Mageia Bugzilla – Bug 12314
chromium-browser-stable new security issues fixed in 32.0.1700.102
Last modified: 2014-02-18 17:41:19 CET
Upstream has released version 32.0.1700.77 on January 14:
This fixes a handful of new security issues.
This is the current version in the stable channel:
Steps to Reproduce:
Upstream has released version 32.0.1700.102 on January 27:
It fixes some regressions in the previous version and two security issues.
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Note to QA: there are both core and tainted builds for this package.
Use-after-free related to forms (CVE-2013-6641).
Unprompted sync with an attacker’s Google account (CVE-2013-6643).
Various fixes from internal audits, fuzzing and other initiatives
Use-after-free related to speech input elements (CVE-2013-6645).
Use-after-free in web workers (CVE-2013-6646).
Use-after-free in SVG images (CVE-2013-6649).
Memory corruption in v8 before version 18.104.22.168 (CVE-2013-6650).
Updated packages in core/updates_testing:
Updated packages in tainted/updates_testing:
There are actually tainted srpms too so..
tested mga3-64, core and tainted.
In tainted tested an mp3 from https://archive.org/details/testmp3testfile
Mga4-32 tested as above, all OK
Testing complete for chromium-browser-stable-32.0.1700.102-1.mga4, nothing to report.
Tested mga3-32 as in comment 4, all OK.
Update just needs the advisory update for validation.
the advisory of comment #2 is not enough ?
Yes, he's referring to me needing to add it to svn.
Advisory uploaded. Validating
Could sysadmin please push from 3&4 core & tainted updates_testing to updates
Debian has issued an advisory for this on February 16: