-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 10 Jun 2025 15:08:42 -0400
Source: chromium
Architecture: source
Version: 137.0.7151.103-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (137.0.7151.103-1~deb12u1) bookworm-security; urgency=high
.
* New upstream security release.
- CVE-2025-5958: Use after free in Media.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2025-5959: Type Confusion in V8.
Reported by Seunghyun Lee as part of TyphoonPWN 2025.
* Add build-dep on libc++-19-dev and switch to building statically
against clang's libc++ (instead of gcc's libstdc++).
* d/patches:
- fixes/absl-optional.patch: drop, only needed for libstdc++.
- fixes/font-gc-asan.patch: drop, only needed for libstdc++.
- fixes/stdatomic.patch: drop, only needed for libstdc++.
- fixes/make-pair.patch: drop, only needed for libstdc++.
- bookworm/constflatset.patch: drop, only needed for libstdc++.
- bookworm/constexpr2.patch: drop, only needed for libstdc++.
- bookworm/constexpr3.patch: drop, only needed for libstdc++.
- bookworm/foreach.patch: add patch from bookworm branch to fix
clang-19 build failure.
Checksums-Sha1:
0d171cb0c6cdfefc34a0dc2c87a3d4cc16c35817 4019 chromium_137.0.7151.103-1~deb12u1.dsc
be259914ba138809b594f75f6c3c666f9bb8796f 945589756 chromium_137.0.7151.103.orig.tar.xz
c62543412f0997a629c529cc7d4ca602b8a6a11d 8488632 chromium_137.0.7151.103-1~deb12u1.debian.tar.xz
860ee30271f29237c41a7a43313c8375557e266c 26843 chromium_137.0.7151.103-1~deb12u1_source.buildinfo
Checksums-Sha256:
8281007b0080f76dcd5a860338ec5abd417c68d1986afcc6953bc7ce6818a6a6 4019 chromium_137.0.7151.103-1~deb12u1.dsc
a2818b540c51258182be5e84b1bf88f518ff69c0339ae14003ec2bebe1c38545 945589756 chromium_137.0.7151.103.orig.tar.xz
8a7af8c53de4b10c6696fafed6185bf493c6b17b1c633e9e31c96c288be4b63d 8488632 chromium_137.0.7151.103-1~deb12u1.debian.tar.xz
499d693a79f6c4cd88ba2b49e26d418e27b9a519a467c5a7b6667849d6731d70 26843 chromium_137.0.7151.103-1~deb12u1_source.buildinfo
Files:
62f301e78fbe5f68d08d341bbdf4b2cd 4019 web optional chromium_137.0.7151.103-1~deb12u1.dsc
2d993b8f4f4197f2891079fc66228c54 945589756 web optional chromium_137.0.7151.103.orig.tar.xz
9cc7739eb60f59376ac3848fd4a5ac17 8488632 web optional chromium_137.0.7151.103-1~deb12u1.debian.tar.xz
b85d4e8dbe219e684c7f9c6cc4a66756 26843 web optional chromium_137.0.7151.103-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmhJraQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfymQ//W9gkxYIBW3bpt/CNaWQyUcxcLT9K
qWm9xB3n5RMYW2NYWsthNRWSNMUQrXeocpePBsr0XhLM2wrBPInTDdFvDXrqqqvT
nmzftBl1pexI9FbzhqHTD6ozL++xujEn/0YIAyjqTvRqRI+4el5VVjYPNalF2C8e
qdkGLOpPeFofb7ClGuIQ+8ztb67hJolVHZMpz5W0/uxoiTzFnCxiJOk73g0agqJO
rbf/R6lQecm5A19aLUHxW/oyotxzHS+bLFsAKuIw3h0KH5OCyN1KyG34ykK2Irgc
Qiy8BDngmupTmnNq4dCTnx6PCnP+o1OwXDkE5kXhHXE/iYqogLM/D2JrxkuR0BO1
aPvMORmUNE2ianunylqJ8sHhO2HaNEhtF+3I29SX94mdeiQZwmoWkVqh3noJZrhj
dk9lamOTNS95v7bFLQTXlzgRuo5r2tcdBAnPtHibYLvIZPvcuJjMsVudeWfUBV7v
HFxIsxEuVbBUGc7OWwad/vi3FvLJcH4rB/ToIsSaNqrr8FpqT2pbhoELk4FR2LCL
2i67uJW8YwggYjRAjy4wkip7EG3NLWnpqvaiF56hDh+PBe/lvqsKOPwM+iiyaMSl
c6AKnEADQXsEWCBxIvKSo9yTQBhihVGoA5UcJ7xNaHG413pdpan6UBCXAwPHNCjM
wh9nMSuU7kurXZE=
=LdvA
-----END PGP SIGNATURE-----
