Upstream has released version 33.0.1750.152 on March 14: http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates They also released 33.0.1750.149 since our last update, fixing security issues: http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html Reproducible: Steps to Reproduce:
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Use-after-free in speech (CVE-2014-1700). UXSS in events (CVE-2014-1701). Use-after-free in web database (CVE-2014-1702). Potential sandbox escape due to a use-after-free in web sockets (CVE-2014-1703). Multiple vulnerabilities in V8 fixed in version 3.23.17.18 (CVE-2014-1704). Memory corruption in V8 (CVE-2014-1705). Use-after-free in Blink bindings (CVE-2014-1713). Directory traversal issue (CVE-2014-1715). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1715 http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-33.0.1750.152-1.mga3 chromium-browser-33.0.1750.152-1.mga3 chromium-browser-stable-33.0.1750.152-1.mga4 chromium-browser-33.0.1750.152-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-33.0.1750.152-1.mga3 chromium-browser-33.0.1750.152-1.mga3 chromium-browser-stable-33.0.1750.152-1.mga4 chromium-browser-33.0.1750.152-1.mga4 from SRPMS: chromium-browser-stable-33.0.1750.152-1.mga3.src.rpm chromium-browser-stable-33.0.1750.152-1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: (none) => MGA3TOO
No PoCs on SecurityFocus. Testing mga4-64.
CC: (none) => wrw105
Tested mga4-64. Sunspider for javascript General browsing javatester.org for java youtube for flash https://archive.org/details/testmp3testfile on tainted build for mp3. All OK.
Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok
mga3-64 tested as above, all OK.
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok
mga4-32 tested as above, all OK.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok
Tested mga3-32 as above, all OK. Ready to validate when advisory is uploaded to SVN.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok
Advisory uploaded, pleash push to 3 & 4 {core,tainted}/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga4-32-ok mga3-32-ok advisoryCC: (none) => remi, sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0134.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/591215/