Upstream has released version 32.0.1700.77 on January 14: http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Assignee: bugsquad => dmorganec
Upstream has released version 32.0.1700.102 on January 27: http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html It fixes some regressions in the previous version and two security issues.
Summary: chromium-browser-stable new security issues fixed in 32.0.1700.77 => chromium-browser-stable new security issues fixed in 32.0.1700.102Whiteboard: MGA3TOO => MGA4TOO, MGA3TOO
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Use-after-free related to forms (CVE-2013-6641). Unprompted sync with an attackerâs Google account (CVE-2013-6643). Various fixes from internal audits, fuzzing and other initiatives (CVE-2013-6644). Use-after-free related to speech input elements (CVE-2013-6645). Use-after-free in web workers (CVE-2013-6646). Use-after-free in SVG images (CVE-2013-6649). Memory corruption in v8 before version 3.22.24.16 (CVE-2013-6650). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6646 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650 http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-32.0.1700.102-1.mga3 chromium-browser-32.0.1700.102-1.mga3 chromium-browser-stable-32.0.1700.102-1.mga4 chromium-browser-32.0.1700.102-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-32.0.1700.102-1.mga3 chromium-browser-32.0.1700.102-1.mga3 chromium-browser-stable-32.0.1700.102-1.mga4 chromium-browser-32.0.1700.102-1.mga4 from SRPMS: chromium-browser-stable-32.0.1700.102-1.mga3.src.rpm chromium-browser-stable-32.0.1700.102-1.mga4.src.rpm
Version: Cauldron => 4Assignee: dmorganec => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOOSeverity: normal => major
There are actually tainted srpms too so.. chromium-browser-stable-32.0.1700.102-1.mga3.src.rpm chromium-browser-stable-32.0.1700.102-1.mga4.src.rpm chromium-browser-stable-32.0.1700.102-1.mga3.tainted.src.rpm chromium-browser-stable-32.0.1700.102-1.mga4.tainted.src.rpm
tested mga3-64, core and tainted. Browsed various websites, tested javascript with sunspider, java with javatester.org, flash with youtube and a flash game. In tainted tested an mp3 from https://archive.org/details/testmp3testfile All OK.
CC: (none) => wrw105Whiteboard: MGA3TOO => MGA3TOO mga3-64-ok
Mga4-32 tested as above, all OK
Whiteboard: MGA3TOO mga3-64-ok => MGA3TOO mga3-64-ok mga4-32-ok
Whiteboard: MGA3TOO mga3-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok
Tested mga4-64, Testing complete for chromium-browser-stable-32.0.1700.102-1.mga4, nothing to report.
CC: (none) => geiger.david68210Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok
Tested mga3-32 as in comment 4, all OK. Update just needs the advisory update for validation.
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok
the advisory of comment #2 is not enough ?
CC: (none) => mageia
Yes, he's referring to me needing to add it to svn. Thanks Bill!
and David
Advisory uploaded. Validating Could sysadmin please push from 3&4 core & tainted updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-ok => MGA3TOO has_procedure advisory mga3-64-ok mga4-32-ok mga4-64-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0037.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/585198/
Debian has issued an advisory for this on February 16: http://www.debian.org/security/2014/dsa-2862