-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Oct 2025 13:44:37 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 142.0.7444.59-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
Checksums-Sha1:
 ab9d559d6281cf74f3189d967fdf0b346d63c104 8474332 chromium-l10n_142.0.7444.59-1~deb13u1_all.deb
 29f35e4b9d59411e54fe6efda1c72917f2ccfafe 26588 chromium_142.0.7444.59-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 898d1d535a7a8dbd72ca26e5003f9db6094b74eff8c7bce897522fd8f9bff2e7 8474332 chromium-l10n_142.0.7444.59-1~deb13u1_all.deb
 bcba1700d1bea04c28ae27bfe907dd9972a45222cf45b2357b72a44b44b0d70a 26588 chromium_142.0.7444.59-1~deb13u1_all-buildd.buildinfo
Files:
 bab6ab69a9c953b32d01386168fafea5 8474332 localization optional chromium-l10n_142.0.7444.59-1~deb13u1_all.deb
 a2a81d7521a97c98913ccba97eed49cb 26588 web optional chromium_142.0.7444.59-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmkDMVIACgkQJm69HxMT
N+rZgg/+MiVcwOQB4r04gt2RM2vwigHxGfD3Jmc1XSVsmPFutXRABsmt8z2jwt/E
ifsZLaTMDmvOUkFAw6O9RGghLiFcdXB/vfNyu+aojaiElbkHlywb1UwoMo6wHvDB
7IlLXSpUDYxR8EMUXoRkKM86VzjRgGYnSVJUuRF8v43Qp86gnJbBAJIX/pvLZLZ/
Z+BY/J2zCy/IZLOgYBYQIBMVlJRhJStca8f1DiVUzk/TVCQfc6fqWL4VPKsTkwo+
iUrhNrEjs5RXkwD88lvuGE4Hyz6NBNb//Kq3pWPDARAO05dMBBRh94+NyIHxh6rc
Nr5cStSo05DK/RSu66arT84vKXQZyH1xCLdyPYSi4ll3dPujMsxJNKG9FME5NDMd
hE+PfZIb8PqMJzwrMJiORIOIrDIXpJE18wQBG6TK3GDefaR+B50s8z529rAf3jjF
0b4x0AyelWu8ikSap8Hj0OTE1EHZ/U7asgcDuvcXq2ke6I+lIe0KI4fQbAKY+ce5
htXUYJIS33A+pyiQrM4PwXAfecDmyYTjO7P1yRVcIbh+QsB39t5ZRdp8s39dd5G8
AkGRXHDpzaGtpO51o6VHlrBrqYBUmpWZ+xvmmXGYsWi4uMyaXug5SpJnpJXtcnXx
GTr5hLHq2WMHeS5K8Sx+f/vyVBpEApuGGxC1NMyH7RLJ/9K/e8M=
=+yQx
-----END PGP SIGNATURE-----