| Summary: | chromium-browser-stable new security issues fixed in 34.0.1847.137 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb, wrw105 |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/599434/ | ||
| Whiteboard: | MGA3TOO advisory mga4-64-ok mga4-32-ok mga3-32-ok mga3-64-ok | ||
| Source RPM: | chromium-browser-stable-34.0.1847.132-2.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-05-19 21:20:08 CEST
David Walser
2014-05-19 21:20:13 CEST
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO Note to self: enable Aura in Chromium 35 (-Duse_aura=1) Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. The tainted builds are still building, so they won't be available for a couple hours. The core builds are already uploaded. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation (CVE-2014-1740). John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation (CVE-2014-1741). cloudfuzzer discovered a use-after-free issue in the Blink/Webkit text editing feature (CVE-2014-1742). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1741 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1742 http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html https://www.debian.org/security/2014/dsa-2930 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-34.0.1847.137-1.mga3 chromium-browser-34.0.1847.137-1.mga3 chromium-browser-stable-34.0.1847.137-1.mga4 chromium-browser-34.0.1847.137-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-34.0.1847.137-1.mga3 chromium-browser-34.0.1847.137-1.mga3 chromium-browser-stable-34.0.1847.137-1.mga4 chromium-browser-34.0.1847.137-1.mga4 from SRPMS: chromium-browser-stable-34.0.1847.137-1.mga3.src.rpm chromium-browser-stable-34.0.1847.137-1.mga4.src.rpm Version:
Cauldron =>
4 tested the usual usability on mga4-64: general browsing sunspider acid3 javatester youtube for flash tainted build also https://archive.org/details/testmp3testfile for mp3 all OK CC:
(none) =>
wrw105 Tested mga4-32 as above, all OK. Will get to mga3 this evening (US EAst Coast) if nobody beats me to it. Whiteboard:
MGA3TOO mga4-64-ok =>
MGA3TOO mga4-64-ok mga4-32-ok mga3-32 ok Whiteboard:
MGA3TOO mga4-64-ok mga4-32-ok =>
MGA3TOO mga4-64-ok mga4-32-ok mga3-32-ok Testing complete mga3 64 in vbox Tested tainted with a local mp3 file (ctrl-o to open the file browser dialog) Whiteboard:
MGA3TOO mga4-64-ok mga4-32-ok mga3-32-ok =>
MGA3TOO mga4-64-ok mga4-32-ok mga3-32-ok mga3-64-ok Advisory uploaded (including secret tainted srpms :P) Validating. Could sysadmin please push to 3 & 4 updates Thanks Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0232.html Status:
NEW =>
RESOLVED |