-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 15 Apr 2025 22:12:30 -0400 Source: chromium Binary: chromium-l10n Architecture: all Version: 135.0.7049.95-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Andres Salomon Description: chromium-l10n - web browser - language packs Closes: 1103226 Changes: chromium (135.0.7049.95-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl. - CVE-2025-3620: Use after free in USB. Reported by @retsew0x01. . [ Daniel Richard G. ] * d/copyright, d/patches/system/rapidjson.patch: Slightly narrow the scope of the bundled RapidJSON deletion, and rework this patch so that it does not require the deletion in order to apply. This allows applying the debianization directly to the unrepackaged upstream tarball source. * d/patches/system/gperf.patch: Import (self-authored) upstream patch to prevent build breakage due to changes in gperf 3.2 generated code (closes: #1103226). * d/rules: Add new check-version rule to validate the package version. Also squelch error messages due to absent clang and rustc executables. * d/rules: Download Gentoo's upstream source tarball straight from GitHub. Checksums-Sha1: da520860155fce54df4565e0a0081fcbb8843de2 8181160 chromium-l10n_135.0.7049.95-1~deb12u1_all.deb 63fc9d84c9f93b1e6d64a72d415a91b765062b6b 26857 chromium_135.0.7049.95-1~deb12u1_all-buildd.buildinfo Checksums-Sha256: 7bc69493b0ec9612a5c07d3ba4ba888c4aae3a3998a7dbc23de1932a40ba0755 8181160 chromium-l10n_135.0.7049.95-1~deb12u1_all.deb c5a299de8df52057789283ea9f06525f016d00cdbb390048bf7a9b99d3e95135 26857 chromium_135.0.7049.95-1~deb12u1_all-buildd.buildinfo Files: 99a541156c9bcafcf803e29a1b6c0307 8181160 localization optional chromium-l10n_135.0.7049.95-1~deb12u1_all.deb fdae031f43220150c57010db61be1f9d 26857 web optional chromium_135.0.7049.95-1~deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmgARAMACgkQJm69HxMT N+qtAw//ZFLkf2DrPcXsN9IPx4nOfxR1swFvCPLCEXOquU9r0VrPUX6kmBmbEdlZ 387M/bRzxCYIkabxNnDiyLNjaTrRrZFpx2p8YLf2e0WOeRtKph/vgqR306vJl0O6 fsrjpP4gIK9k5nb97vXA1fCAHMK48rY4ItZeOKC6JkRDzSxgeEMAH3PZhJeS9J8H XIzLYS0j8tNU/Dz/t5tFjQetbuQKeTyNfSIAYS6wVT7+GswWO97ucurG+HjvBGws 3iP8OPA0UERJ690wbWXmySkjcgrmEOjjk5FNNPcuYOJqJbXLLFXSTY9Tm50mVWfd WZWfScZUo39F1Br87PL2cb4NhbltZPD/45nN+D+LAsDvgjtkz89WwOhpJCmUB2Tk dLZXaLaSoYJFVG//XWKH1mBpFX2cqXoSXx3AYUDJDVVspiBqTKfVHOcal5pyw9iP Ue5AnQQVVWluM1y2eCPnSiLlXc2rCB+zmr/r1tqaaOQRUC1ZuQrnsy+mQVTxD7YO rRBl6sjiyC8RUxfpv9K0iIuM39z76ynpI5rYI0JI/l01zEvs6mnHRbxBUDz0dQVU CQWMEpRGaQJ9dC9z+HKB3ZLWkWV5y7UjMEmbzTVWIQU7JoVZvPKqqbZsm1/fFiGT /72Q1KgqgZGp94eneb5Hg/JDQrKJq6EC08hKpzp/EIsSBxoAzCs= =j8+1 -----END PGP SIGNATURE-----