| Summary: | chromium-browser-stable new security issues fixed in 86.0.4240.198 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | cjw, fri, nicolas.salguero, ouaurelien, stephane.pontier, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | chromium-browser-stable-81.0.4044.138-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-20 03:26:22 CEST
83.0.4103.97 on June 3: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html 83.0.4103.106 on June 15: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html 83.0.4103.116 on June 22: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html 84.0.4147.89 on July 14: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html fix several more security issues. Summary:
chromium-browser-stable new security issue fixed in 83.0.4103.61 =>
chromium-browser-stable new security issue fixed in 84.0.4147.89 84.0.4147.105 on July 27: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html 84.0.4147.125 on August 10: https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html fix several more security issues. Summary:
chromium-browser-stable new security issue fixed in 84.0.4147.89 =>
chromium-browser-stable new security issue fixed in 84.0.4147.125 84.0.4147.135 on August 18: https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html 85.0.4183.83 on August 25: https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html Summary:
chromium-browser-stable new security issue fixed in 84.0.4147.125 =>
chromium-browser-stable new security issue fixed in 85.0.4183.83 I should have a test build of 85.0.4183.83 tomorrow, but in a test build of M83 the renderer crashes on videos, while the M84 build just crashes completely. 85.0.4183.102 on September 8: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html Summary:
chromium-browser-stable new security issue fixed in 85.0.4183.83 =>
chromium-browser-stable new security issue fixed in 85.0.4183.102 85.0.4183.121 on September 21: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html Summary:
chromium-browser-stable new security issue fixed in 85.0.4183.102 =>
chromium-browser-stable new security issue fixed in 85.0.4183.121 86.0.4240.75 on October 6: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html Summary:
chromium-browser-stable new security issue fixed in 85.0.4183.121 =>
chromium-browser-stable new security issues fixed in 86.0.4240.75 86.0.4240.111 on October 20: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html Summary:
chromium-browser-stable new security issues fixed in 86.0.4240.75 =>
chromium-browser-stable new security issues fixed in 86.0.4240.111 86.0.4240.183 on November 3: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html Summary:
chromium-browser-stable new security issues fixed in 86.0.4240.111 =>
chromium-browser-stable new security issues fixed in 86.0.4240.183
Stéphane Pontier
2020-11-04 17:11:33 CET
CC:
(none) =>
stephane.pontier Hi, For Cauldron, build fails because it currently needs python2-setuptools. Upstream is migrating to python 3 (see: https://bugs.chromium.org/p/chromium/issues/detail?id=942720). For Mageia 7, our versions of gcc and clang are a bit too old but the game is not over for me. Best regards, Nico. I found a workaround for the python problems a while ago. I have not tried to build chromium on mga7 for a while. Anyway, I got M87 (87.0.4280.40) to build on cauldron and it does not crash on videos, nor have I found any other problems. libvpx in cauldron is too old so should be updated to version 1.9.0. libvpx updated to 1.9.0. Hi, Good news: chromium-browser-stable-86.0.4240.183-1.mga7 successfully built and seems stable (at least x86_64, I cannot test i586): videos from youtube, BigBlueButton, some sites with a big usage of javascript. Best regards, Nico. Thank you for all work. Testing mga7-64, Plasma: Unfortunately: Audio failure at § Swedish television https://www.svtplay.se/ § Swedish radio https://sverigesradio.se/ On the positive side the speakers sound very funny, high pitch quickly stuttering - i get the impression the stream is played at double reate and pauses several times per second for buffer to fill. ( OK on https://urplay.se/ and youtube. And svtplay is OK in firefox ) CC:
(none) =>
fri Hi, Using LXDE, I had no problem playing https://www.svtplay.se/ and https://sverigesradio.se/. Could it be an issue with Plasma? Best regards, Nico. For me it have the same audio problem also in lxde and xfce. Some sound driver or system specifics? In MCC sound configuration I see "snd_hda_intel", and Pulseaudio and Glitch free are both checked. Intel | 6 Series/C200 Series Chipset Family High Definition Audio Controller Hm. strange. After i went into MCC sound and OK without changing anything, https://sverigesradio.se/ works for me now. Repeatedly tested to go there and restarting chromium. But!!: still problems on i.e https://www.svtplay.se/video/29000274/skavlan/skavlan-sasong-24-marcus-samuelsson-och-gro-harlem-brundtland-bland-gasterna?start=auto 86.0.4240.198 on November 11: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
Nicolas Salguero
2020-11-12 10:34:23 CET
Summary:
chromium-browser-stable new security issues fixed in 86.0.4240.183 =>
chromium-browser-stable new security issues fixed in 86.0.4240.198 Verified now again on same system using chromium-browser-stable-86.0.4240.198-1.mga7.x86_64.rpm sound problem at i.e https://www.svtplay.se/video/29025298/forsta-dejten/forsta-dejten-sasong-4-jag-ar-sa-hungrig-att-jag-vill-sla-nagon And problem is back on https://sverigesradio.se/ Have to check on another machine... Tested on Kde i586, real hardware Clarovideo works Youtube works Also tested the sites of #comment20, not issues noted We should push this update as-is now. It fixes serious issues being exploited in the wild. Suggested Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities The chromium-browser-stable package has been updated to 86.0.4240.198 version that fixes multiples security vulnerabilities. From 81.0.4044.138 (released on May 9th, 2020) to 86.0.4240.198 version, see upstream advisories. references: - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html - https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html - https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html - https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html - https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html - https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html - https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.htm - https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html - https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html - https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html - https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html ======================== Updated packages in updates_testing chromium-browser-stable-86.0.4240.198-1.mga7 chromium-browser-86.0.4240.198-1.mga7 ======================== from chromium-browser-stable-86.0.4240.198-1.mga7.src.rpm Assignee:
cjw =>
qa-bugs Looks good, thanks. Validated update Advisory pushed to SVN. Note: too many CVE to write, indeed we should include them? CC:
(none) =>
sysadmin-bugs Sometimes we don't when it gets to be too many. The individual CVEs for Chrome mostly tend to not be very interesting or carry much information. An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0413.html Resolution:
(none) =>
FIXED |