-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Sep 2025 23:24:57 -0400 Source: chromium Architecture: source Version: 140.0.7339.80-1~deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian Chromium Team Changed-By: Andres Salomon Changes: chromium (140.0.7339.80-1~deb13u1) trixie-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version Checksums-Sha1: 23a45517e7ef4bdcf54c47887bf3cbf10323ea9f 4020 chromium_140.0.7339.80-1~deb13u1.dsc 0b2b5eb6733d9b9e8af2a6ab9ea538b4f2f94887 994293180 chromium_140.0.7339.80.orig.tar.xz 6ccbef9486477cba837785cbe91c68db3952bec4 413968 chromium_140.0.7339.80-1~deb13u1.debian.tar.xz 713c384d2ba9dd82bde6daec61acfdd169fc4fa2 26321 chromium_140.0.7339.80-1~deb13u1_source.buildinfo Checksums-Sha256: 518666a754f1e4af610fb0811964557dd1e5c8ed6c5d38f183f0d34f56b2014f 4020 chromium_140.0.7339.80-1~deb13u1.dsc 7b215870adc944b4e099c0b0328b2d39c00b41d0d7612c24d51cb8b5af7f50cb 994293180 chromium_140.0.7339.80.orig.tar.xz b9bc1312bb67e6514a0a620badd6ac2e8291f86c2f05677706e30b01370ac6bb 413968 chromium_140.0.7339.80-1~deb13u1.debian.tar.xz a0c4a7d00cfdfed1a951928cbb7dec2a517b169956a25c338c5c5be9e89eba28 26321 chromium_140.0.7339.80-1~deb13u1_source.buildinfo Files: 1dbe4fc900b694ffe384b53feeb71a4f 4020 web optional chromium_140.0.7339.80-1~deb13u1.dsc 80b09e639ca8a500be1c7f03a47b3e55 994293180 web optional chromium_140.0.7339.80.orig.tar.xz ef6243c0f9289fac9a105e872eaff62b 413968 web optional chromium_140.0.7339.80-1~deb13u1.debian.tar.xz 12e0cf611851ba5bda59618f962dc384 26321 web optional chromium_140.0.7339.80-1~deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmi6gAkUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdiMQ/7BL9jzPTSUyQNvX3rUfJhSUzS2P6Q FCf3qW2bpiVrWs+OYsc+Q8knikwa/QavdVathnwwmJ5BxC7ebIZNAWhgHWfD9fRO HC8kWuKkdPdzWf3QlKJYa85E3grSIaspT7aQCo6QlritFXjY1FaDqEB3wYLT73X2 ZgrGIVBNiFuhxn6UhYkgdcAH0Y5dtZgEPKGFHxns+858iX/ujNHpFbst6E7PhKtJ 5VFyrgO1Fp8LVMZq4LKytLuzQcYbx05/rk9ttb5thO5QgQxaAmBgMmWJJjH6+7Nu GYkybYhPoQPcZpNJT8Dcjq4qObkEJoyO+Dq50zVvw5yOmmtLZyEs03i5rgPVHd7+ gthfRRiGGB0EfGrrHJ158Y4JYiPSQlSxYU9u+x9tV1ikKYQhlGXVVLynkz/pgytJ gLRswOteBxvx7pk1d4UxoBY32xJnOyP9OI5Z7HtlPWg2txqH5cQHfsXrtIFpn5Co oLa2HFglPmToPgBfFY0ztmDvIRMo0kY1SVXqIsuhJLAKnZnYa8CVF97l76X6ap23 KFcPli3YinGEElrKqPCvAoY+6dznRwXVyfizFSdc+mqeDlpm88l3g1SR3m/UFDAZ T8hrkQRz1+AuKDnBgBonPgqlTloD+MlSfATPw4KcEJS3PVwbsWbWoTuUpAuWnDfW Ytx+bvVDHtGCjt4= =mGhM -----END PGP SIGNATURE-----