Upstream has released version 28.0.1500.95 on August 20: http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
Debian has issued an advisory for this on August 25: http://www.debian.org/security/2013/dsa-2741
URL: (none) => http://lwn.net/Vulnerabilities/564817/
The stable channel has been upated to 29.0.1547.65: http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html D Morgan uploaded 29.0.1547.72 to Cauldron, which is actually older: http://src.chromium.org/viewvc/chrome/releases/ This should probably be reverted.
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. Note: Mageia 3 includes a tainted build. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: The chrome 29 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2887). Krystian Bigaj discovered a file handling path sanitization issue (CVE-2013-2900). Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer (CVE-2013-2901). cloudfuzzer discovered a use-after-free issue in XSLT (CVE-2013-2902). cloudfuzzer discovered a use-after-free issue in HTMLMediaElement (CVE-2013-2903). cloudfuzzer discovered a use-after-free issue in XML document parsing (CVE-2013-2904). Christian Jaeger discovered an information leak due to insufficient file permissions (CVE-2013-2905). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2905 http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html http://www.debian.org/security/2013/dsa-2741 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-29.0.1547.65-1.mga2 chromium-browser-29.0.1547.65-1.mga2 chromium-browser-stable-29.0.1547.65-1.mga3 chromium-browser-29.0.1547.65-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-29.0.1547.65-1.mga3 chromium-browser-29.0.1547.65-1.mga3 from SRPMS: chromium-browser-stable-29.0.1547.65-1.mga2.src.rpm chromium-browser-stable-29.0.1547.65-1.mga3.src.rpm
Version: Cauldron => 3Assignee: dmorganec => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOO
Advisory 11049.adv committed to svn.
CC: (none) => davidwhodgins
Added the srpm chromium-browser-stable-29.0.1547.65-1.mga3.tainted to the advisory. Testing complete Mageia 2 and 3, i586 and x86_64, including tainted on Mageia 3. Someone from the sysadmin team please push 11049.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0278.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)