Upstream has released version 55.0.2883.75 on December 1: https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
URL: (none) => https://lwn.net/Vulnerabilities/708137/
Status: NEW => ASSIGNED
A new (bugfix) version was released just now: 55.0.2883.87. I'll use that version instead. https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop_9.html
Updated packages are available for testing: MGA5 SRPM: chromium-browser-stable-55.0.2883.87-1.1.mga5.src.rpm RPMS: chromium-browser-stable-55.0.2883.87-1.1.mga5.i586.rpm chromium-browser-55.0.2883.87-1.1.mga5.i586.rpm chromium-browser-stable-55.0.2883.87-1.1.mga5.x86_64.rpm chromium-browser-55.0.2883.87-1.1.mga5.x86_64.rpm Advisory: Chromium-browser 55.0.2883.87 fixes security issues: Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652) References: https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop_9.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5215 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5217 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5218 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5222 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9652
CC: (none) => cjwAssignee: cjw => qa-bugs
Christiaan, there shouldn't have been a subrel on this package. Now it has a higher release tag than Cauldron.
Subrel removed in SVN, putting feedback pending sysadmins removing this build so it can be re-submitted with the subrel.
CC: (none) => sysadmin-bugsWhiteboard: (none) => feedback
Rebuilding now without the subrel. MGA5 SRPM: chromium-browser-stable-55.0.2883.87-1.mga5.src.rpm RPMS: chromium-browser-stable-55.0.2883.87-1.mga5.i586.rpm chromium-browser-55.0.2883.87-1.mga5.i586.rpm chromium-browser-stable-55.0.2883.87-1.mga5.x86_64.rpm chromium-browser-55.0.2883.87-1.mga5.x86_64.rpm
CC: sysadmin-bugs => (none)Whiteboard: feedback => (none)
MGA5-64 & MGA5-32 real hardware and virtualbox machines. Packages installed : 32 bit : chromium-browser-stable-54.0.2840.100-1.1.mga5.i586.rpm chromium-browser-54.0.2840.100-1.1.mga5.i586.rpm 64 bit : chromium-browser-stable-54.0.2840.100-1.1.mga5.x86_64.rpm chromium-browser-54.0.2840.100-1.1.mga5.x86_64.rpm both arch are working fine, here's my procedure : Launch the application Try some menus and modify options (home page, bookmarks ...) play some video from website Do a HTML5 and performance test to check if there is a regression. Install some extensions (adblock, gmail notifier ...) Packages updated : 32 bit : chromium-browser-stable-55.0.2883.87-1.mga5.i586.rpm chromium-browser-55.0.2883.87-1.mga5.i586.rpm 64 bit : chromium-browser-stable-55.0.2883.87-1.mga5.x86_64.rpm chromium-browser-55.0.2883.87-1.mga5.x86_64.rpm Everything is working fine, I even get better results to the perofrmance tests (a few points but still...) It's ok for me on 32 & 64 bits. Someone else should test it so we can OK the update.
CC: (none) => youpburden
On mga5-32 Packages updated: rpm -qa | grep chromium chromium-browser-stable-55.0.2883.87-1.mga5 Everything working fine OK for mga5-32
CC: (none) => jimWhiteboard: (none) => MGA5-32-OK
On mga5-64 Packages updated: rpm -qa | grep chromium chromium-browser-stable-55.0.2883.87-1.mga5 chromium-browser-55.0.2883.87-1.mga5 Everything working fine OK for mga5-64
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
This is now validated. The advisory needs to be uploaded to SVN. The packages can then be pushed to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0419.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED