Debian has issued an advisory on May 3: https://www.debian.org/security/2014/dsa-2920 These issues are fixed in 34.0.1847.132 upstream: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. The tainted builds are still building, so they won't be available for a few hours, as we have only one build node in the build system right now. The core builds are already uploaded. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library (CVE-2014-1730). John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation (CVE-2014-1731). Khalil Zhani discovered a use-after-free issue in the speech recognition feature (CVE-2014-1732). Jed Davis discovered a way to bypass the seccomp-bpf sandbox (CVE-2014-1733). The Google Chrome development team discovered and fixed multiple issues with potential security impact (CVE-2014-1734). The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library (CVE-2014-1735). SkyLined discovered an integer overlflow issue in the v8 javascript library (CVE-2014-1736). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1736 http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html https://www.debian.org/security/2014/dsa-2920 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-34.0.1847.132-2.mga3 chromium-browser-34.0.1847.132-2.mga3 chromium-browser-stable-34.0.1847.132-2.mga4 chromium-browser-34.0.1847.132-2.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-34.0.1847.132-2.mga3 chromium-browser-34.0.1847.132-2.mga3 chromium-browser-stable-34.0.1847.132-2.mga4 chromium-browser-34.0.1847.132-2.mga4 from SRPMS: chromium-browser-stable-34.0.1847.132-2.mga3.src.rpm chromium-browser-stable-34.0.1847.132-2.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Tested mga4-32 Usual browser tests: sunspider, javatester, youtube, mp3 test for tainted build, general browsing. Will catch the 64 bit under both versions in the AM (US East coast time) if nobody beats me to them.
CC: (none) => wrw105Whiteboard: MGA3TOO => MGA3TOO mga4-32-ok
tested mga3-64 All as above. Will be a few hours before I can get to the others.
Whiteboard: MGA3TOO mga4-32-ok => MGA3TOO mga4-32-ok mga3-64-ok
Advisory uploaded. Remembered to add the tainted SRPMs.
Whiteboard: MGA3TOO mga4-32-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga3-64-ok
Sorry Bill, I thought others would be able to test a web browser. Testing complete mga4 64, testing mga3 32 next.
Whiteboard: MGA3TOO has_procedure advisory mga4-32-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-64-ok
Testing complete mga3 32 Validating. Could sysadmin please push to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-64-ok => MGA3TOO has_procedure advisory mga4-32-ok mga4-64-ok mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0213.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED