-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Jan 2025 21:20:43 -0500
Source: chromium
Architecture: source
Version: 132.0.6834.83-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (132.0.6834.83-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme.
     - CVE-2025-0435: Inappropriate implementation in Navigation.
       Reported by Alesandro Ortiz.
     - CVE-2025-0436: Integer overflow in Skia.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0437: Out of bounds read in Metrics.
       Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
     - CVE-2025-0438: Stack buffer overflow in Tracing.
       Reported by Han Zheng (HexHive).
     - CVE-2025-0439: Race in Frames. Reported by Hafiizh.
     - CVE-2025-0440: Inappropriate implementation in Fullscreen.
       Reported by Umar Farooq.
     - CVE-2025-0441: Inappropriate implementation in Fenced Frames.
       Reported by someoneverycurious.
     - CVE-2025-0442: Inappropriate implementation in Payments.
       Reported by Ahmed ElMasry.
     - CVE-2025-0443: Insufficient data validation in Extensions.
       Reported by Anonymous.
     - CVE-2025-0446: Inappropriate implementation in Extensions.
       Reported by Hafiizh.
     - CVE-2025-0447: Inappropriate implementation in Navigation.
       Reported by Khiem Tran (@duckhiem).
     - CVE-2025-0448: Inappropriate implementation in Compositing.
       Reported by Dahyeon Park.
   * d/patches:
     - upstream/blink-fix-size-assertions.patch: drop, merged upstream.
     - upstream/dawn-strlen.patch: drop, merged upstream.
     - upstream/mrc-copy-op.patch: drop, merged upstream.
     - upstream/variant.patch: part of this was merged upstream; keep the
       rest.
     - fixes/freetype.patch: drop, merged upstream.
     - fixes/gpu-crash.patch: drop, merged upstream.
     - fixes/bindgen.patch: refresh and make patch even smaller. Also some
       upstream churn.
     - fixes/fix-assert-in-vnc-sessions.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh.
     - upstream/mojo.patch: fix missing files.
     - upstream/uint.patch: add gcc-specific build fix.
     - bookworm/constflatset.patch: add (probably) gcc-specific workaround.
     - fixes/lens-optional.patch: add gcc-specific build fix.
     - bookworm/gn-absl.patch: modify for new dependency.
     - bookworm/rust-visibility.patch: add build fix for older rustc.
     - bookworm/less-void.patch: add build fix for older libstdc++/gcc.
   * Downgrade to rollup3 for devtools-frontend stuff, due to the bundled
     rollup4 including wasm blobs. Update d/patches/system/rollup.patch to
     point to the right place as well, and build-dep on
     node-rollup-plugin-terser.
   * Build against newer bundled libtiff for memory limiting protection.
   * Switch to bundled libdrm due to DRM_IOCTL_SYNCOBJ_EVENTFD usage.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Drop due
       to upstream fixes
     - third_party/skia-vsx-instructions.patch: Refresh for upstream changes
Checksums-Sha1:
 26cadb794f5061cabb4eef30e6968bda75f9dd29 3781 chromium_132.0.6834.83-1~deb12u1.dsc
 9ea9ff13cbd95f21fb1e3a3aa8e32936e90c27f8 745627504 chromium_132.0.6834.83.orig.tar.xz
 0637d17d095edeba612cfb0766812f8dc0b17012 8511316 chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
 e914b9f0fb807b579f9e2123ea50e7072bc4c77b 26806 chromium_132.0.6834.83-1~deb12u1_source.buildinfo
Checksums-Sha256:
 964887a27dceab8e667a8d8c985824fb2d698ba7faf7940a0cb9ad13779c0fbc 3781 chromium_132.0.6834.83-1~deb12u1.dsc
 d6203713a2d1e1025e3817b06c08edb1406a9dd183cd72de623043948eab3ebf 745627504 chromium_132.0.6834.83.orig.tar.xz
 d0130c6ae1a379c66faaeb14a22e1a56e4bba9aca14d02ba44b12542ef0b7ecd 8511316 chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
 244c9f733f5a2f437fe4a287afd3c9d197aaab880a6f01ca0c2c19dce6092b0c 26806 chromium_132.0.6834.83-1~deb12u1_source.buildinfo
Files:
 86f03b849848745240cc44b9777db629 3781 web optional chromium_132.0.6834.83-1~deb12u1.dsc
 4968d42e218807d81add6dd8088fa8ac 745627504 web optional chromium_132.0.6834.83.orig.tar.xz
 3edd660f50a8b0c6195dcb6fb9596391 8511316 web optional chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
 3f9efd2eada990d8ca4c77a36862101a 26806 web optional chromium_132.0.6834.83-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmeHW58UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcW1w/+OjwmRFrQjYYwc9/iQ28285yaZDnN
29G4nk6oXxSu/rPmTIIoL9awt6q1c+aD5EFoNLp/fX+UocGxN+k/i8KY5OpGcm5z
3LfCqoTfr1mvCgmHpuo/YJ/ZCji2XU/xZ6tB1A/IH4LzAIbh/ZLMMQ/qpZKhRckz
yyoZIAz1fHHDqnjvyuz7PpFuT/3sraAL3+BCWrmRn+7gNQunULFB5XwzMSAxjXVg
fBycdnkOElwhiCvnGWNxVoqm8EJmo66N70LFdY/uPtAtaMDs6XHXBPVS6ho48O04
NB4bYpmp9KvoabI9UnSh6oJ3F9jORwMBr6sCe2tY8WH9fhN58m0y5leM7un8Qt2n
xDtu0AUkfywiwY4giiS2TkEKITS7OwI7AhQdXDC3FD2xdv+HVdjP3ZnooVGueZDT
rTIQwwhGx0Cqwk0SXfGjfAdL0vk/rEz9wvbMADGar4yOeE6uskVvITD/Mn1yWdtO
Z00JZPqrLBAntbDmgAIXKsFS4EKOMCxz3DBBQqCXXt0T8UzjRAMQUexzuayBHBIP
VLvh4DzlOJAXyitJIbCYEoyiDXtEz5SlEormRdni9BCQi8BYDtPhC00SQm6kVC16
cdejueyAN0NdYCaCF0FHyh9eMLtz2m340knMMHYWJ+QAuGMBytEi0cJsFlGcvl3I
oc6c09tS37/9tlI=
=sWkN
-----END PGP SIGNATURE-----