-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Jun 2025 16:01:10 -0400
Source: chromium
Architecture: source
Version: 138.0.7204.49-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (138.0.7204.49-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-6555: Use after free in Animation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2025-6556: Insufficient policy enforcement in Loader.
       Reported by Shaheen Fazim.
     - CVE-2025-6557: Insufficient data validation in DevTools.
       Reported by Ameen Basha M K.
   * d/rules:
     - drop enable_reading_list=false, as Reading List is now
       supported for all architectures.
     - disable ThinLTO due to build failure with older rust.
   * d/patches:
     - upstream/arm32-crel.patch: drop, merged upstream.
     - upstream/cross-build-target.patch: drop, merged upstream.
     - upstream/span-fwd.patch: drop, merged upstream.
     - upstream/mojo-optional.patch: drop, merged upstream.
     - upstream/opener-heur.patch: drop, merged upstream.
     - upstream/allowed-state.patch: drop, merged upstream.
     - upstream/pdfium-libpng.patch: drop, merged upstream.
     - upstream/safety-hub-set.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - fixes/bindgen.patch: refresh.
     - fixes/armhf-icf.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: refresh.
     - disable/buildtools-libc.patch: refresh.
     - bookworm/clang19.patch: drop part of patch.
     - fixes/memory-allocator-dcheck-assert-fix.patch: update for renamed
       config variable kMaxBucketed.
     - disable/node-version-ck.patch: disable nodejs version check in
       protobuf.
     - bookworm/stdarch-arm.patch: drop redundant portion of patch.
     - bookworm/rust-is-none-or.patch: drop portion of patch due to
       upstream changes.
     - bookworm/gn-hpp11.patch: add another workaround for older gn.
     - bookworm/rust-split-at-checked.patch: enable unstable rust feature
       split_at_checked.
     - bookworm/crabbyav1f-macro-scope.patch: fix (macro-created) variable
       going out of scope.
     - rust-unstable-features.patch: enable a bunch more unstable rust
       features.
     - bookworm/rust-box-to-vec.patch: work around older rustc not being
       able to implicitly handle converted a boxed slice into a vector.
 .
   [ Daniel Richard G. ]
   * d/rules: Rearrange DEB_BUILD_MAINT_OPTIONS assignments to avoid
     "argument unused" warnings on armhf due to -fstack-clash-protection.
   * d/control, d/rules: Apply cross-build feedback from Helmut Grohne.
   * d/control: Add myself to Uploaders:, with Andres's blessing of course :)
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
Checksums-Sha1:
 5e4ebe772c2e5397fedc2bb4b48922571a5eaaf0 4050 chromium_138.0.7204.49-1~deb12u1.dsc
 baaaf4cb66ff22fe467f6b09002763a9eb2790a7 965122316 chromium_138.0.7204.49.orig.tar.xz
 dc8fbfc4328b5fc02c8d175cb917ae2e867efb88 8489384 chromium_138.0.7204.49-1~deb12u1.debian.tar.xz
 bd4ee9bf94b7b5840ab2e11c7db51a8bf105214d 26949 chromium_138.0.7204.49-1~deb12u1_source.buildinfo
Checksums-Sha256:
 568610c7e6aa4777eefe14dcaac11625c745c70b7c99f9bc454e370c4e0110f3 4050 chromium_138.0.7204.49-1~deb12u1.dsc
 4a7e98cf013a5a7a5e08af717eae0cf0fa7f54c0b1b5d61a2cadf00f71305765 965122316 chromium_138.0.7204.49.orig.tar.xz
 f09f53c6a4eb61fb090aac250e798bf285200f120b8e4cd54954e8ad26c73a1a 8489384 chromium_138.0.7204.49-1~deb12u1.debian.tar.xz
 8af53af383c381f00f6f066b7e3751af555812d1fd3cae723395d278276c6537 26949 chromium_138.0.7204.49-1~deb12u1_source.buildinfo
Files:
 1c2d28688346cda5ee7dbe402d8379cb 4050 web optional chromium_138.0.7204.49-1~deb12u1.dsc
 a2b6c2d0191179fca588b740caf380e6 965122316 web optional chromium_138.0.7204.49.orig.tar.xz
 2f5a67b73c71d6675b84ad90602a69d5 8489384 web optional chromium_138.0.7204.49-1~deb12u1.debian.tar.xz
 1bb4d5f9e12dab6f7b6e3c0b0fe3a54a 26949 web optional chromium_138.0.7204.49-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmhdduAUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcXlw//Wj55Zy0Jc9o+FoZP6TPyJy634oNg
O6fIEsjq15q8zYkKFhz+ZDPkcRQn0606b3rX2hCNPBaa/+6ygZLB6KCq/Kuia0LM
lHSTpn6yAj7s7BRSz40KKuu+A+Nzhb1086Y3H6MxbgMVdNYIgN5VGFJGI6X7hTx9
UwEdB8amWz13M02NsTjpJVvtQ/i1MkGwYVyTSWmv5EyR+ZarlmsUIcqSIEJmp4E6
E0RkmC6l1fdnzKkF5a3RGGN1g2OERCEh4X8lohMckBbnW9vlHTNl+EFkA+yK4GfQ
gR3qcINxN/5gUrz/LYCsoDsCZ7tVnnBtRzVKiI6jD1toprIL/uVOP+L2zSu2BE0G
HmgMunVq9IIyw3DtSF33ISbgUL58RvtnYM2HLYXuFinxOyRpObsCW+7MuyzRGfUx
FcBa1B7kuOwjsFC1YHB9nK60QkTHOpUHBGYpgfTNC6CEJ1lziaaDcicQ5p2vz0qs
18ppw5GB3tF+3qoga+8/S2Fe6hFqc0iqbgnCgMo4fyJKlOAzaiKivDBopwM0avrm
ktlT3cScF4sU1G0p6d+Ol4BnLRkaSnKSyGtf2ycn0G5adW8Wb3JFfXS94sIAu9kv
zS/xgPEYMr5VkjM+fh4jH0v2ShVyYkGOJKjsWKC4IdTwaj4rAd80i2bROgSw6t1y
DsnFf1X3s9QXydw=
=U9eo
-----END PGP SIGNATURE-----