Upstream has released version 51.0.2704.79 on June 1: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
RedHat has issued an advisory for this on June 2: https://access.redhat.com/errata/RHSA-2016:1201
URL: (none) => http://lwn.net/Vulnerabilities/689718/
Packages are available for testing: MGA5 SRPM: chromium-browser-stable-51.0.2704.79-1.mga5.src.rpm RPMS: chromium-browser-stable-51.0.2704.79-1.mga5.i586.rpm chromium-browser-51.0.2704.79-1.mga5.i586.rpm chromium-browser-stable-51.0.2704.79-1.mga5.x86_64.rpm chromium-browser-51.0.2704.79-1.mga5.x86_64.rpm Proposed advisory: Chromium-browser-stable 51.0.2704.79 fixes security issues: cross-origin bypass problems in extension bindings (CVE-2016-1696) and blink (CVE-2016-1697), an information leak in extension bindings (CVE-2016-1698), a parameter sanitization failure in devtools (CVE-2016-1699), use-after-free bugs in extensions (CVE-2016-1700) and autofill (CVE-2016-1701), an out-of-bounds read in skia (CVE-2016-1702), and various fixes from upstream's internal audits, fuzzing, and other initiatives (CVE-2016-1703). References: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1703
CC: (none) => cjwAssignee: cjw => qa-bugs
Tested general browsing, JetStream for Javascript, youtube videos for video playback, acid3 for rendering, all OK, Mga5-64.
CC: (none) => wrw105Whiteboard: (none) => has_procedure mga5-64-ok
I was only able to install this if I also installed the libpng update in updates_testing as well. I will have to make this Bug dependent on that.
In VirtualBox, M5, KDE, 32-bit Package(s) under test: chromium-browser chromium-browser-stable libpng16_16 default install of chromium-browser chromium-browser-stable libpng16_16 from updates_testing [root@localhost wilcal]# urpmi chromium-browser-stable Package chromium-browser-stable-51.0.2704.63-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-51.0.2704.63-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libpng16_16 Package libpng16_16-1.6.20-1.mga5.i586 is already installed Chromium works, many websites are accessible, YouTube/Vimeo videos play, common plugins are active. weather.com works. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok https://chromium.github.io/octane/ measures: 25574 install chromium-browser chromium-browser-stable libpng16_16 from updates_testing [root@localhost wilcal]# urpmi chromium-browser-stable Package chromium-browser-stable-51.0.2704.79-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-51.0.2704.79-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libpng16_16 Package libpng16_16-1.6.22-1.mga5.i586 is already installed Chromium works, many websites are accessible, YouTube/Vimeo videos play, common plugins are active. weather.com works. http://www.webstandards.org/files/acid2/test.html#top test ok http://acid3.acidtests.org/ test ok https://chromium.github.io/octane/ measures: 25221
CC: (none) => wilcal.int
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok
This looks good David. What you say?
Yeah, it'll just need the libpng update to go out with it then. The Thunderbird update is stalled and Firefox probably won't be to QA until Wednesday, so we can just move the libpng update to go with this one. SRPMS to be listed in the SVN advisory: chromium-browser-stable-51.0.2704.79-1.mga5.src.rpm libpng-1.6.22-1.mga5.src.rpm Also, we should really get the libxslt update (Bug 18547) out along with this one, as it really should have gone with the last chromium update.
Upstream has released version 51.0.2704.84 on June 6: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_6.html It's just a bugfix release. Christiaan, did you want to push that one?
(In reply to David Walser from comment #8) > Upstream has released version 51.0.2704.84 on June 6: > http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_6.html > > It's just a bugfix release. Christiaan, did you want to push that one? No. Maybe for cauldron but as a rule a stable Mageia release only gets security updates from upstream package releases.
(In reply to Christiaan Welvaart from comment #9) > (In reply to David Walser from comment #8) > > Upstream has released version 51.0.2704.84 on June 6: > > http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_6.html > > > > It's just a bugfix release. Christiaan, did you want to push that one? > > No. Maybe for cauldron but as a rule a stable Mageia release only gets > security updates from upstream package releases. Sure, but we've used the bugfix updates before when there was a pending security update that had not yet been pushed.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0218.html
Status: NEW => RESOLVEDResolution: (none) => FIXED