Bug 25467 - chromium-browser-stable security issues fixed in 77.0.3865.90
Summary: chromium-browser-stable security issues fixed in 77.0.3865.90
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK MGA7-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-09-23 22:15 CEST by Christiaan Welvaart
Modified: 2019-09-27 21:39 CEST (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-77.0.3865.75-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description Christiaan Welvaart 2019-09-23 22:15:11 CEST
Upstream released chromium 77.0.3865.90 September 18, 2019 with 4 security fixes (some 8 days after 77.0.3865.75):
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html

This bug is for mga7. Cauldron and mga6 are also affected, but:
  - cauldron needs a newer icu package (version 64)
  - mga6 does not have a C++ compiler that can build chromium - maybe chromium 78 can be built with a gcc8 package I prepared earlier; I use clang to build M77 in mga7 and cauldron.
Comment 1 Christiaan Welvaart 2019-09-23 22:37:04 CEST
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-77.0.3865.90-1.mga7.src.rpm
RPMS:
chromium-browser-77.0.3865.90-1.mga7.i586.rpm
chromium-browser-stable-77.0.3865.90-1.mga7.i586.rpm
chromium-browser-77.0.3865.90-1.mga7.x86_64.rpm
chromium-browser-stable-77.0.3865.90-1.mga7.x86_64.rpm


Advisory:


Chromium-browser 77.0.3865.90 fixes security issues:

Four use-after-free bugs were found in Chromium 77.0.3865.75: one in the UI component (CVE-2019-13685), two in the media component (CVE-2019-13688, CVE-2019-13687), and one in the offline pages component (CVE-2019-13686).



References:

https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688

CC: (none) => cjw
Status: NEW => ASSIGNED
Assignee: cjw => qa-bugs

Comment 2 Herman Viaene 2019-09-24 14:45:33 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Browsed around, cann't find anything wrong wth it.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 James Kerr 2019-09-24 16:26:04 CEST
on mga7-32  in a vbox VM

packages installed cleanly:
- chromium-browser-77.0.3865.90-1.mga7.i586
- chromium-browser-stable-77.0.3865.90-1.mga7.i586

no regressions seen

OK for mga7-32

CC: (none) => jim
Whiteboard: MGA7-64-OK => MGA7-64-OK MGA7-32-OK

Comment 4 James Kerr 2019-09-24 16:29:15 CEST
Update is now validated

Advisory in comment 1

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2019-09-27 20:44:58 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 5 Mageia Robot 2019-09-27 21:39:27 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0289.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.