Upstream has released version 43.0.2357.130 on June 23: http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
chromium-browser-stable-43.0.2357.130-1.mga6 uploaded for Cauldron.
Version: Cauldron => 5Whiteboard: MGA5TOO, MGA4TOO => MGA4TOO
RedHat has issued an advisory for this today (June 25): https://rhn.redhat.com/errata/RHSA-2015-1188.html
URL: (none) => http://lwn.net/Vulnerabilities/649372/
Updated packages are ready for testing: MGA4 SRPM: chromium-browser-stable-43.0.2357.130-1.mga4.src.rpm RPMS: chromium-browser-stable-43.0.2357.130-1.mga4.i586.rpm chromium-browser-43.0.2357.130-1.mga4.i586.rpm chromium-browser-stable-43.0.2357.130-1.mga4.x86_64.rpm chromium-browser-43.0.2357.130-1.mga4.x86_64.rpm MGA5 SRPM: chromium-browser-stable-43.0.2357.130-1.mga5.src.rpm RPMS: chromium-browser-stable-43.0.2357.130-1.mga5.i586.rpm chromium-browser-43.0.2357.130-1.mga5.i586.rpm chromium-browser-stable-43.0.2357.130-1.mga5.x86_64.rpm chromium-browser-43.0.2357.130-1.mga5.x86_64.rpm Proposed advisory: Chromium-browser 43.0.2357.130 fixes the following security issues: A scheme validation error in WebUI (CVE-2015-1266). Two cross-origin bypass issues in Blink (CVE-2015-1267, CVE-2015-1268). A normalization error in the HSTS/HPKP preload list (CVE-2015-1269). This update also disables the automatic, silent downloading and installation of "external components" like the hotword extension. References: http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909
CC: (none) => cjwAssignee: cjw => qa-bugs
Tested on an MGA5-i586 VM - everything seems fine.
CC: (none) => shlomifWhiteboard: MGA4TOO => MGA4TOO MGA5-32-OK
Tested on an x86-64 MGA4 VM - everything seems fine in the new chromium.
Whiteboard: MGA4TOO MGA5-32-OK => MGA4TOO MGA5-32-OK MGA4-64-OK
Add MGA4-32-OK because tested ok on a Mageia 4 i586 VM.
Whiteboard: MGA4TOO MGA5-32-OK MGA4-64-OK => MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK
MGA5-64-OK ing it .
Whiteboard: MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK => MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK
Advisory committed to svn. Someone from the sysadmin team please push 16190.adv to updates for Mageia 4 and 5.
Keywords: (none) => validated_updateWhiteboard: MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK => MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
Advisory is missing from SVN.
Whiteboard: MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory => MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK
Sorry, forgot to run the svn add before the svn ci. It's there now.
Whiteboard: MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK => MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0265.html
Status: NEW => RESOLVEDResolution: (none) => FIXED