chromium (147.0.7727.137-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-7363: Use after free in Canvas. Reported by heapracer. - CVE-2026-7361: Use after free in iOS. Reported by Google. - CVE-2026-7344: Use after free in Accessibility. Reported by Google. - CVE-2026-7343: Use after free in Views. Reported by Google. - CVE-2026-7333: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-7360: Insufficient validation of untrusted input in Compositing. Reported by Google. - CVE-2026-7359: Use after free in ANGLE. Reported by Google. - CVE-2026-7358: Use after free in Animation. Reported by Google. - CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ. - CVE-2026-7357: Use after free in GPU. Reported by Google. - CVE-2026-7356: Use after free in Navigation. Reported by Google. - CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google. - CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google. - CVE-2026-7352: Use after free in Media. Reported by Google. - CVE-2026-7351: Race in MHTML. Reported by Google. - CVE-2026-7350: Use after free in WebMIDI. Reported by Google. - CVE-2026-7349: Use after free in Cast. Reported by Google. - CVE-2026-7348: Use after free in Codecs. Reported by Google. - CVE-2026-7335: Use after free in media. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po). - CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla. - CVE-2026-7337: Type Confusion in V8. Reported by q@calif.io. - CVE-2026-7347: Use after free in Chromoting. Reported by Google. - CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google. - CVE-2026-7345: Insufficient validation of untrusted input in Feedback. Reported by Google. - CVE-2026-7338: Use after free in Cast. Reported by Krace. - CVE-2026-7342: Use after free in WebView. Reported by Google. - CVE-2026-7341: Use after free in WebRTC. Reported by Google. - CVE-2026-7339: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-7340: Integer overflow in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-7355: Use after free in Media. Reported by Google. . [ Jianfeng Liu ] * d/patches: - upstream/Fix-GL-native-pixmap-import-support-reset-in-GpuInit.patch: Fixes upstream issue https://crbug.com/501115509. This issue is introduced in v147, and unfortunately the fix won't get into v147. This issue affects both vaapi and v4l2 decoding under ozone wayland. - fixes/enable-widevine-on-arm64-linux-platform.patch: Enable widevine support on arm64. There is no official support for widevine on arm64 linux while there are libwidevine binaries extracted from chromeos, which can work on linux (closes: #1052440). gcc-16 (16-20260425-1) unstable; urgency=medium . * Snapshot, taken from the gcc-16 branch (20260425, release candidate). * Fix typo in libgcc-s symbols file. * Update libgphobos symbols file for amd64. * Refresh cross-install-location patch. * Replace outdated postal FSF address with URL. * Turn on again PGO/LTO builds for most 64bit architectures. * Turn on running the testsuite again. gcc-16 (16-20260423-1) unstable; urgency=medium . * Snapshot, taken from the gcc-16 branch (20260423). * Require bison 3.5.1 or 3.8.2 for the gcobol build. * Update the ada-armel-libatomic patch for PR ada/107475. * Build gcc itself with branch-protection (Emanuele Rocca). Closes: #1130592. - On arm64 by appending CFLAGS_SECURE to BOOT_CFLAGS. - Set BOOT_CFLAGS explicitly instead of relying on upstream defaults. * libgfortran-dev: Install libcaf_shmem.a. * Add conflicts for GCC 15 binary packages. Closes: #1133161. gcc-16-cross (10) unstable; urgency=medium . * Build using gcc 16-20260425-1. * Fix some lintian warnings. * Bump standards version. gcc-16-cross-ports (9) unstable; urgency=medium . * Build using gcc 16-20260425-1. * Fix some lintian warnings. * Bump standards version.