bzGFA2r7tsLFH9dSqwT2J3ISrC16Do rJugheP0hTeeu3XBG3twQYSbLoND6fMAQdUtBE8SjzwCA3+nIY1XQR5XXqLbYm8U /MHYwo7KMLhALygoBqtcTTHDhI774tV2PjGzWAxo14TAAPUFZiBHxXVj9wr2RFV1 nI0hGy9PjZKO3aP8ylEHjv45XN96McV7XWdQGck9Bs5W5PTMEcCybRF6TEtePlhR kiWy3lVELkyT10fdmSbB4z/7WrmkNv6pigMX5/5ZzeqbRF/egzWt0d892dgxreYx NbzFC0Auy40DfmDJHBtMlw3e2oEH5wJPjtwtWjViCMZRqE4g+jhVu8QBQ8gImSJ/ 01a10UGHcCA0p67xXdj3zeWrsQFl5Yv4f+caUEyXcsDBTmUB4b8= =ADaL -----END PGP SIGNATURE-----