-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jun 2025 16:01:10 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: i386 Version: 138.0.7204.49-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001). - CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim. - CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K. * d/rules: - drop enable_reading_list=false, as Reading List is now supported for all architectures. - disable ThinLTO due to build failure with older rust. * d/patches: - upstream/arm32-crel.patch: drop, merged upstream. - upstream/cross-build-target.patch: drop, merged upstream. - upstream/span-fwd.patch: drop, merged upstream. - upstream/mojo-optional.patch: drop, merged upstream. - upstream/opener-heur.patch: drop, merged upstream. - upstream/allowed-state.patch: drop, merged upstream. - upstream/pdfium-libpng.patch: drop, merged upstream. - upstream/safety-hub-set.patch: drop, merged upstream. - fixes/media-cstdint.patch: drop, merged upstream. - debianization/clang-version.patch: refresh. - fixes/bindgen.patch: refresh. - fixes/armhf-icf.patch: refresh. - disable/catapult.patch: refresh. - disable/google-api-warning.patch: refresh. - disable/buildtools-libc.patch: refresh. - bookworm/clang19.patch: drop part of patch. - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed config variable kMaxBucketed. - disable/node-version-ck.patch: disable nodejs version check in protobuf. - bookworm/stdarch-arm.patch: drop redundant portion of patch. - bookworm/rust-is-none-or.patch: drop portion of patch due to upstream changes. - bookworm/gn-hpp11.patch: add another workaround for older gn. - bookworm/rust-split-at-checked.patch: enable unstable rust feature split_at_checked. - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable going out of scope. - rust-unstable-features.patch: enable a bunch more unstable rust features. - bookworm/rust-box-to-vec.patch: work around older rustc not being able to implicitly handle converted a boxed slice into a vector. . [ Daniel Richard G. ] * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid "argument unused" warnings on armhf due to -fstack-clash-protection. * d/control, d/rules: Apply cross-build feedback from Helmut Grohne. * d/control: Add myself to Uploaders:, with Andres's blessing of course :) . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes Checksums-Sha1: dfc1670bac50c86b660690df7e2aa90ff65a463e 5021576 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 35abe3c26317615393139b374555c68f00cbb8c0 22440556 chromium-common_138.0.7204.49-1~deb12u1_i386.deb e00fd04d0d108ec403fdbb08a2e9f56726ada354 33330996 chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb dcb7ff0ad940d543dab2c125367fcd92cd7737cb 8135540 chromium-driver_138.0.7204.49-1~deb12u1_i386.deb 6a4a261ca4a261849a7c7d94f9ea20af11fe8cc5 27850904 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 1e28a6f5c03e15c61f17b6f01d4cbf7077949a4a 55696468 chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb 10a237f8e17a9cb753eb5acadadd7813915bfa2b 18080 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 7795ab787c8c83ee41b0a80c63c98a3ca77554e6 105080 chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb 1ffecba12024486a00091f757639a29620d4c9b3 29947596 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb ba05b1420a23a8b1b9dab9c847f32478830d0016 60338904 chromium-shell_138.0.7204.49-1~deb12u1_i386.deb f53b28fec4c1044da6a255370f8929bb8d9fb4ab 30285 chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo 881737a811f4b2825d6e07e3df635effc9c2a1d0 71194660 chromium_138.0.7204.49-1~deb12u1_i386.deb Checksums-Sha256: 59c79f63105b93eb03ce99b156a584c652c323487b3b137f0fcd69bcd00a53f8 5021576 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb c5b025946faad50991423da79102ccdf3ae3bdb4f4ae3bb54bec33ffc4cd539e 22440556 chromium-common_138.0.7204.49-1~deb12u1_i386.deb 6f14b43955eda4c6085b250291d4165f8597870bdb1e90be5b18cb60cb2d0de0 33330996 chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 5007a93ee22744eb0ba3b3dc0883999742df3c1b8cacd44488f6f5a909f47f09 8135540 chromium-driver_138.0.7204.49-1~deb12u1_i386.deb bdfde498449de83266a52afdf675887e073108493cb386f94552490b9aca0778 27850904 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 7639b445bc29fd6cd48020ed714122fcacfb63fa9bc742a72a04588173b38ddd 55696468 chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb a01c02b36f4f3437cdea8017dcbae2249456318c78fdee7f6f8b1ee3aac4df25 18080 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb cd2faa6b2204233dee106009983caec541a161e26bd642c457b78aa1ac615e06 105080 chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb 141de1ec427f036c4a6313f8c8713d50f4aea32fae1633480152b1c694ffc032 29947596 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb ad085f5ebd963e706fce60ff68f6327ee996da0e45b750f8603d1ad6b354683d 60338904 chromium-shell_138.0.7204.49-1~deb12u1_i386.deb 423322eb24e225c38d60a951abf46f4f7fec3e77ef7123452ec863b722853b35 30285 chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo 70529612f41a5256fcd5ce0fd3919b0e96ad7fa9e8e7a4c7c69016a8da1ab46b 71194660 chromium_138.0.7204.49-1~deb12u1_i386.deb Files: f58a9f66c037d2f173861525b10bcaea 5021576 debug optional chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 318da7eb57ca8f516d4c01fc39a07199 22440556 web optional chromium-common_138.0.7204.49-1~deb12u1_i386.deb 61230d7477f3bad275a09f83e605d5a7 33330996 debug optional chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 1017e12a9e8330d8fe2c2c70e7d9051e 8135540 web optional chromium-driver_138.0.7204.49-1~deb12u1_i386.deb 00c4fbebc08c80f4202321a660484ec2 27850904 debug optional chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 5cd08496232f2f5a5d812c4ac85b5f32 55696468 web optional chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb 814b0cda33d876eb340ab34b2c1181c4 18080 debug optional chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 90cd171f4b1f77c50fe985ee199c97a5 105080 web optional chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb 506d7935afe77ac1d300bca0bcf95896 29947596 debug optional chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb 5cf8b8086359d8ef2ecbc9d0cb74bf4a 60338904 web optional chromium-shell_138.0.7204.49-1~deb12u1_i386.deb ae1d819957df83f4a7c2a2267702a659 30285 web optional chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo 1244f87d4e638b07445ae200a388b8da 71194660 web optional chromium_138.0.7204.49-1~deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmheOZQACgkQJuP6X4A0 XeJoUQ/+L123qTNz4d5RqMpxckv+dCNT5NNFS/mTjJRIMihnbcW3W3wGY6E3W+4w Yv6/63aa9DS5dPi5p5kiCWKdhiszwdgZNLGPCS79PLX1KDt+cIKa3z6rp5QKicLz lNObYeXeLfmELEEEyAd0M1Zym0H36fGAWTAv9wF4Jbjdk0v8aafgKMsxnFHWm8P1 2OI0SOxkFNNJglCFWy1xcsBMoiaFKJravT0anbGv692/LMEQbPLHVG1wv5SPklXk o0pJ0zrn0dueBzq0Ma4FbQw5LO+pIHtEfL0wAvQ3pfTyjq+cYB1+HYw1bBUyQ9NU w+RzryGjWeYtfXa+u3uwrWEL2zpmTkBo3+ja168S+h9yeoP5rMeAyDtU/VwKK7kv qf6xeGHWmTJ0i+d83Oe4XufhvgwNVENKK6yvkHT5/DYtfAFRoVPIt61/7A2gXa6T DJyBndc7JHe0x2NM7Uj2n0tP/T5s/tMNMkUs3B3LAbLMBi5e3v+WRQ4asHvpfQCr jnxxmQ3sGAbMiACs5Kyb2DqVoOFmIU9I/Fut3Zb9/zoLU6riIWHSrk+qPZaSXYgi Z+L1/jTNgwRil5iYOYazyx7236rlF1o2JBQAl4mLxY7fMXD5PQrVGx77IN9l9Tkt 6yrysEpnYEeETzGPt2rkjoGLJrRaUXz8uv6BmqFm+ouGwH/F8do= =TszO -----END PGP SIGNATURE-----