Bug 3734

Summary: chromium browser Security update
Product: Mageia Reporter: D Morgan <dmorganec>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, olivier.delaune, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: chromium-browser-stable CVE:
Status comment:

Description D Morgan 2011-12-14 01:33:13 CET 
A new version of chromium-browser-stable just landed on update_testing

Advisory: 

- new upstream release 16.0.912.63 (113337)
- security fixes
 * [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
 * [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml.
 * [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
 * [99016] High CVE-2011-3907: URL bar spoofing with view-source.
 * [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
 * [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
   property array.
 * [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
   handling.
 * [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
 * [102359] High CVE-2011-3912: Use-after-free in SVG filters.
 * [103921] High CVE-2011-3913: Use-after-free in Range handling.
 * [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
 * [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
 * [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references.
 * [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
 * [107258] High CVE-2011-3904: Use-after-free in bidi handling.
Comment 1 Dave Hodgins 2011-12-14 06:02:50 CET 
Testing complete on i586 for the srpm
chromium-browser-stable-16.0.912.63-0.1.mga1.src.rpm

No poc, so just standard browser tests (flash, java, general
browsing).

CC: (none) => davidwhodgins

Comment 2 Olivier Delaune 2011-12-14 09:28:52 CET 
Testing on 64-bits
No problem detected

CC: (none) => olivier.delaune

Comment 3 claire robinson 2011-12-14 13:15:21 CET 
Thankyou Olivier.

Validating the update.

Advisory: 

- new upstream release 16.0.912.63 (113337)
- security fixes
 * [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
 * [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml.
 * [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
 * [99016] High CVE-2011-3907: URL bar spoofing with view-source.
 * [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
 * [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
   property array.
 * [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
   handling.
 * [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
 * [102359] High CVE-2011-3912: Use-after-free in SVG filters.
 * [103921] High CVE-2011-3913: Use-after-free in Range handling.
 * [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
 * [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
 * [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references.
 * [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
 * [107258] High CVE-2011-3904: Use-after-free in bidi handling.



SRPM: chromium-browser-stable-16.0.912.63-0.1.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All

Comment 4 Thomas Backlund 2011-12-14 17:30:34 CET 
Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED