Bug 18722 - chromium-browser-stable new security issues fixed in 51.0.2704.103
Summary: chromium-browser-stable new security issues fixed in 51.0.2704.103
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/692035/
Whiteboard: advisory MGA5-32-OK MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-06-17 14:26 CEST by David Walser
Modified: 2016-06-23 01:41 CEST (History)
4 users (show)

See Also:
Source RPM: chromium-browser-stable-51.0.2704.79-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-06-17 14:26:38 CEST
Upstream has released version 51.0.2704.103 on June 16:
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

There was also a bugfix release since our last update:
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_6.html
Comment 1 Christiaan Welvaart 2016-06-18 22:18:19 CEST
Packages are available for testing:

MGA5
SRPM:
chromium-browser-stable-51.0.2704.103-1.mga5.src.rpm
RPMS:
chromium-browser-stable-51.0.2704.103-1.mga5.i586.rpm
chromium-browser-51.0.2704.103-1.mga5.i586.rpm
chromium-browser-stable-51.0.2704.103-1.mga5.x86_64.rpm
chromium-browser-51.0.2704.103-1.mga5.x86_64.rpm


Proposed advisory:


Chromium-browser-stable 51.0.2704.103 contains various security fixes from upstream's internal audits, fuzzing and other initiatives (CVE-2016-1704) as well as other bug fixes.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_6.html

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 2 David Walser 2016-06-18 23:55:17 CEST
Works fine on Mageia 5 i586.

Whiteboard: (none) => MGA5-32-OK

Comment 3 David Walser 2016-06-20 16:28:51 CEST
Works fine on Mageia 5 x86_64 too.

Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK

David Walser 2016-06-20 19:45:25 CEST

URL: (none) => http://lwn.net/Vulnerabilities/692035/

Comment 4 Lewis Smith 2016-06-20 20:43:26 CEST
Great & speedy work David; thanks a lot. Validating; Advisory to be uploaded.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 claire robinson 2016-06-22 16:05:46 CEST
Fine here too 32 & 64bit. Advisory uploaded.

Whiteboard: MGA5-32-OK MGA5-64-OK => advisory MGA5-32-OK MGA5-64-OK

Comment 6 Mageia Robot 2016-06-22 18:37:25 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0231.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 katnatek 2016-06-22 22:07:47 CEST
Sorry for the noise, but why this is not compiled with widevine support like the cauldron's version?

CC: (none) => j.alberto.vc

Comment 8 Christiaan Welvaart 2016-06-22 23:35:21 CEST
(In reply to katnatek from comment #7)
> Sorry for the noise, but why this is not compiled with widevine support like
> the cauldron's version?

It should first be tested/evaluated for cauldron but I forgot to announce the change in bug #17449 . If you tested this in cauldron, could you report the results there?
Comment 9 katnatek 2016-06-23 01:41:18 CEST
(In reply to Christiaan Welvaart from comment #8)
> It should first be tested/evaluated for cauldron but I forgot to announce
> the change in bug #17449 . If you tested this in cauldron, could you report
> the results there?

Well i can't use cauldron for space reasons and neither can't test cauldron's package in mageia 5 due to some dependencies, i did try yo build cauldron's version in my sistem but due the space restrictions don't even finish the source's unpacking.

If you can build a test package for mageia 5 i586 i will happy test and report in the bug.

Note You need to log in before you can comment on or make changes to this bug.