-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Aug 2025 17:48:13 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 139.0.7258.66-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 Build Daemon (x86-grnet-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: - Replace elfutils build-dep with llvm-19 for switch to llvm-strip. - Update rustc-web build-dep to >= 1.84. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. - bookworm/gn-absl.patch: refresh. - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web. - bookworm/rust-unstable-features.patch: drop - newer rustc-web. - bookworm/bubble-contents.patch: drop, no longer needed. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes Checksums-Sha1: 8f1e09d6080cbd79c323c184edc94aedf2635fd0 5279340 chromium-common-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 566255fed0245dce5b6721b8efe7a671a8fe2f7d 22211408 chromium-common_139.0.7258.66-1~deb12u1_amd64.deb a3871fca9bb4c5691f01b8775fcb7dabbb0a9ed8 33304628 chromium-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 360ed3273436f6a9525fba95820602c9bf8b692d 7970476 chromium-driver_139.0.7258.66-1~deb12u1_amd64.deb 4a2d299fb547cfaf756b5c415c2115b1a933b53e 27848052 chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 862fbd91604a0e44ac511f1cd1965d9a155ad19a 55416868 chromium-headless-shell_139.0.7258.66-1~deb12u1_amd64.deb b19c8926ecf9dfe9c4840859939514904ec1a91b 19372 chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 32ff8badc9c75332babd6471f80b970a9b304ccd 106068 chromium-sandbox_139.0.7258.66-1~deb12u1_amd64.deb 23ca2630975ee29b7346377c03bbf5a8356b67a5 29963948 chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 4873879ec49e600ca979cf5ea08f178df0aa3845 60065700 chromium-shell_139.0.7258.66-1~deb12u1_amd64.deb ad31e95257e2b112ce4d5530f2966a7046e295d3 30302 chromium_139.0.7258.66-1~deb12u1_amd64-buildd.buildinfo f4d946cb6c72360598d566f5ef43e5c476d41103 70299432 chromium_139.0.7258.66-1~deb12u1_amd64.deb Checksums-Sha256: 37761dd0d6ed52eae3ad12601519d07cb0a79bfd134fc0b05c906f7d9428f7da 5279340 chromium-common-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 20fbe6093adf0c42e7525498fc53dbbf70939340a8f9a1934d7c635a1f28c915 22211408 chromium-common_139.0.7258.66-1~deb12u1_amd64.deb 9d2382e8a72b3ee53909ca91c6a33a788af2faf49136ef6a815fad0ad432a2f0 33304628 chromium-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 7f9a1ab9e5e62a6d424d82ab22085056b7d6d31e870770dbd312e5d0b825b236 7970476 chromium-driver_139.0.7258.66-1~deb12u1_amd64.deb 4772cc9133480888a060851a00dbdba2cfd7df35d89ae8c4f324d4fb1805f94d 27848052 chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 0dbf406a329892632971853582318dd998d34fb4ccb18a65e354b884ac95c3e4 55416868 chromium-headless-shell_139.0.7258.66-1~deb12u1_amd64.deb 02a985c4dded46fd3ab4cd2d7570b27326efc6e399aef6db6e175e2e815c8540 19372 chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb e2f3b89364c12e154b0f8ffd98b5ebdd2dc0a863a269ef1d1b62620a2d4d67a7 106068 chromium-sandbox_139.0.7258.66-1~deb12u1_amd64.deb ab70a1d6e08904185b51b0238610a54c6aa353fc718235978312cd6edb553609 29963948 chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 7b7368199894aec068baaad27c8f4ece98247d6014a82169b95a38dbaaa28c51 60065700 chromium-shell_139.0.7258.66-1~deb12u1_amd64.deb 88ecd1ede0a26e3158c69d3b9340918a6795d95b902e3667f9d6d19538f6d973 30302 chromium_139.0.7258.66-1~deb12u1_amd64-buildd.buildinfo fa6bf7ea8062186c0ed7a232208ced08ab42a72b3de91f543e35921ccef54d61 70299432 chromium_139.0.7258.66-1~deb12u1_amd64.deb Files: e9708cdae8cc6fdb6ffea54fd9e0e219 5279340 debug optional chromium-common-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 6002a9bc5cdf1c512a7bd22e03d3742b 22211408 web optional chromium-common_139.0.7258.66-1~deb12u1_amd64.deb 778f8562e7180a0122ae6fd6877a2657 33304628 debug optional chromium-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 93e7856b509f1012f0bfec9f0cdf6395 7970476 web optional chromium-driver_139.0.7258.66-1~deb12u1_amd64.deb 8d63769df1ca843108c986e8f8d954bc 27848052 debug optional chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb cd829991907f924a66f744bf100743fe 55416868 web optional chromium-headless-shell_139.0.7258.66-1~deb12u1_amd64.deb 01b1a18ca43ff20a6854ed32c2faf6f5 19372 debug optional chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 4c926659c906f2f62d87014c7a675595 106068 web optional chromium-sandbox_139.0.7258.66-1~deb12u1_amd64.deb 168a574788e8944e0d466d8ae4fb833e 29963948 debug optional chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_amd64.deb 2ff7503ab96b260f25b6a6a5e9295257 60065700 web optional chromium-shell_139.0.7258.66-1~deb12u1_amd64.deb 1097fbf2e8feaf01fab065e4d56e6def 30302 web optional chromium_139.0.7258.66-1~deb12u1_amd64-buildd.buildinfo f32ab224103036e3bc08864fbbcd9d9d 70299432 web optional chromium_139.0.7258.66-1~deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmiTjkIACgkQvGw9w6Vr LCf+QA/+JmxFxXV6n1P8bCVDoKkMJAA7f+qrGd/5CsRS8BIcAngzT3xnu6jco9vp j7kiblWem+Mp1Z8fn+3DdrIDbgUdWx2eJTGA4cOcXEbx+/KPElvtPDEuQamXYB/w e5kD0ycqu8g0A3y480wFFQlIuws8bDJjA8Aq8Rt0oc1Y6IeX4z5bTXHd27l2OILG dfsNWNJutGr1ghKZPmL1gttzhjTpppZcWUU7yP/nGfO0cC2GkxriFfCST6vZtoVq 5FYPhe8xm+q58i3z1XM8ooQ4ROPTo5KdVaIIYijZgjGZK/50wyfgdbBD9BYmLSqy I0M+6lJz5DtfymrYvcD7dsanu52i0tctaxZ+ir7j9XopCV5YPq4rH7RjqIUc783F wpGwKkU4gmxzLG7V+Cpjsdu67K7C7iQI/IKpgGGQU8n5zDYSNGqGYqRZ1VmxMpVl OjYkUtqWo9gOS453joFGV3CtxCDMUHYmOrkVYHPm3XCoZ3WhS5xsIfP2+0E1BYK9 6SFzURA2CXHm+YTw6P78nRV4ynI6541DV6ZndBxt1leuMpjgcGLaQQ050YxAsoo8 qf8WAP8zd9oBTXRyHNQbVRVh6tSH9cwaHiJl3hJtpixhyL8w2yC4bk1BXnl9ionR Dxo9kbLDrZ4CC0K9CDXWAyEk3vWW3XCn1s1atey8fqlCVM6kp04= =Hf6W -----END PGP SIGNATURE-----