Upstream has released version 31.0.1650.48 today (November 12): http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO, MGA2TOO
Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. I'll wait until another vendor posts an update for the full advisory, but some information about the security issues fixed is in the upstream blog post. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-31.0.1650.48-1.mga2 chromium-browser-31.0.1650.48-1.mga2 chromium-browser-stable-31.0.1650.48-1.mga3 chromium-browser-31.0.1650.48-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-31.0.1650.48-1.mga3 chromium-browser-31.0.1650.48-1.mga3 from SRPMS: chromium-browser-stable-31.0.1650.48-1.mga2.src.rpm chromium-browser-stable-31.0.1650.48-1.mga3.src.rpm
Version: Cauldron => 3Assignee: bugsquad => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOOSeverity: normal => critical
David could you remember to list the tainted srpm for this one too please. It was forgotten about a couple of updates ago and not pushed. chromium-browser-stable-31.0.1650.48-1.mga2.src.rpm chromium-browser-stable-31.0.1650.48-1.mga3.src.rpm chromium-browser-stable-31.0.1650.48-1.mga3.tainted.src.rpm
Testing complete mga2 32 https, Flash, browsing, java, javascript, html5, google account See bug 11554 for previous update and testing ideas. The tainted version in mga3 should enable it to play mp3.
Whiteboard: MGA2TOO => MGA2TOO has_procedure mga2-32-ok
Tested https, google account, java, javascript, browsing, flash in core and tainted for mga3-64, all ok. mp3 plays in tainted verison.
CC: (none) => wrw105Whiteboard: MGA2TOO has_procedure mga2-32-ok => MGA2TOO has_procedure mga2-32-ok mga3-64-ok
tested mga3-32 as in comment 4, all OK in core and tainted, tainted plays mp3.
Whiteboard: MGA2TOO has_procedure mga2-32-ok mga3-64-ok => MGA2TOO has_procedure mga2-32-ok mga3-64-ok mga3-32-ok
Testing complete mga2 64
Whiteboard: MGA2TOO has_procedure mga2-32-ok mga3-64-ok mga3-32-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-64-ok mga3-32-ok
Validating. Advisory uploaded with temporary description which will need to be updated when details become available. +description: | + This updates chromium-browser-stable to the latest stable version fixing + multiple security vulnerbilities, details will be posted when available. Could sysadmin please push from 2&3 core/updates_testing and 3 tainted/updates_testing to updates. Thanks!
really validating..
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-64-ok mga3-32-ok => MGA2TOO advisory has_procedure mga2-32-ok mga2-64-ok mga3-64-ok mga3-32-ok
Preliminary advisory based on upstream blog post... Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Various fixes from internal audits, fuzzing and other initiatives (CVE-2013-2931). Use after free related to speech input elements (CVE-2013-6621). Use after free related to media elements (CVE-2013-6622). Out of bounds read in SVG (CVE-2013-6623). Use after free related to âidâ attribute strings (CVE-2013-6624). Use after free in DOM ranges (CVE-2013-6625). Address bar spoofing related to interstitial warnings (CVE-2013-6626). Out of bounds read in HTTP parsing (CVE-2013-6627). Issue with certificates not being checked during TLS renegotiation (CVE-2013-6628). libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630). Use after free in libjingle (CVE-2013-6631). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2931 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6623 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6631 http://permalink.gmane.org/gmane.comp.security.full-disclosure/90919 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
Added to svn, thanks.
Update pushed: http://advisories.mageia.org/MGASA-2013-0324.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/573814/
Debian has issued an advisory for this on November 16: http://lists.debian.org/debian-security-announce/2013/msg00211.html It lists one more CVE that our advisory missed (I wish I knew where they got it from), CVE-2013-6632. "Pinkie Pie discovered multiple memory corruption issues (CVE-2013-6632)." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632 LWN reference for CVE-2013-6632: http://lwn.net/Vulnerabilities/574199/
Ahh, I didn't notice that Debian's update was to 31.0.1650.57, which fixes CVE-2013-6632: http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html We'll need to issue another update (there's an even newer version with more security fixes).