chromium (144.0.7559.59-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745. - CVE-2026-0900: Inappropriate implementation in V8. Reported by Google. - CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7). - CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur. - CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh. - CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani. - CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh. - CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. * d/copyright: delete a copy of clang-22 in the openscreen build directory. * d/control: add rustfmt as a build dependency. * d/rules: make DEB_BUILD_OPTIONS=terse work. * d/patches: - disable/tests.patch: refresh. - trixie/rust-sanitize.patch: refresh. - bookworm/bindgen.patch: refresh. - fixes/force-rust-nightly.patch: add workaround to force rustc_nightly_capability, as we're using an up-to-date rust. - trixie/value-or.patch: add clang-19 workarounds to help calling value_or() with ambiguous values. - fixes/autofill-binarypb.patch: add patch to fix build for us stripping out binary-only files containing city/state autofill aliases. . [ Daniel Richard G. ] * d/patches/trixie/adler1.patch: Refresh to follow use of if-else. . [ Timothy Pearson ] * d/patches: - trixie/nodejs-set-intersection.patch: avoid using node >=22 intersection * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - fixes/fix-clang-selection.patch: Drop due to upstream changes REMOVED: libvdpau-va-gl 0.4.2-2