chromium (145.0.7632.109-1) unstable; urgency=high . * New upstream security release. - CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax. - CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab. - CVE-2026-2650: Heap buffer overflow in Media. Reported by Google. chromium (145.0.7632.75-1) unstable; urgency=high . * New upstream security release. - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim. chromium (145.0.7632.45-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive). - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google. - CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@lbherrera_). - CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper. - CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim. - CVE-2026-2319: Race in DevTools. Reported by Anonymous. - CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz. - CVE-2026-2321: Use after free in Ozone. Reported by Google. - CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian. - CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh. * d/copyright: - delete third_party/litert/src, Google's new WebAI thing. - delete esbuild directory so we can use debian's esbuild. - delete new rollup binary rollup-linux-x64-gnu. * d/rules: - build with webnn_use_tflite=false to fix build. - disable building a bunch more unit tests. - copy esbuild libs and binary from the system. * d/control: - build-dep on libpthreadpool-dev. - build-dep on esbuild. * d/patches: - CVE-2026-1861.patch: drop, merged upstream. - CVE-2026-1862.patch: drop, merged upstream. - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream. - debianization/manpage.patch: refresh. - debianization/rustc-bootstrap.patch: refresh. - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping non-thumb. - disable/tests.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh. - upstream/disable-unrar.patch: add upstream fix for disabling unrar. - trixie/gn-string-hash.patch: add a workaround for older gn missing string_hash() function. - disable/enterprise-tests.patch: add patch to fix build error related to building unnecessary unit tests. - system/rollup.patch: update for upstream changes around switching some rollup calls to esbuild and away from rollup-wasm. - llvm-19/static-assert.patch: add build fixes specific to clang-19. - disable/unrar.patch: add another build fix for deleting unrar. . [ Timothy Pearson ] * d/patches: - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include dependencies * d/patches/ppc64le: - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove obsolete Clang 7 workaround and refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa: refresh for upstream changes - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream changes - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from upstream sources - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream byte_span_from_ref issues . [ Jianfeng Liu ] * d/patches: - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch: update for upstream changes. - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh. . [ Daniel Richard G. ] * d/patches/disable/rustc-allow-features.patch: Zap the -Zallow-features= flag so that Rust doesn't complain about our compatibility workarounds. lua5.1 (5.1.5-12) unstable; urgency=medium . * Team upload. * Fix building source package after successful build (Closes: #1047020) + d/clean: Add trailing slash to debian/libtool/ directory + d/rules: Provide $LIBTOOL when running debian_clean target * Remove Rules-Requires-Root, since no is the default value * Remove Priority field, since optional is the default value * Remove dbgsym-migration, since automatic dbgsym package is in stable (Trixie) python-cryptography (46.0.5-1) unstable; urgency=medium . * New upstream version. + Fix CVE-2026-26007. * Bump Standards-Version to 4.7.3. python-cryptography-vectors (46.0.5-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.7.3. python-idna (3.11-1) unstable; urgency=medium . * Team upload. * New upstream version 3.11 * Bump Standards-Version to 4.7.3 * Remove the Priority field from the source package python-os-testr (3.0.0-6) unstable; urgency=medium . * Cleans better (Closes: #1047249). python-ovsdbapp (2.13.0-3) unstable; urgency=medium . * Cleans better (Closes: #1046283). r-cran-popepi (0.4.14+dfsg-1) unstable; urgency=medium . * Team upload. * New upstream version * Standards-Version: 4.7.3 (routine-update) * Restrict to 64-bits architectures (routine-update) * Restrict to little-endian architectures (routine-update) * dh-update-R to update Build-Depends (routine-update) r-cran-popepi (0.4.13+dfsg-1) unstable; urgency=medium . * Team upload. * New upstream version r-cran-popepi (0.4.12+dfsg-1) unstable; urgency=medium . * Team upload. * New upstream version * Standards-Version: 4.7.0 (routine-update) r-cran-popepi (0.4.11+dfsg-1) unstable; urgency=medium . * New upstream version * Standards-Version: 4.6.2 (routine-update) * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. r-cran-popepi (0.4.10+dfsg-1) unstable; urgency=medium . * Disable reprotest * New upstream version * Standards-Version: 4.6.1 (routine-update) * dh-update-R to update Build-Depends (routine-update) r-cran-popepi (0.4.9+dfsg-1) unstable; urgency=medium . * New upstream version * Standards-Version: 4.6.0 (routine-update) * debhelper-compat 13 (routine-update) * dh-update-R to update Build-Depends (routine-update) r-cran-popepi (0.4.8+dfsg-2) unstable; urgency=medium . * Standards-Version: 4.5.0 (routine-update) * Add salsa-ci file (routine-update) * Rules-Requires-Root: no (routine-update) * Set upstream metadata fields: Bug-Submit, Repository. r-cran-popepi (0.4.8+dfsg-1) unstable; urgency=medium . * New upstream version * debhelper-compat 12 * Trim trailing whitespace. * Set upstream metadata fields: Archive, Bug-Database, Repository. * Remove autogenerated HTML docs since it is including compressed JS r-cran-popepi (0.4.7-1) unstable; urgency=medium . * New upstream version * debhelper 12 * Standards-Version: 4.4.0 * rename debian/tests/control.autodep8 to debian/tests/control r-cran-popepi (0.4.5-1) unstable; urgency=medium . * Initial release (closes: #898504) ruby-did-you-mean (2.0.0-1) unstable; urgency=medium . * Team upload. . [ Lucas Nussbaum ] * debian/gbp.conf: Add for DEP-14 * debian/gbp.conf: remove trailing empty lines * debian/.gitattributes: remove * debian/salsa-ci.yml: use team-specific include . [ Simon Quigley ] * New upstream release. * Update Standards-Version to 4.7.3, no changes needed. * Add a build dependency on ruby-test-unit-ruby-core. vasttrafik-cli (1.14-1) unstable; urgency=medium . * New upstream release * Build-depend on python3-blessed instead of python3-xtermcolor