Bug 21584 - chromium-browser-stable new security issues fixed in 60.0.3112.78
Summary: chromium-browser-stable new security issues fixed in 60.0.3112.78
Status: RESOLVED DUPLICATE of bug 20708
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-21 15:35 CEST by Nicolas Lécureuil
Modified: 2017-08-28 11:07 CEST (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-57.0.2987.133-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Lécureuil 2017-08-21 15:35:32 CEST 
+++ This bug was initially created as a clone of Bug #20708 +++

Upstream has released version 58.0.3029.81 on April 19:
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 Marja Van Waes 2017-08-21 20:55:48 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => cjw
CC: (none) => marja11

Christiaan Welvaart 2017-08-26 19:38:47 CEST

Status: NEW => ASSIGNED

Comment 2 David Walser 2017-08-28 01:28:11 CEST 
I see an update's in progress.

libwebp-tools-0.4.3-1.1.mga5
libwebp5-0.4.3-1.1.mga5
libwebpmux1-0.4.3-1.1.mga5
libwebpdemux1-0.4.3-1.1.mga5
libwebpdecoder1-0.4.3-1.1.mga5
libwebp-devel-0.4.3-1.1.mga5
chromium-browser-stable-60.0.3112.101-1.mga5
chromium-browser-60.0.3112.101-1.mga5

from SRPMS:
libwebp-0.4.3-1.1.mga5.src.rpm
chromium-browser-stable-60.0.3112.101-1.mga5.src.rpm

Summary: chromium-browser-stable new security issues fixed in 60.0.3112.101 => chromium-browser-stable new security issues fixed in 60.0.3112.78

Comment 3 Christiaan Welvaart 2017-08-28 10:19:51 CEST 
Can we merge this bug back into 20708?

Packages for mga5 are ready for testing - see previous comment.


Advisory:



Chromium-browser 60.0.3112.101 fixes security issues:

Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085, CVE-2017-5086, CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-6991)



References:
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop_9.html
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_20.html
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_26.html
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop.html
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6991

Assignee: cjw => qa-bugs

Comment 4 David Walser 2017-08-28 11:07:16 CEST 
(In reply to Christiaan Welvaart from comment #3)
> Can we merge this bug back into 20708?

Sure.  Thanks.

*** This bug has been marked as a duplicate of bug 20708 ***

Status: ASSIGNED => RESOLVED
Depends on: 20708 => (none)
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.