| Summary: | 18 CVE updates for chromium-browser-stable 15.0.874.102 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Dave Hodgins <davidwhodgins> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | dmorganec, mailinglistsduraph, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html | ||
| Whiteboard: | |||
| Source RPM: | chromium-browser-stable | CVE: | |
| Status comment: | |||
| Bug Depends on: | 3200 | ||
| Bug Blocks: | |||
|
Description
Dave Hodgins
2011-10-27 02:40:52 CEST
Dmorgan, package ready for the QA ? :D Assignee:
bugsquad =>
dmorganec
Raphaël Vinet
2011-10-27 04:45:01 CEST
CC:
(none) =>
mailinglistsduraph If the package is ready for qa, then i586 testing is complte for chromium-browser-stable-15.0.874.102-0.1.mga1.src.rpm Tested using http://www.adobe.com/software/flash/about/ and http://javatester.org/version.html
Manuel Hiebel
2011-10-29 14:43:05 CEST
Blocks:
(none) =>
3200
Manuel Hiebel
2011-10-29 14:43:19 CEST
Blocks:
3200 =>
(none) Please, can you enable the debug package ? see bug 2392 (I know you are not the maintainer but you was) Ok so reassign for the QA. I don't know if bug 3200 is a block bug of this one. Dmorgan ideas ? CC:
(none) =>
dmorganec Tested OK x86_64 Used the flash and java tests and some other, more generic, browser testing sites. http://acidtests.org/ http://html5test.com/ http://www.cyscape.com/showbrow.asp We need to know exactly what has been fixed here though. Ping dmorgan Looking again, Dave already did that for this version, so we can validate. Advisory ---------------------- Chromium-browser update to fix the following CVE's: CVE-2011-2845: URL bar spoof in history handling CVE-2011-3875: URL bar spoof with drag+drop of URLs CVE-2011-3876: Avoid stripping whitespace at the end of download filenames CVE-2011-3877: XSS in appcache internals page. CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. CVE-2011-3879: Avoid redirect to chrome scheme URIs. CVE-2011-3880: Donât permit as a HTTP header delimiter CVE-2011-3881: Cross-origin policy violations CVE-2011-3882: Use-after-free in media buffer handling. CVE-2011-3883: Use-after-free in counter handling. CVE-2011-3884: Timing issues in DOM traversal. CVE-2011-3885: Stale style bugs leading to use-after-free. CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. CVE-2011-3891: Exposure of internal v8 functions. For more information please see: http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html -------------------------- SRPM: chromium-browser-stable-15.0.874.102-0.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou! Keywords:
(none) =>
validated_update Update pushed. Status:
NEW =>
RESOLVED |