1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted chromium 132.0.6834.83-1~deb12u1 (source) into proposed-update

    From Debian FTP Masters@21:1/5 to All on Sat Jan 25 17:40:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Tue, 14 Jan 2025 21:20:43 -0500
    Source: chromium
    Architecture: source
    Version: 132.0.6834.83-1~deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Chromium Team <chromium@packages.debian.org>
    Changed-By: Andres Salomon <dilinger@debian.org>
    Changes:
    chromium (132.0.6834.83-1~deb12u1) bookworm-security; urgency=high
    .
    [ Andres Salomon ]
    * New upstream stable release.
    - CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme.
    - CVE-2025-0435: Inappropriate implementation in Navigation.
    Reported by Alesandro Ortiz.
    - CVE-2025-0436: Integer overflow in Skia.
    Reported by Han Zheng (HexHive).
    - CVE-2025-0437: Out of bounds read in Metrics.
    Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
    - CVE-2025-0438: Stack buffer overflow in Tracing.
    Reported by Han Zheng (HexHive).
    - CVE-2025-0439: Race in Frames. Reported by Hafiizh.
    - CVE-2025-0440: Inappropriate implementation in Fullscreen.
    Reported by Umar Farooq.
    - CVE-2025-0441: Inappropriate implementation in Fenced Frames.
    Reported by someoneverycurious.
    - CVE-2025-0442: Inappropriate implementation in Payments.
    Reported by Ahmed ElMasry.
    - CVE-2025-0443: Insufficient data validation in Extensions.
    Reported by Anonymous.
    - CVE-2025-0446: Inappropriate implementation in Extensions.
    Reported by Hafiizh.
    - CVE-2025-0447: Inappropriate implementation in Navigation.
    Reported by Khiem Tran (@duckhiem).
    - CVE-2025-0448: Inappropriate implementation in Compositing.
    Reported by Dahyeon Park.
    * d/patches:
    - upstream/blink-fix-size-assertions.patch: drop, merged upstream.
    - upstream/dawn-strlen.patch: drop, merged upstream.
    - upstream/mrc-copy-op.patch: drop, merged upstream.
    - upstream/variant.patch: part of this was merged upstream; keep the
    rest.
    - fixes/freetype.patch: drop, merged upstream.
    - fixes/gpu-crash.patch: drop, merged upstream.
    - fixes/bindgen.patch: refresh and make patch even smaller. Also some
    upstream churn.
    - fixes/fix-assert-in-vnc-sessions.patch: refresh.
    - ungoogled/disable-privacy-sandbox.patch: refresh.
    - upstream/mojo.patch: fix missing files.
    - upstream/uint.patch: add gcc-specific build fix.
    - bookworm/constflatset.patch: add (probably) gcc-specific workaround.
    - fixes/lens-optional.patch: add gcc-specific build fix.
    - bookworm/gn-absl.patch: modify for new dependency.
    - bookworm/rust-visibility.patch: add build fix for older rustc.
    - bookworm/less-void.patch: add build fix for older libstdc++/gcc.
    * Downgrade to rollup3 for devtools-frontend stuff, due to the bundled
    rollup4 including wasm blobs. Update d/patches/system/rollup.patch to
    point to the right place as well, and build-dep on
    node-rollup-plugin-terser.
    * Build against newer bundled libtiff for memory limiting protection.
    * Switch to bundled libdrm due to DRM_IOCTL_SYNCOBJ_EVENTFD usage.
    .
    [ Timothy Pearson ]
    * d/patches/ppc64le:
    - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Drop due
    to upstream fixes
    - third_party/skia-vsx-instructions.patch: Refresh for upstream changes Checksums-Sha1:
    26cadb794f5061cabb4eef30e6968bda75f9dd29 3781 chromium_132.0.6834.83-1~deb12u1.dsc
    9ea9ff13cbd95f21fb1e3a3aa8e32936e90c27f8 745627504 chromium_132.0.6834.83.orig.tar.xz
    0637d17d095edeba612cfb0766812f8dc0b17012 8511316 chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
    e914b9f0fb807b579f9e2123ea50e7072bc4c77b 26806 chromium_132.0.6834.83-1~deb12u1_source.buildinfo
    Checksums-Sha256:
    964887a27dceab8e667a8d8c985824fb2d698ba7faf7940a0cb9ad13779c0fbc 3781 chromium_132.0.6834.83-1~deb12u1.dsc
    d6203713a2d1e1025e3817b06c08edb1406a9dd183cd72de623043948eab3ebf 745627504 chromium_132.0.6834.83.orig.tar.xz
    d0130c6ae1a379c66faaeb14a22e1a56e4bba9aca14d02ba44b12542ef0b7ecd 8511316 chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
    244c9f733f5a2f437fe4a287afd3c9d197aaab880a6f01ca0c2c19dce6092b0c 26806 chromium_132.0.6834.83-1~deb12u1_source.buildinfo
    Files:
    86f03b849848745240cc44b9777db629 3781 web optional chromium_132.0.6834.83-1~deb12u1.dsc
    4968d42e218807d81add6dd8088fa8ac 745627504 web optional chromium_132.0.6834.83.orig.tar.xz
    3edd660f50a8b0c6195dcb6fb9596391 8511316 web optional chromium_132.0.6834.83-1~deb12u1.debian.tar.xz
    3f9efd2eada990d8ca4c77a36862101a 26806 web optional chromium_132.0.6834.83-1~deb12u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmeHW58UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcW1w/+OjwmRFrQjYYwc9/iQ28285yaZDnN 29G4nk6oXxSu/rPmTIIoL9awt6q1c+aD5EFoNLp/fX+UocGxN+k/i8KY5OpGcm5z 3LfCqoTfr1mvCgmHpuo/YJ/ZCji2XU/xZ6tB1A/IH4LzAIbh/ZLMMQ/qpZKhRckz yyoZIAz1fHHDqnjvyuz7PpFuT/3sraAL3+BCWrmRn+7gNQunULFB5XwzMSAxjXVg fBycdnkOElwhiCvnGWNxVoqm8EJmo66N70LFdY/uPtAtaMDs6XHXBPVS6ho48O04 NB4bYpmp9KvoabI9UnSh6oJ3F9jORwMBr6sCe2tY8WH9fhN58m0y5leM7un8Qt2n xDtu0AUkfywiwY4giiS2TkEKITS7OwI7AhQdXDC3FD2xdv+HVdjP3ZnooVGueZDT rTIQwwhGx0Cqwk0SXfGjfAdL0vk/rEz9wvbMADGar4yOeE6uskVvITD/Mn1yWdtO Z00JZPqrLBAntbDmgAIXKsFS4EKOMCxz3DBBQqCXXt0T8UzjRAMQUexzuayBHBIP VLvh4DzlOJAXyitJIbCYEoyiDXtEz5SlEormRdni9BCQi8BYDtPhC00SQm6kVC16 cdejueyAN0NdYCaCF0FHyh9eMLtz2m340knMMHYWJ+QAuGMBytEi0cJsFlGcvl3I oc6c09tS37/9tlI=
    =sWkN
    -----END PGP SIGNATURE-----


    --==============G22250510488791488=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ5USCgAKCRCb9qggYcy5 IdoPAPwLQSQxPxVJPD9+TW6IFXoarzoiky4qKSa/XuAa6Vz+ewD/RmkrT038apGT CkUZDlHu96pL174FicQpMOEQHEHWQQ0=VgWS
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)