Debian has issued an advisory on December 7: http://www.debian.org/security/2013/dsa-2811 These issues are fixed in 31.0.1650.63 upstream: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates We also missed a previous update that fixed one security issue: http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html Debian fixed that one as part of their previous update: http://www.debian.org/security/2013/dsa-2799 CVE-2013-6632 is the one we still need to fix, as I referenced here: https://bugs.mageia.org/show_bug.cgi?id=11657#c12 Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Blocks: (none) => 11726
chromium-browser-stable-31.0.1650.63-1.mga4 uploaded for Cauldron.
Version: Cauldron => 3Blocks: 11726 => (none)Whiteboard: MGA3TOO => (none)
Updated packages uploaded for Mageia 3. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Pinkie Pie discovered multiple memory corruption issues (CVE-2013-6632). Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper (CVE-2013-6634). cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing commands (CVE-2013-6635). Bas Venis discovered an address bar spoofing issue (CVE-2013-6636). The chrome 31 development team discovered and fixed multiple issues with potential security impact (CVE-2013-6637). Jakob Kummerow of the Chromium project discovered a buffer overflow in the v8 javascript library (CVE-2013-6638). Jakob Kummerow of the Chromium project discovered an out-of-bounds write in the v8 javascript library (CVE-2013-6639). Jakob Kummerow of the Chromium project discovered an out-of-bounds read in the v8 javascript library (CVE-2013-6640). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html http://www.debian.org/security/2013/dsa-2799 http://www.debian.org/security/2013/dsa-2811 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-31.0.1650.63-1.mga3 chromium-browser-31.0.1650.63-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-31.0.1650.63-1.mga3 chromium-browser-31.0.1650.63-1.mga3 from chromium-browser-stable-31.0.1650.63-1.mga3.src.rpm
Assignee: bugsquad => qa-bugs
2 srpms for this again. chromium-browser-stable-31.0.1650.63-1.mga3.src.rpm chromium-browser-stable-31.0.1650.63-1.mga3.tainted.src.rpm If just the core srpm is pushed then the tainted is left in testing.
Testing complete mga3 32 Tested java, flash, https, addons, javascript Core version plays mp3 through vlc plugin & tainted version plays it natively. mp3: http://robtowns.com/music/blind_willie.mp3 Java: http://www.javatester.org/version.html Javascript: http://www.webkit.org/perf/sunspider/sunspider.html Flash: http://www.youtube.com/watch?v=5qr1YLO9fko https: https://bugs.mageia.org/show_bug.cgi?id=11935
Whiteboard: (none) => has_procedure mga3-32-ok
Testing complete mga3 64
Whiteboard: has_procedure mga3-32-ok => has_procedure mga3-32-ok mga3-64-ok
Advisory uploaded. Validating. Could sysadmin please push from 3 core & tainted/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-32-ok mga3-64-ok => has_procedure advisory mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0383.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED