Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 142.0.7444.59-1 (source) into unstable
Date: Wed, 29 Oct 2025 20:07:45 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Oct 2025 13:44:37 -0400
Source: chromium
Architecture: source
Version: 142.0.7444.59-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (142.0.7444.59-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - trixie/rust-no-alloc-shim.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
Checksums-Sha1:
 6718539a8a0d81daf18832486914519473a9ea83 3991 chromium_142.0.7444.59-1.dsc
 284c56effdbdea38b4f895d2a8b17cc9078ecf68 1007003032 chromium_142.0.7444.59.orig.tar.xz
 111c0d175a04fb450ea7c4f4b5ca860807e0d267 419080 chromium_142.0.7444.59-1.debian.tar.xz
 b73bd99823ee022c88bdd46a78476aec2a5fdf3b 26541 chromium_142.0.7444.59-1_source.buildinfo
Checksums-Sha256:
 23c23d13215a73924d2b3ce7d09be433c623bd1aa76a3445b46b776c6dd2c38a 3991 chromium_142.0.7444.59-1.dsc
 7fedcc6cf4acafeb36ca8773264b3ee06fea6f072884d320a35009fa07ef056b 1007003032 chromium_142.0.7444.59.orig.tar.xz
 686f99cf3b9c4132d5f82043d5c26a42b6966ad57bdd9c65d37a40d4aa555922 419080 chromium_142.0.7444.59-1.debian.tar.xz
 4641742796b7b3d2f276a7bde8e59049a2954ac56b5c53dea6fb939abf6f2c03 26541 chromium_142.0.7444.59-1_source.buildinfo
Files:
 88144d1b7f87ce69911b1d0867e6465f 3991 web optional chromium_142.0.7444.59-1.dsc
 4af26316f53be13d6f9f47595c145a5f 1007003032 web optional chromium_142.0.7444.59.orig.tar.xz
 f40c46d2cbad003f9eee42c416ade12f 419080 web optional chromium_142.0.7444.59-1.debian.tar.xz
 ab31e890725457d1dcc704d51ba109ef 26541 web optional chromium_142.0.7444.59-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmkCXfMUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfpVBAAu7iXGmk2Fc8WEEosQsOqWrfsEjfG
5SSYKiDUaFvLoSV8SAGdiGPqd1XWvPjYdC1CxW8vPu+kyXFYPrZANvRqHJvP3FQ5
oHOI4DHugoTru2TDbQ61DPbQmUImVpo8nZAGnSu2uE8WQUjeYWb6/2c9V7MyUbwq
orNMqBJCGMb5OkOrGQqzYQMrMSxMGMtCu1dWi0ocgsMmmrB63dDaYRcXx6KIfB04
lnJj2JoNJBzyhgrwcmOa3hZkuJzOnGw4kD5pd2ESxrcAwit6mV1oFeR5kEeY2cTI
Mj0Oe4481ffx0uYvaGSOVWY3o+pS+dSqeRFMMEs5ep4HC1cC1+8MKco6bL8KdgFT
9miBUy/o/tuoHh1YneJ537uq9BIshhSIFQT4oQdxIYLyNqMaHSW5cqwl82I+xW6r
01E2j5VTxTgTodCt3g7TFU0c4VSZeoOslLsIwaLt1f+ldIZO43J/U9a5XJCWeNWX
sOUhVgzB/TN374xpItC0FdozzOwP3XBt6xSWeF3sO3Aesh9O0gAj0XS5kw38tHKA
rwi/d1eMu96nV7oDo2UGPyupaD+LdXRj8IfTafEIUZ2ZNzfye1KWI5pa0K+cJL2W
0cKyOIMjH0hSoimUkpjh4DQfjeCXLQ6UzwR6ezo9G2rUIpScY3PSSoy1IX0TKAxt
oLtBw17qX4PpZ9E=
=Oots
-----END PGP SIGNATURE-----
News for package chromium
