-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 04 Sep 2025 16:47:14 -0400
Source: chromium
Architecture: source
Version: 140.0.7339.80-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (140.0.7339.80-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream stable release.
     - CVE-2025-9864: Use after free in V8.
       Reported by Pavel Kuzmin of Yandex Security Team.
     - CVE-2025-9865: Inappropriate implementation in Toolbar.
       Reported by Khalil Zhani.
     - CVE-2025-9866: Inappropriate implementation in Extensions.
       Reported by NDevTK.
     - CVE-2025-9867: Inappropriate implementation in Downloads.
       Reported by Farras Givari.
   * d/patches:
     - fixes/armhf-icf.patch: refresh.
     - disable/tests.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh (and make it shorter).
     - bookworm/clang19.patch: refresh.
     - disable/android.patch: delete a new reference to chrome/android/.
     - disable/buildtools-libc.patch: drop due to upstream cleanups.
     - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc.
     - bookworm/rust-visibility.patch: drop, not needed w/ new rust 1.85.
     - bookworm/crabbyav1f.patch: drop, not needed w/ new rust 1.85.
     - bookworm/toktrie-utf8chunks.patch: drop, not needed w/ new rust.
     - bookworm/derivre-create.patch: drop, not needed w/ new rust.
     - bookworm/rust-split-at-checked.patch: drop, not needed w/ new rust.
     - bookworm/crabbyav1f-macro-scope.patch: drop, not needed w/ new rust.
     - bookworm/rust-box-to-vec.patch: drop, not needed w/ new rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream
       changes
     - fixes/fix-study-crash.patch: Refresh for upstream changes
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
     - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch:
       Regenerate from new upstream version
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from new upstream version
Checksums-Sha1:
 023955ff2015cf0dbe41e8b6fed76586b1a958c4 4056 chromium_140.0.7339.80-1~deb12u1.dsc
 0b2b5eb6733d9b9e8af2a6ab9ea538b4f2f94887 994293180 chromium_140.0.7339.80.orig.tar.xz
 a86c783fb837433df441137557364fd90c5424c4 8501776 chromium_140.0.7339.80-1~deb12u1.debian.tar.xz
 be32ede29c72f821c149edb40ed1f1fdd43514db 26761 chromium_140.0.7339.80-1~deb12u1_source.buildinfo
Checksums-Sha256:
 697f4a9614bede850f9811ff11762c5c274fbfe80c6dc9d35c6a73a17b6feb30 4056 chromium_140.0.7339.80-1~deb12u1.dsc
 7b215870adc944b4e099c0b0328b2d39c00b41d0d7612c24d51cb8b5af7f50cb 994293180 chromium_140.0.7339.80.orig.tar.xz
 e8377aa4d0409fff22f53d7b2a06b65f7bbb9514920c7c4e0529335d8d9f280d 8501776 chromium_140.0.7339.80-1~deb12u1.debian.tar.xz
 d2e5db5accc20003ef4b6202ea626117b54e5aad440f34edf98fbd7acc863f9a 26761 chromium_140.0.7339.80-1~deb12u1_source.buildinfo
Files:
 711d2a76d371e858be71fe1c593d80b5 4056 web optional chromium_140.0.7339.80-1~deb12u1.dsc
 80b09e639ca8a500be1c7f03a47b3e55 994293180 web optional chromium_140.0.7339.80.orig.tar.xz
 c564abbd8f1f5838f83bead20951332b 8501776 web optional chromium_140.0.7339.80-1~deb12u1.debian.tar.xz
 93718ca43a1ab3741dd1890b0779cef6 26761 web optional chromium_140.0.7339.80-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmi6Ts4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcnMA/+LMBtE0XqMDseYvkGF0704DP8Ef0J
af8C/lKEImI7TfYxf5IMimkJ7umLcw3YX0iEyt0NtUVCi1wkOZOdFQsajDYfyS6G
lRjOqrd4K+yRjp1M+S+wGsQwiTEqmJZkL05mRcLosDXTcLHW6d4EvvLZHPEFjSy5
I9CwDGxnSHEeyg15JgEZ4c4vHYYJSYvjKZbWH1SABNYTZIDqUbNa343rqrOhvlOB
PdzJUx4Zd1dbAL+GShqQVe6VdYEG+/HMqe+Dh13yrAVQAu46r6DfhO+tgsxQQXRp
Pk21rEljtmhtQzo1980x22qv0oMKbbwW2Wup7A9mRuP2Kxp+FhroUtncRPyFbZc/
qxvPhTW4rQcTOdH/gbGroDTe11raRjosS3unu+HZPbBSSIjPI6Crgklvh0SATFZZ
YtAD3D6KrxEgQiFve3uDL6mr0PuoxVfDuQ26zzQK5/P0MI7MYeuxKeQcgoEBGu4b
qrulj5+v2rBz81UwLx+ybMY9R+m5a/oE1kuP+CJ0wzfyaV00BN8kAGwJ2pQqREjr
Fyr1JNBOPRsbCOb14XKvu3tnDeep7U+posB1GzfYCW/2/fspBVVQojP39eSw+a2G
Jk0MzuxudVXwH+Q14pW+ENmiR2FVsrOnmDtYqMgUHcHLLeqni9ol1q0CGqnZm4X8
TSt/sP4KIEZ8xXw=
=U6mn
-----END PGP SIGNATURE-----