Upstream has released version 33.0.1750.177 on February 20: http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Use-after-free related to web contents (CVE-2013-6653). Bad cast in SVG (CVE-2013-6654). Use-after-free in layout (CVE-2013-6655). Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657). Use-after-free in layout (CVE-2013-6658). Issue with certificates validation in TLS handshake (CVE-2013-6659). Information leak in drag and drop (CVE-2013-6660). Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers (CVE-2013-6661). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-33.0.1750.117-1.mga3 chromium-browser-33.0.1750.117-1.mga3 chromium-browser-stable-33.0.1750.117-1.mga4 chromium-browser-33.0.1750.117-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-33.0.1750.117-1.mga3 chromium-browser-33.0.1750.117-1.mga3 chromium-browser-stable-33.0.1750.117-1.mga4 chromium-browser-33.0.1750.117-1.mga4 from SRPMS: chromium-browser-stable-33.0.1750.117-1.mga3.src.rpm chromium-browser-stable-33.0.1750.117-1.mga4.src.rpm
URL: (none) => qa-bugs@ml.mageia.orgVersion: Cauldron => 4Whiteboard: MGA4TOO, MGA3TOO => MGA3TOOSeverity: normal => critical
Oops, QA is not a URL. Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Use-after-free related to web contents (CVE-2013-6653). Bad cast in SVG (CVE-2013-6654). Use-after-free in layout (CVE-2013-6655). Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657). Use-after-free in layout (CVE-2013-6658). Issue with certificates validation in TLS handshake (CVE-2013-6659). Information leak in drag and drop (CVE-2013-6660). Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers (CVE-2013-6661). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-33.0.1750.117-1.mga3 chromium-browser-33.0.1750.117-1.mga3 chromium-browser-stable-33.0.1750.117-1.mga4 chromium-browser-33.0.1750.117-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-33.0.1750.117-1.mga3 chromium-browser-33.0.1750.117-1.mga3 chromium-browser-stable-33.0.1750.117-1.mga4 chromium-browser-33.0.1750.117-1.mga4 from SRPMS: chromium-browser-stable-33.0.1750.117-1.mga3.src.rpm chromium-browser-stable-33.0.1750.117-1.mga4.src.rpm
URL: qa-bugs@ml.mageia.org => (none)Assignee: bugsquad => qa-bugs
No PoC on Securityfocus. Testing mga4-32
CC: (none) => wrw105
Did the usual browser tests: sunspider, javatester, general browsing, youtube for flash, mp3 at https://archive.org/details/testmp3testfile for the tainted build, all OK.
Whiteboard: MGA3TOO => MGA3TOO mga4-32-ok
Tested mga3-32 as above, all OK.
Whiteboard: MGA3TOO mga4-32-ok => MGA3TOO mga4-32-ok mga3-32-ok
Tested mga4-64 as above, all OK.
Whiteboard: MGA3TOO mga4-32-ok mga3-32-ok => MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok
Tested mga3-64 as above, all OK. Update just needs advisory uploaded to svn to validate.
Whiteboard: MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok => MGA3TOO mga4-32-ok mga3-32-ok mga4-64-ok mga3-64-ok
In Whiteboard: MGA3-64-OK In VirtualBox, M3, KDE, 64-bit Package(s) under test: chromium-browser-stable default install of chromium [root@localhost wilcal]# urpmi chromium-browser-stable Package chromium-browser-stable-32.0.1700.102-1.mga3.tainted.x86_64 is already installed Successfully plays flash videos, cnn.com, successfully passes: http://www.webstandards.org/files/acid2/test.html#top http://acid3.acidtests.org/ install chromium-browser-stable from updates_testing [root@localhost wilcal]# urpmi chromium-browser-stable Package chromium-browser-stable-33.0.1750.117-1.mga3.tainted.x86_64 is already installed Successfully plays flash videos, cnn.com, successfully passes: http://www.webstandards.org/files/acid2/test.html#top http://acid3.acidtests.org/ Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver VirtualBox 4.3.6-1.mga4.x86_64.rpm
CC: (none) => wilcal.int
I think we can go ahead and push this one.
Thanks guys. Validating. Added the missing tainted srpms to the advisory again.. 3: core: - chromium-browser-stable-33.0.1750.117-1.mga3 tainted: - chromium-browser-stable-33.0.1750.117-1.mga3.tainted 4: core: - chromium-browser-stable-33.0.1750.117-1.mga4 tainted: - chromium-browser-stable-33.0.1750.117-1.mga4.tainted Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0107.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/588859/