Upstream has released version 45.0.2454.85 on September 1: http://googlechromereleases.blogspot.co.uk/2015/09/stable-channel-update.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
URL: (none) => http://lwn.net/Vulnerabilities/656401/
chromium-browser-stable-45.0.2454.85-1.mga6 uploaded for Cauldron. Debian has issued an advisory for this on September 3: https://www.debian.org/security/2015/dsa-3351
Version: Cauldron => 5Whiteboard: MGA5TOO, MGA4TOO => MGA4TOO
Updated packages uploaded for Mageia 4 and Mageia 5. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium (CVE-2015-1291, CVE-2015-1292, CVE-2015-1293, CVE-2015-1294, CVE-2015-1295, CVE-2015-1296, CVE-2015-1297, CVE-2015-1298, CVE-2015-1299, CVE-2015-1300, CVE-2015-1301). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1299 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1301 http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_28.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_20.html http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html https://rhn.redhat.com/errata/RHSA-2015-1712.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-45.0.2454.85-1.mga4 chromium-browser-stable-45.0.2454.85-1.mga4 chromium-browser-45.0.2454.85-1.mga5 chromium-browser-stable-45.0.2454.85-1.mga5 from SRPMS: chromium-browser-45.0.2454.85-1.mga4.src.rpm chromium-browser-45.0.2454.85-1.mga5.src.rpm
CC: (none) => cjwAssignee: cjw => qa-bugsSeverity: normal => critical
I'm going to do MGA5-64 now (and later MGA5-32).
CC: (none) => shlomif
(In reply to Shlomi Fish from comment #3) > I'm going to do MGA5-64 now (and later MGA5-32). tested chromium-browser-stable / chromium-browser on a Mageia 5 x86-64 VirtualBox VM. Everything seems to be working fine except for sound in the YouTube video that I tried (the video displayed fine) but that maybe a VBox problem. Marking as MGA5-64-OK. Will do MGA5-32 now.
Whiteboard: MGA4TOO => MGA4TOO MGA5-64-OK
Tested fine on Mageia 4 i586 too. Youtube is spotty, I haven't seen any with no sound, but have seen some where the video won't play at all. It just depends on the codecs used. I don't have Pepper Flash here and don't have tainted stuff, so it just depends on what HTML5 can run.
Whiteboard: MGA4TOO MGA5-64-OK => MGA4TOO MGA4-32-OK MGA5-64-OK
I've got some bad news: on MGA5-i586 (on a VBox VM), I'm getting this on YouTube videos: http://www.shlomifish.org/Files/files/images/chromium-browser-in-an-mga5-i586-vm.png It happens on all YouTube videos that I tried (and I tried 3 including one that worked fine on MGA5-x86-64). What should we do?
(In reply to Shlomi Fish from comment #6) > I've got some bad news: on MGA5-i586 (on a VBox VM), I'm getting this on > YouTube videos: > > http://www.shlomifish.org/Files/files/images/chromium-browser-in-an-mga5- > i586-vm.png > > It happens on all YouTube videos that I tried (and I tried 3 including one > that worked fine on MGA5-x86-64). What should we do? The same problem is also happening after rebooting the VM.
It's working ok here, both in a Mageia 5 i586 real hardware system, and a Mageia 5 i586 vb guest running on a Mageia 4 x86_64 host.
CC: (none) => davidwhodgins
(In reply to Dave Hodgins from comment #8) > It's working ok here, both in a Mageia 5 i586 real hardware system, and a > Mageia > 5 i586 vb guest running on a Mageia 4 x86_64 host. I've now checked it on a fresh install of Mageia 5 i586 from the KDE-LiveCD on a 32-bit VBox VM and can reproduce the same problem there. So it's strange.
Lets remember that this is a security fix not a catch all bug for anything and everything that's wrong with the chromium-browser. Especially for problems that have been around for awhile. If the basic browser functions are there then lets move this along.
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: chromium-browser default install of chromium-browser [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-44.0.2403.107-1.mga4.x86_64 is already installed Basic functions of the browser works. install package from updates_testing [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-45.0.2454.85-1.mga4.x86_64 is already installed Basic functions of the browser works.
Whiteboard: MGA4TOO MGA4-32-OK MGA5-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-64-OK
In VirtualBox, M5, KDE, 32-bit Package(s) under test: chromium-browser default install of chromium-browser [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-44.0.2403.107-1.mga5.i586 is already installed Basic functions of the browser works. install package from updates_testing [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-45.0.2454.85-1.mga5.i586 is already installed Basic functions of the browser works.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA4 & MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Thanks William, you're absolutely right, and this isn't a new issue, as I already explained in Comment 5. It's no different in 45 than it was in 44.
Advisory uploaded.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0356.html
Status: NEW => RESOLVEDResolution: (none) => FIXED