-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Jun 2025 16:01:10 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 138.0.7204.49-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
Checksums-Sha1:
 45a2e685ddb3a290dfe39a9a749b248a71e94caf 8284164 chromium-l10n_138.0.7204.49-1~deb12u1_all.deb
 574ffda991ea335f64fb702cc86dc957e59cc041 26823 chromium_138.0.7204.49-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 c2f05d3b8756ac9bfa3d6991258ce9973e925fdf0c6b9e1b257f507f33645fc9 8284164 chromium-l10n_138.0.7204.49-1~deb12u1_all.deb
 9004b7e326aab83873ea166dd9faa9b5f2fafd33652ee1afed7163d25fcf066c 26823 chromium_138.0.7204.49-1~deb12u1_all-buildd.buildinfo
Files:
 cb94f1290fff9a0390e3dad3b90fa333 8284164 localization optional chromium-l10n_138.0.7204.49-1~deb12u1_all.deb
 18b7c5b3bc5e47c37b8463ddee15b48d 26823 web optional chromium_138.0.7204.49-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmhd7RwACgkQJm69HxMT
N+qSKxAAi2BTqEBcHKB5pbTd21pGPtHkPR4hpDMrz6m3FiUotLYv2PCrnInCCRS2
eHhVZgIDn0Jl/rYwl8WHs6IrP5zHmWsDNtApT3d0/NCQwJvbOftlntd+sQEolrr/
g/Q71lQhSvr53B+xG9czYck79q/RCfoVXugZE/siU+/XllrwUSNCIJ4tuL+buhCM
cJ66nB0aC3lwmPKyjknFJdmvmI8qo6Udc+4QUSfSOVFd1biVxuLfxTrpF2JfKxtT
4+PIyK5r04ZafFVGmuNcrRHUOgu8204dm8P+YVmbh37iFPTQ9gb5jaJGFQdtz5uF
yv9552BSbGJKL5jA9my8JvH6zHT3x8QEyUzi8JEgTGdxKEIqPlUJOJxuhh7k3h9q
z6AXZD5U3Uypwy8yGes/29nFH6ujSNzgECIdefo9hue5O+9HLdGWHCWEpnyKaQ2V
BoolYREzNPB0uk4eFQjpmSMJqcTD7wKuT+6DB3m3y5aG55Vd32Zq9OjXAhHro20x
Yb6QuRt5FROLADS90QHUzKHmgc681eW1+/5u5gUfrgq9zSKHyghGQ+UyXbYlcloW
bwunOmi1dFV9ex8Ky4L/+EQqV1Cz3VxCvyocth7kYh97CN88SP3LuJTqvfzai7fk
mI0Mon0e3ai7h67yHCqTP2X4JZeZ2t9j2VeBfH3m1kLKTsTa47s=
=Cv3L
-----END PGP SIGNATURE-----