Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 143.0.7499.40-1 (source) into unstable
Date: Wed, 03 Dec 2025 23:36:36 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Dec 2025 01:54:50 -0500
Source: chromium
Architecture: source
Version: 143.0.7499.40-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (143.0.7499.40-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
 .
   [ Jianfeng Liu ]
   * Add loong64 support, with patches in d/patches/loongarch64/.
Checksums-Sha1:
 34c01108bd783414eba1ae6fd7dd7aa6adb7a672 4058 chromium_143.0.7499.40-1.dsc
 5afd149cc2ac44be0a3c3761dcd2dd21ee4d37be 1016232376 chromium_143.0.7499.40.orig.tar.xz
 36207d5ee262993ed0b811c7f34d33c98b0ac78e 439144 chromium_143.0.7499.40-1.debian.tar.xz
 83448bebb253688f503cefb0e861dc25f661e094 26698 chromium_143.0.7499.40-1_source.buildinfo
Checksums-Sha256:
 b926d20f7e851ff9cc6f6ed567c26a558013a26017907259d8b90b16a12b6c0b 4058 chromium_143.0.7499.40-1.dsc
 8aeca2164ee3ad54e36c7e5b4349883d7d6fc4ff2a7b578e0b294bd4bf6c2729 1016232376 chromium_143.0.7499.40.orig.tar.xz
 95d0eb029f5a4cfe6a48af3c3b5f34b1bac7f1ad027266224207e06789b6a853 439144 chromium_143.0.7499.40-1.debian.tar.xz
 c7730539c808d454c78c790af1ee77fc8cb310df5b1a7e0267cb257842190ba2 26698 chromium_143.0.7499.40-1_source.buildinfo
Files:
 ec1ebd18043d02d26e6e9c77e9739473 4058 web optional chromium_143.0.7499.40-1.dsc
 5baa25f96ba17d43bc048969d26c1867 1016232376 web optional chromium_143.0.7499.40.orig.tar.xz
 c3384021f633ec010d113b6dfff93bcf 439144 web optional chromium_143.0.7499.40-1.debian.tar.xz
 4714d13e5da39b76c84de6ff5cff03bf 26698 web optional chromium_143.0.7499.40-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmkwuOkUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcKlA//XUyebaVHnuIkSbHnEFWwwZUhFasv
Ldob0pOHC/wbHdyvFwiYBHxPeNpHSdeXYj4+un0oKGtCptcVONp4yqtXZ/IA0lgh
3v92I1/0G8fuYAHsd0clUIIVvzXjPE5VpA1NSorrANOHUij0h9J9EjuFNJM5I9c9
3Or59RwWDqTlEH3taYRnVZBiWAYNCtt3+SO/Yd+yxfxT6hDoEvCpZq1hTaNY8mZs
fwW/mnR7Mr6JZjqTGunUnS+4KdytgIDzQIIh0vJhMtPH80/oVBXHh6jZ7WpiP73V
QDtfp9p91AaApGWwGnUWBMFlJK74hVisA0RIamV53bUt9NA7Arvf5Ka+NOZf3bO1
vpzohi/TpFeXkdc7XEo3o62xFu25CrP874/189J2TnXP09rWQXOxRs9ZgT9uGQYo
jEU72YU8IcBJbVpis8wX6zAaYGhVMtvfMyY2GzBVcJUniP//KkUNZdWv3/MnoXSP
4ZlyWQgFBrtvSBZaC3N906AxpNc2iSPUfBFmUzovTfAw/LV6Hsek4AAI3wR9IMbM
BBUtNuUYz8p+ywvcvXdcEB5CmbTKUqtolWJywQ7X7p6dRJPNX9+Bvl3RV9EDAhJn
gmXqXLYCBv2N9AUdMQvOzN0LKciCfFtZWdsje0f2V76tzd0ba200WFC9KjFH2Dum
zZ+Bp9bZceot0I4=
=gdAW
-----END PGP SIGNATURE-----
News for package chromium
