-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Aug 2025 17:48:13 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: i386 Version: 139.0.7258.66-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: - Replace elfutils build-dep with llvm-19 for switch to llvm-strip. - Update rustc-web build-dep to >= 1.84. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. - bookworm/gn-absl.patch: refresh. - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web. - bookworm/rust-unstable-features.patch: drop - newer rustc-web. - bookworm/bubble-contents.patch: drop, no longer needed. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes Checksums-Sha1: 74ae1a93b9e0da0b22850cea6142614ee78278f1 5077704 chromium-common-dbgsym_139.0.7258.66-1~deb12u1_i386.deb e0244614590ff7e93bb3ff4a459d505f957fcfec 22268272 chromium-common_139.0.7258.66-1~deb12u1_i386.deb a0b594d3c34fc0faf1b5eae97f83c2b5d0b41cf5 33535868 chromium-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 7aded8e6503c25a655357ff8f528775d69ca8e30 8277824 chromium-driver_139.0.7258.66-1~deb12u1_i386.deb 03ecd7ba32ccd7c97fd235139e7db165eb14ddbf 28075500 chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb ccae4506949b0a6b6e9bbe3abccac939a95a2591 56402812 chromium-headless-shell_139.0.7258.66-1~deb12u1_i386.deb d5e4f194a0ba644d3b40c4d25ce6abe2c13a3ac5 18080 chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 2bf84ecd2610f8475f13f8566a107197d9b9f352 105904 chromium-sandbox_139.0.7258.66-1~deb12u1_i386.deb de34775c31b3b569c28cb8a7fa5a835847709f4f 30156792 chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 11b96576a92b3d4643885e6a6d8757888f66a792 61082404 chromium-shell_139.0.7258.66-1~deb12u1_i386.deb 353fb38a251282468605b1a9a7f3b97829653d88 30268 chromium_139.0.7258.66-1~deb12u1_i386-buildd.buildinfo bbbec6bc8e55a048361e6a2a8208650ee5f5cba1 71794428 chromium_139.0.7258.66-1~deb12u1_i386.deb Checksums-Sha256: 94115b0ac2a86e72aaa3379cc725b814ea534076ed30537539d793a7c7b48c33 5077704 chromium-common-dbgsym_139.0.7258.66-1~deb12u1_i386.deb c48a64b4405bcdba203666dff6f50a60025141f46d3190cbc943fecf07e671da 22268272 chromium-common_139.0.7258.66-1~deb12u1_i386.deb a607ac2f31a9314cc6a26df8113d85eb55484f8d1a4f473da714468069591d59 33535868 chromium-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 77072970eaa72304be70f1b06dfac20630ed13c0d29db7e22d23cafcf1a19fcc 8277824 chromium-driver_139.0.7258.66-1~deb12u1_i386.deb b01c31f756f327989c10ae31e68691d7cf3b312115e7e2ec594d0b88f27e8937 28075500 chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 3dc379bf9f1b9feb63eef664bc5d63746f9b8f79595040a6e4aa000e7543e871 56402812 chromium-headless-shell_139.0.7258.66-1~deb12u1_i386.deb 3fd7521307d23d729b60e007095ccb60869f8c9edbec11fa15efd99af10ae2b6 18080 chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 95ba1bfe7d2707fdbda2e5e5a406e398952d265268d30b0ee21e9ed3a533c39b 105904 chromium-sandbox_139.0.7258.66-1~deb12u1_i386.deb fbae98f33a8cec8c4a2b52d744ec0419931ac546e4716866bcd8cb9301f4d896 30156792 chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 5eba65d76df64f890b66ab2b2478b7d7488734886911b513fa5f690ba28e9e88 61082404 chromium-shell_139.0.7258.66-1~deb12u1_i386.deb d8a74176762ea2029e35718fd331cd395c5167c4d6174921c645b0738fd521f5 30268 chromium_139.0.7258.66-1~deb12u1_i386-buildd.buildinfo 5c9f20441b369a3ab249a3e2c04a73e2c52a694719c3caf27738e48351238042 71794428 chromium_139.0.7258.66-1~deb12u1_i386.deb Files: 242ed8cff9f16c993e2c153177ef7ad8 5077704 debug optional chromium-common-dbgsym_139.0.7258.66-1~deb12u1_i386.deb a69758ad329a8262e93738618ebf0f63 22268272 web optional chromium-common_139.0.7258.66-1~deb12u1_i386.deb c412510b30aa93cf756ca2f574ce8230 33535868 debug optional chromium-dbgsym_139.0.7258.66-1~deb12u1_i386.deb d9d9d500caa88a9473e22c62e40884df 8277824 web optional chromium-driver_139.0.7258.66-1~deb12u1_i386.deb 8a0d5fb5bbd65c298e0ab97e11af191a 28075500 debug optional chromium-headless-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 93ddeac3b2151ae6837ff094de98eee4 56402812 web optional chromium-headless-shell_139.0.7258.66-1~deb12u1_i386.deb 6b727a64f917223315685f53a80b0b26 18080 debug optional chromium-sandbox-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 8e935351f69c9dd807def94bd8d19e05 105904 web optional chromium-sandbox_139.0.7258.66-1~deb12u1_i386.deb 6ce48dd86dbedaa4f59b8ecd1cb2591b 30156792 debug optional chromium-shell-dbgsym_139.0.7258.66-1~deb12u1_i386.deb 8bdd2daac82c70842765b1bcdf6be248 61082404 web optional chromium-shell_139.0.7258.66-1~deb12u1_i386.deb d9055748aa6b58e3fac739ccd70f6478 30268 web optional chromium_139.0.7258.66-1~deb12u1_i386-buildd.buildinfo aca6e788f566637c862828a66dbf07c8 71794428 web optional chromium_139.0.7258.66-1~deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmiTnY4ACgkQJuP6X4A0 XeI4Cw//biimjm4EHUWfoWsVXGbT2aVHegSBfGTDEnBmKQb2mPPPgG8y3dMV/xHP 8tbFFC07B4bA3xkSsse0ZVRqaTmsoFnUvhuK0TKIfhJ95QilXKTfSGS9jVxgq/nA EYI8Oytbz0zCAygg42Yb09TIyawqWmwOOWl6DINe4/6Hea7/zXltZH1Pd0kz31c3 be8DYahsETmanIfzOha4sXD3s7zFYK2WXyKD1MslW6yaZ813KrNjQcst0/gYRXPt 8ejsN8xgrezUR7jxtAv60IpfWB+npt+j3l7ofrfqLCPj5+S9jgCOOsVXt+1U3rV/ kMjbp50ctPUR7oYulf8JXB5PfwRGgJktG4Da0k7sZv0TXmK0/0egN0m9oTT7Oyxj mba/+45avxWatl7aNHW4yc3BPTtGTd58BAsuhpxFe1FaGFYGC3IJCF9pbFqUqWm8 sav78F9CMHR27pr2zHPjmcVxgTsf5znNt2517CQAsz1ivNfRAyOCYrNSIaAbzvdq o1seZ5ARlgL0RSdqbqvzOTi/PDDMaEI3ACxxK8WxizyqHYjCWamMdTM0fmHdrNYz m4UZNn0MOMz5LNjw9YWZXsOgmqk85sKQPVZY7sduMbk+QZVcMCCCQg9vH5A6MyFr ecfQnxBlMNNyffyhp8n/JU8ZMHpvDRRsQWhiIiGzLbkmwSHD+8c= =Vcpy -----END PGP SIGNATURE-----