Debian has issued an advisory on October 26:
This updates to the newest security release, from upstream on October 15:
There is an even newer bugfix release for Linux, from October 22:
This is the current version for Linux on the stable channel:
The new security issues fixed are CVE-2013-2925 through CVE-2013-2928.
Steps to Reproduce:
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Note: Mageia 3 includes a tainted build.
Updated chromium-browser-stable packages fix security vulnerabilities:
Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP
request implementation (CVE-2013-2925).
cloudfuzzer discovered a use-after-free issue in the list indenting
cloudfuzzer discovered a use-after-free issue in the HTML form submission
The chrome 30 development team found various issues from internal fuzzing,
audits, and other studies (CVE-2013-2928).
This updates to the newest version from the Linux stable channel, fixing
these and several other issues.
Updated packages in core/updates_testing:
Updated packages in tainted/updates_testing:
No exploits on securityfocus.
Testing mga3-64, general use.
tested mga3-64 from core/updates_testing
general browsing: OK
Java from javatester: OK
flash from Youtube: OK
Tested mga3-64 from tainted/updates_testing as in comment 3, plus https://archive.org/details/testmp3testfile for mp3.
Tested mga3-32 from core/updates_testing as in comment 3. All OK.
Tested mga3-32 from tainted/updates_testing as in comment 4. All OK.
tested mga2-32 as in comment 3. All Ok.
As I don't have a mga2-64 setup, I'll leave that for someone else.
Thanks Bill, i'll do that now
Testing complete mga2 64
Actually 3 srpms for this..
Validating. Advisory uploaded.
Could sysadmin please push from 2&3 core/updates_testing to updates