| Summary: | chromium-browser-stable new security issues fixed in 30.0.1599.101 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb, wrw105 |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/571974/ | ||
| Whiteboard: | MGA2TOO mga3-64-OK mga3-32-ok mga2-32-ok mga2-64-ok | ||
| Source RPM: | chromium-browser-stable-30.0.1599.66-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-10-28 22:19:30 CET
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. Note: Mageia 3 includes a tainted build. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation (CVE-2013-2925). cloudfuzzer discovered a use-after-free issue in the list indenting implementation (CVE-2013-2926). cloudfuzzer discovered a use-after-free issue in the HTML form submission implementation (CVE-2013-2927). The chrome 30 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2928). This updates to the newest version from the Linux stable channel, fixing these and several other issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2928 http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_22.html http://www.debian.org/security/2013/dsa-2785 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-30.0.1599.114-1.mga2 chromium-browser-30.0.1599.114-1.mga2 chromium-browser-stable-30.0.1599.114-1.mga3 chromium-browser-30.0.1599.114-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-30.0.1599.114-1.mga3 chromium-browser-30.0.1599.114-1.mga3 from SRPMS: chromium-browser-stable-30.0.1599.114-1.mga2.src.rpm chromium-browser-stable-30.0.1599.114-1.mga3.src.rpm Version:
Cauldron =>
3 No exploits on securityfocus. Testing mga3-64, general use. CC:
(none) =>
wrw105 tested mga3-64 from core/updates_testing general browsing: OK Java from javatester: OK flash from Youtube: OK Javascript from sunspider: OK Tested mga3-64 from tainted/updates_testing as in comment 3, plus https://archive.org/details/testmp3testfile for mp3. All ok Whiteboard:
MGA2TOO =>
MGA2TOO mga3-64-OK Tested mga3-32 from core/updates_testing as in comment 3. All OK. Tested mga3-32 from tainted/updates_testing as in comment 4. All OK. Whiteboard:
MGA2TOO mga3-64-OK =>
MGA2TOO mga3-64-OK mga3-32-ok tested mga2-32 as in comment 3. All Ok. As I don't have a mga2-64 setup, I'll leave that for someone else. Whiteboard:
MGA2TOO mga3-64-OK mga3-32-ok =>
MGA2TOO mga3-64-OK mga3-32-ok mga2-32-ok Thanks Bill, i'll do that now Testing complete mga2 64 Actually 3 srpms for this.. chromium-browser-stable-30.0.1599.114-1.mga2.src.rpm chromium-browser-stable-30.0.1599.114-1.mga3.src.rpm chromium-browser-stable-30.0.1599.114-1.mga3.tainted.src.rpm Validating. Advisory uploaded. Could sysadmin please push from 2&3 core/updates_testing to updates Thanks! Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2013-0321.html Status:
NEW =>
RESOLVED |