Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 134.0.6998.35-1 (source) into unstable
Date: Wed, 05 Mar 2025 22:36:45 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Mar 2025 13:26:45 -0500
Source: chromium
Architecture: source
Version: 134.0.6998.35-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (134.0.6998.35-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-1914: Out of bounds read in V8. Reported by
       Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13).
     - CVE-2025-1915: Improper Limitation of a Pathname to a Restricted
       Directory in DevTools. Reported by Topi Lassila.
     - CVE-2025-1916: Use after free in Profiles.
       Reported by parkminchan, SSD Labs Korea.
     - CVE-2025-1917: Inappropriate Implementation in Browser UI.
       Reported by Khalil Zhani.
     - CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine.
     - CVE-2025-1919: Out of bounds read in Media.
       Reported by @Bl1nnnk and @Pisanbao.
     - CVE-2025-1921: Inappropriate Implementation in Media Stream.
       Reported by Kaiido.
     - CVE-2025-1922: Inappropriate Implementation in Selection.
       Reported by Alesandro Ortiz.
     - CVE-2025-1923: Inappropriate Implementation in Permission Prompts.
       Reported by Khalil Zhani.
   * d/patches:
     - fixes/widevine-revision.patch: drop. Upstream says "with CDMs using
       manifest-based registration, no need to" hardcode version string.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: refresh from ungoogled.
     - bookworm/gn-allowlist.patch: add workaround for older gn.
     - bookworm/adler1.patch: add workaround for older rust.
     - fixes/stdatomic.patch: add build fix to ensure <stdatomic.h> isn't
       used.
     - fixes/variant.patch: add missing header include.
     - upstream/qualifications.patch: add fix to silence annoying warnings.
     - upstream/optional.patch: add more missing header includes.
   * d/rules: update to ensure both qt5 AND qt6 are disabled.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/swiftshader-llvm.patch: Add LLVM patches from upstream LLVM
       project to fix integrated SwiftShader LLVM FTBFS
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
       upstream changes
Checksums-Sha1:
 4c814301181b7ade6e56aa90309ee5bd3451cc52 3830 chromium_134.0.6998.35-1.dsc
 332fa8cd06755604d127cd35ed7890a40dd22664 915150532 chromium_134.0.6998.35.orig.tar.xz
 1650ec854f4634faf8ffbb72f0242fae25f37371 336832 chromium_134.0.6998.35-1.debian.tar.xz
 6e0aebcdadf3522e171803652c6b776811e5cfd8 27095 chromium_134.0.6998.35-1_source.buildinfo
Checksums-Sha256:
 8d1ecedb662cc256b661afc4777f7809c78f0d49f9eb0fb0fb8ceaa3327791fd 3830 chromium_134.0.6998.35-1.dsc
 e5c25afaa1adbcc671f16ae7166e71bed20a01c99f979564cddafdf2ae2b1613 915150532 chromium_134.0.6998.35.orig.tar.xz
 7d30644af15324f624f0c71766a281dfd976e77dcef82bfa888abd27f08ad330 336832 chromium_134.0.6998.35-1.debian.tar.xz
 52637f8e54cb823ed4ecba81938a58c3be98dd2b33ccb53ffbf363d751ac4c20 27095 chromium_134.0.6998.35-1_source.buildinfo
Files:
 3ca1b1987f4de88bfb5e99986edd3539 3830 web optional chromium_134.0.6998.35-1.dsc
 07428b758264b61deee55a23a3cf504e 915150532 web optional chromium_134.0.6998.35.orig.tar.xz
 6c4108ccf18ed56e0ba646f7268baf0b 336832 web optional chromium_134.0.6998.35-1.debian.tar.xz
 ace0028dda9354f4e8cc4dda6c437f95 27095 web optional chromium_134.0.6998.35-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmfIxKIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeX0Q//Wqc/X5tv11/gVMRPO87Km4IUHXxB
P/LQYXH1+4IyIAd/xLKQ1aXz1yL66QFytwfoR1v2uhifTX8DHY6RxHaGJge7SLsd
XW0ksgJukdde3DAoo1WtN71MgUmhqOY2M3fy7nO3pyVlo9PoEUkYbypPb35DbTK7
ij6WHsQwqE2FTHZmr1uIEWMlr+UVy1Ho/Uy1FIdEvD6SkliAHFQC2iXKjkStK/eD
2NrKcOehnYi6pEAxptOQwarWHC1/7g/foEimOfPSqUrU90omGkk0nCPpMlyFbjiO
8c4/Tg5i9QTEbSColwfozdu4HB8ZI4firFZ6uur40CAa809ZskJ+I7+f+v8Kg53o
LImllvEJ4FuutrSdwDr7iVZLuHounp8//nEsdCtaUIQqjld0hYqYCl5+70TmGRR1
/ikqNVaggumAJs0NJxPCwIEpN/chR9x2u9M7NCHQSoRYp65TLBFKxwte2VOnZzVd
9Vkg1Iqo5Fnw0PBBnT/7hCfg5WMLq0NmUcpSdxW14dxdO3VpynDHbxj+GVB5ATQ3
pSMOkUuOsG7JPmXeCaR/4q17+p/YmKcIL8QTQ2iWPnCY+Zy3eRpc3RHIWLLFvEI1
P0Gkk7Oq0i3D7yM8T3Lbzdsfk7jDp1vO9uwbUj4BcNYhX7ZzaYV5+dDqNU4yWyJy
w4XozIdbEfWFuW0=
=PMyy
-----END PGP SIGNATURE-----
News for package chromium
