-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jun 2025 16:01:10 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 138.0.7204.49-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
Checksums-Sha1:
 c477262718548e64d28d6e2466263bf8ace49c99 6090952 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 f40fbc8b248fbfff4621c24cdc2c34293a4c712d 27208728 chromium-common_138.0.7204.49-1~deb12u1_arm64.deb
 79643c4f0946a0b336ce467a8e4901bdaad56b3d 33986620 chromium-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 b05baf4968f129912cde97d9c75402d26d9351d3 7072116 chromium-driver_138.0.7204.49-1~deb12u1_arm64.deb
 4ad88b64a36aed6e941658c21786b8a60a10c574 27870476 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 71dfa8417c115a34542bef6ccfdce04a8aff80b4 48471440 chromium-headless-shell_138.0.7204.49-1~deb12u1_arm64.deb
 c276f5f14fc892bc677f062031edd9eb5698e6aa 20652 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 f0b5b6240c3feb7feeabc92f9274c9bc4e6e68ad 105896 chromium-sandbox_138.0.7204.49-1~deb12u1_arm64.deb
 e335cf58a9d5f0a11ae678ffa52da1f5b3b78caa 30001224 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 f4f124495ef024965c72621ac14f0c67842166dd 52612072 chromium-shell_138.0.7204.49-1~deb12u1_arm64.deb
 ed622c4026d7d249d42eb67d72109756416d699d 30268 chromium_138.0.7204.49-1~deb12u1_arm64-buildd.buildinfo
 716bcc7b6a8b92c4f52bb5c56edfe86a3853627a 60869072 chromium_138.0.7204.49-1~deb12u1_arm64.deb
Checksums-Sha256:
 3a8658441dff0ff455245fa8b86a5c3490e5af01431c572a2c4392c80d9f1509 6090952 chromium-common-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 2be00386732c506504e533a1dfe9cd7edcdfd077a304e8a0bede7f6d2fc32c49 27208728 chromium-common_138.0.7204.49-1~deb12u1_arm64.deb
 a881fbf1d06eb216aa8b30a44bf37fbd641dd66278a6a6d6912d597672ef3bcf 33986620 chromium-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 dbc72ed14963d5a0b3a91e9b79e1c58adc34b7bac9ef1fc5ed8b47ba9d7a3319 7072116 chromium-driver_138.0.7204.49-1~deb12u1_arm64.deb
 9a7813e6d52f902bc3150ff157f23885b24194268ba4facf05f1414b1b4065ba 27870476 chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 49225e92f32265beb1d64cc83449303d32fed5f8515c6c68c6ca4bc3d29886b6 48471440 chromium-headless-shell_138.0.7204.49-1~deb12u1_arm64.deb
 f57fa0f37edeed182a0eb77c8aa72d027759e3dc792a1a0a5cd65c43e0880f70 20652 chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 6456b02fb7a0cbd3c318c5f4ff3f29b392ab6d78b5850bd49eeae99a7af497eb 105896 chromium-sandbox_138.0.7204.49-1~deb12u1_arm64.deb
 f91cdaeeefe39596e4eb8cf70f6be59823ee2650021686c8c88afec1bbb632d5 30001224 chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 0fbf2806a3bc390d89ac12e7eed0bc284c77cdf5af96f2926f5392b06a309fc8 52612072 chromium-shell_138.0.7204.49-1~deb12u1_arm64.deb
 d7dc46bad2e71f37e28645c5b2e500570df50a2d196fdb28f80dba8b2546ac75 30268 chromium_138.0.7204.49-1~deb12u1_arm64-buildd.buildinfo
 0ae195eb0a4ed725d73537a26c5f3dec3afb30a8262b3817c5f0f19371b67fe6 60869072 chromium_138.0.7204.49-1~deb12u1_arm64.deb
Files:
 6d34b94a60899a9af2a0074cce612d95 6090952 debug optional chromium-common-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 624d92e5dd935025a2ff79b32d28f970 27208728 web optional chromium-common_138.0.7204.49-1~deb12u1_arm64.deb
 45415a21cd31a700edb4262a87e5f23a 33986620 debug optional chromium-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 2800c95524a7632a70cb4d990342a540 7072116 web optional chromium-driver_138.0.7204.49-1~deb12u1_arm64.deb
 c3b05a6087e05340d2db46366fbbedb3 27870476 debug optional chromium-headless-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 440083158665769432f1c13a0f1194aa 48471440 web optional chromium-headless-shell_138.0.7204.49-1~deb12u1_arm64.deb
 99e7d9d17671d66b68a83a72406bb039 20652 debug optional chromium-sandbox-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 31dfc9dc719f49a358618016d1c1aa33 105896 web optional chromium-sandbox_138.0.7204.49-1~deb12u1_arm64.deb
 f64fc25afec4e30f9dc8c38029c11b5c 30001224 debug optional chromium-shell-dbgsym_138.0.7204.49-1~deb12u1_arm64.deb
 1f8bf62b620e9071364097c99713794e 52612072 web optional chromium-shell_138.0.7204.49-1~deb12u1_arm64.deb
 f87e0dec7375e7c8765aec147f55d082 30268 web optional chromium_138.0.7204.49-1~deb12u1_arm64-buildd.buildinfo
 3ce861e183146ef10f38ca508e5b582c 60869072 web optional chromium_138.0.7204.49-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmheKPAACgkQLARVyvnD
3xlumA/+JgIJNttaF7Cw6RJERnlLn7mwG1zGyvtS9d0fgjt7sIpw6dy5UmbPJLc7
SXrH3WBvloXYi5/raVj/w5gpui1YSuCM7bh4PQBFwWGzHp7yl7ufYqpRKsEpya5l
AFdarjN5PP2+XfOpYNUPTHqqwB8tYqT+61T435i7pCGDzVEXvecmsLf3Ik4Sdu4m
W2fu8786vUJ3j/HxrJeG0rV+pnJiGkTVyRvyhmQmMbHri0Iaa+UfmtlNLVN1Rx/L
RRBX7JYJa6Opozf+Lg8rCya11nhpwRl0/OWEmcqhAPepwUK7mvDYxFAyqooqaNDz
OC4Isy5q46j/WFjTvlemowMpDn83J0EqNJq4oFmaazit4TL3brmnJn/IiXp3dr/M
aViJ3A/xscQijcNuN8Ipipnk2BeMMfOJafhkYaXLB8cDwpreuANQQb6L0K0UyVQg
8lH68hDlBT3tl+CVWbhBM44v2HUIpluD0jXwOEtYAND1rH43tnPpdsMa/cd05e33
8nstRFw4OCw7CqGMS3JT1FfH1NzmAP8fruOCL1sHNka1hH/1YN8x7cevKpDl6yfx
XmZexUM7H5QCVDQAWC+m1hiIEhFL9QbXdQUiLF7d+cFbz4/qL3IhiJ8PONBZlHQ2
Kb0wNLMFZke2xEKkOxNPCbyWMUgjhM9ZLbDovfRox9V+bd+HzFg=
=17xI
-----END PGP SIGNATURE-----