Google has issued an advisory on July 21: http://googlechromereleases.blogspot.cz/2015/07/stable-channel-update_21.html The expat issue also affects the system version. Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated expat package fixes security vulnerabilities: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 http://googlechromereleases.blogspot.cz/2015/07/stable-channel-update_21.html ======================== Updated packages in core/updates_testing: ======================== expat-2.1.0-7.1.mga4 libexpat1-2.1.0-7.1.mga4 libexpat-devel-2.1.0-7.1.mga4 expat-2.1.0-9.1.mga5 libexpat1-2.1.0-9.1.mga5 libexpat-devel-2.1.0-9.1.mga5 from SRPMS: expat-2.1.0-7.1.mga4.src.rpm expat-2.1.0-9.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 16444
Whiteboard: (none) => MGA4TOO
adding mga4-32-ok.
CC: (none) => shlomifWhiteboard: MGA4TOO => MGA4TOO MGA4-32-OK
(In reply to Shlomi Fish from comment #1) > adding mga4-32-ok. Can you tell how you tested?
Embryo of procedure there: https://bugs.mageia.org/show_bug.cgi?id=5141#c7
(In reply to Samuel VERSCHELDE from comment #2) > (In reply to Shlomi Fish from comment #1) > > adding mga4-32-ok. > > Can you tell how you tested? Yes, I tested the new chromium-browser with it and it seemed to work fine. That's what Luigi told me to mark it here.
CC: (none) => davidwhodginsWhiteboard: MGA4TOO MGA4-32-OK => MGA4TOO MGA4-32-OK advisory
Testing complete. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA4TOO MGA4-32-OK advisory => MGA4TOO MGA4-32-OK advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0285.html
Status: NEW => RESOLVEDResolution: (none) => FIXED