Bug 17316

Summary: chromium-browser-stable new security issues fixed in 47.0.2526.80
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: sysadmin-bugs, wrw105
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/667313/
Whiteboard: has_procedure advisory MGA5-32-OK mga5-64-ok
Source RPM: chromium-browser-stable-47.0.2526.73-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-09 14:31:33 CET 
Upstream has released version 47.0.2526.80 on December 8:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
David Walser 2015-12-09 18:41:34 CET

URL: (none) => http://lwn.net/Vulnerabilities/667313/

Comment 1 David Walser 2015-12-09 19:46:25 CET 
Updated package for Mageia 5 is building now and should be available in a few hours.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Type confusion in extensions (CVE-2015-6788).

Use-after-free in Blink (CVE-2015-6789).

Escaping issue in saved pages (CVE-2015-6790).

Various fixes from internal audits, fuzzing and other initiatives
(CVE-2015-6791).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6791
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-47.0.2526.80-1.mga5
chromium-browser-stable-47.0.2526.80-1.mga5

from chromium-browser-stable-47.0.2526.80-1.mga5.src.rpm

Assignee: cjw => qa-bugs

Comment 2 David Walser 2015-12-09 22:14:07 CET 
Working fine on Mageia 5 i586.

Whiteboard: (none) => MGA5-32-OK

Comment 3 Bill Wilkinson 2015-12-10 05:23:37 CET 
tested mga5-64

jetstream for javascript, acid3 rendering and general browsing all OK.

Validating.  Ready for push when advisory uploaded to SVN.

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK mga5-64-ok
CC: (none) => wrw105, sysadmin-bugs

Comment 4 claire robinson 2015-12-10 09:47:30 CET 
Advisory uploaded.

Whiteboard: MGA5-32-OK mga5-64-ok => has_procedure advisory MGA5-32-OK mga5-64-ok

Comment 5 Mageia Robot 2015-12-10 21:58:20 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0470.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED