-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jun 2025 16:01:10 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 138.0.7204.49-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
Checksums-Sha1:
 dfc1670bac50c86b660690df7e2aa90ff65a463e 5021576 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 35abe3c26317615393139b374555c68f00cbb8c0 22440556 chromium-common_138.0.7204.49-1~deb12u1_i386.deb
 e00fd04d0d108ec403fdbb08a2e9f56726ada354 33330996 chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 dcb7ff0ad940d543dab2c125367fcd92cd7737cb 8135540 chromium-driver_138.0.7204.49-1~deb12u1_i386.deb
 6a4a261ca4a261849a7c7d94f9ea20af11fe8cc5 27850904 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 1e28a6f5c03e15c61f17b6f01d4cbf7077949a4a 55696468 chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb
 10a237f8e17a9cb753eb5acadadd7813915bfa2b 18080 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 7795ab787c8c83ee41b0a80c63c98a3ca77554e6 105080 chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb
 1ffecba12024486a00091f757639a29620d4c9b3 29947596 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 ba05b1420a23a8b1b9dab9c847f32478830d0016 60338904 chromium-shell_138.0.7204.49-1~deb12u1_i386.deb
 f53b28fec4c1044da6a255370f8929bb8d9fb4ab 30285 chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo
 881737a811f4b2825d6e07e3df635effc9c2a1d0 71194660 chromium_138.0.7204.49-1~deb12u1_i386.deb
Checksums-Sha256:
 59c79f63105b93eb03ce99b156a584c652c323487b3b137f0fcd69bcd00a53f8 5021576 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 c5b025946faad50991423da79102ccdf3ae3bdb4f4ae3bb54bec33ffc4cd539e 22440556 chromium-common_138.0.7204.49-1~deb12u1_i386.deb
 6f14b43955eda4c6085b250291d4165f8597870bdb1e90be5b18cb60cb2d0de0 33330996 chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 5007a93ee22744eb0ba3b3dc0883999742df3c1b8cacd44488f6f5a909f47f09 8135540 chromium-driver_138.0.7204.49-1~deb12u1_i386.deb
 bdfde498449de83266a52afdf675887e073108493cb386f94552490b9aca0778 27850904 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 7639b445bc29fd6cd48020ed714122fcacfb63fa9bc742a72a04588173b38ddd 55696468 chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb
 a01c02b36f4f3437cdea8017dcbae2249456318c78fdee7f6f8b1ee3aac4df25 18080 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 cd2faa6b2204233dee106009983caec541a161e26bd642c457b78aa1ac615e06 105080 chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb
 141de1ec427f036c4a6313f8c8713d50f4aea32fae1633480152b1c694ffc032 29947596 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 ad085f5ebd963e706fce60ff68f6327ee996da0e45b750f8603d1ad6b354683d 60338904 chromium-shell_138.0.7204.49-1~deb12u1_i386.deb
 423322eb24e225c38d60a951abf46f4f7fec3e77ef7123452ec863b722853b35 30285 chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo
 70529612f41a5256fcd5ce0fd3919b0e96ad7fa9e8e7a4c7c69016a8da1ab46b 71194660 chromium_138.0.7204.49-1~deb12u1_i386.deb
Files:
 f58a9f66c037d2f173861525b10bcaea 5021576 debug optional chromium-common-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 318da7eb57ca8f516d4c01fc39a07199 22440556 web optional chromium-common_138.0.7204.49-1~deb12u1_i386.deb
 61230d7477f3bad275a09f83e605d5a7 33330996 debug optional chromium-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 1017e12a9e8330d8fe2c2c70e7d9051e 8135540 web optional chromium-driver_138.0.7204.49-1~deb12u1_i386.deb
 00c4fbebc08c80f4202321a660484ec2 27850904 debug optional chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 5cd08496232f2f5a5d812c4ac85b5f32 55696468 web optional chromium-headless-shell_138.0.7204.49-1~deb12u1_i386.deb
 814b0cda33d876eb340ab34b2c1181c4 18080 debug optional chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 90cd171f4b1f77c50fe985ee199c97a5 105080 web optional chromium-sandbox_138.0.7204.49-1~deb12u1_i386.deb
 506d7935afe77ac1d300bca0bcf95896 29947596 debug optional chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_i386.deb
 5cf8b8086359d8ef2ecbc9d0cb74bf4a 60338904 web optional chromium-shell_138.0.7204.49-1~deb12u1_i386.deb
 ae1d819957df83f4a7c2a2267702a659 30285 web optional chromium_138.0.7204.49-1~deb12u1_i386-buildd.buildinfo
 1244f87d4e638b07445ae200a388b8da 71194660 web optional chromium_138.0.7204.49-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmheOZQACgkQJuP6X4A0
XeJoUQ/+L123qTNz4d5RqMpxckv+dCNT5NNFS/mTjJRIMihnbcW3W3wGY6E3W+4w
Yv6/63aa9DS5dPi5p5kiCWKdhiszwdgZNLGPCS79PLX1KDt+cIKa3z6rp5QKicLz
lNObYeXeLfmELEEEyAd0M1Zym0H36fGAWTAv9wF4Jbjdk0v8aafgKMsxnFHWm8P1
2OI0SOxkFNNJglCFWy1xcsBMoiaFKJravT0anbGv692/LMEQbPLHVG1wv5SPklXk
o0pJ0zrn0dueBzq0Ma4FbQw5LO+pIHtEfL0wAvQ3pfTyjq+cYB1+HYw1bBUyQ9NU
w+RzryGjWeYtfXa+u3uwrWEL2zpmTkBo3+ja168S+h9yeoP5rMeAyDtU/VwKK7kv
qf6xeGHWmTJ0i+d83Oe4XufhvgwNVENKK6yvkHT5/DYtfAFRoVPIt61/7A2gXa6T
DJyBndc7JHe0x2NM7Uj2n0tP/T5s/tMNMkUs3B3LAbLMBi5e3v+WRQ4asHvpfQCr
jnxxmQ3sGAbMiACs5Kyb2DqVoOFmIU9I/Fut3Zb9/zoLU6riIWHSrk+qPZaSXYgi
Z+L1/jTNgwRil5iYOYazyx7236rlF1o2JBQAl4mLxY7fMXD5PQrVGx77IN9l9Tkt
6yrysEpnYEeETzGPt2rkjoGLJrRaUXz8uv6BmqFm+ouGwH/F8do=
=TszO
-----END PGP SIGNATURE-----