Bug 19886

A new (bugfix) version was released just now: 55.0.2883.87. I'll use that version instead. 

https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop_9.html

Updated packages are available for testing:

MGA5
SRPM:
chromium-browser-stable-55.0.2883.87-1.1.mga5.src.rpm
RPMS:
chromium-browser-stable-55.0.2883.87-1.1.mga5.i586.rpm
chromium-browser-55.0.2883.87-1.1.mga5.i586.rpm
chromium-browser-stable-55.0.2883.87-1.1.mga5.x86_64.rpm
chromium-browser-55.0.2883.87-1.1.mga5.x86_64.rpm


Advisory:


Chromium-browser 55.0.2883.87 fixes security issues:

Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652)


References:
https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html
https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop_9.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9652

CC: (none) => cjw
Assignee: cjw => qa-bugs

Christiaan, there shouldn't have been a subrel on this package.  Now it has a higher release tag than Cauldron.

Subrel removed in SVN, putting feedback pending sysadmins removing this build so it can be re-submitted with the subrel.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => feedback

Rebuilding now without the subrel.

MGA5
SRPM:
chromium-browser-stable-55.0.2883.87-1.mga5.src.rpm
RPMS:
chromium-browser-stable-55.0.2883.87-1.mga5.i586.rpm
chromium-browser-55.0.2883.87-1.mga5.i586.rpm
chromium-browser-stable-55.0.2883.87-1.mga5.x86_64.rpm
chromium-browser-55.0.2883.87-1.mga5.x86_64.rpm

CC: sysadmin-bugs => (none)
Whiteboard: feedback => (none)

MGA5-64 & MGA5-32 real hardware and virtualbox machines.

Packages installed : 

32 bit :
chromium-browser-stable-54.0.2840.100-1.1.mga5.i586.rpm
chromium-browser-54.0.2840.100-1.1.mga5.i586.rpm

64 bit :
chromium-browser-stable-54.0.2840.100-1.1.mga5.x86_64.rpm
chromium-browser-54.0.2840.100-1.1.mga5.x86_64.rpm

both arch are working fine, here's my procedure :

Launch the application
Try some menus and modify options (home page, bookmarks ...)
play some video from website
Do a HTML5 and performance test to check if there is a regression.
Install some extensions (adblock, gmail notifier ...)


Packages updated :

32 bit :
chromium-browser-stable-55.0.2883.87-1.mga5.i586.rpm
chromium-browser-55.0.2883.87-1.mga5.i586.rpm

64 bit :
chromium-browser-stable-55.0.2883.87-1.mga5.x86_64.rpm
chromium-browser-55.0.2883.87-1.mga5.x86_64.rpm


Everything is working fine, I even get better results to the perofrmance tests (a few points but still...)

It's ok for me on 32 & 64 bits.

Someone else should test it so we can OK the update.

CC: (none) => youpburden

On mga5-32

Packages updated:
rpm -qa | grep chromium
chromium-browser-stable-55.0.2883.87-1.mga5

Everything working fine

OK for mga5-32

CC: (none) => jim
Whiteboard: (none) => MGA5-32-OK

On mga5-64

Packages updated:
rpm -qa | grep chromium
chromium-browser-stable-55.0.2883.87-1.mga5
chromium-browser-55.0.2883.87-1.mga5

Everything working fine

OK for mga5-64

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK

This is now validated. The advisory needs to be uploaded to SVN. The packages can then be pushed to updates.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0419.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED