Bug 25580 - chromium-browser-stable security issues fixed in 77.0.3865.120
Summary: chromium-browser-stable security issues fixed in 77.0.3865.120
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-10-16 21:10 CEST by Christiaan Welvaart
Modified: 2019-10-23 23:08 CEST (History)
6 users (show)

See Also:
Source RPM: chromium-browser-stable-77.0.3865.90-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description Christiaan Welvaart 2019-10-16 21:10:34 CEST
Upstream released chromium 77.0.3865.120 on 10 october with 8 security fixes: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html

This bugs is for mageia 7. Cauldron has updated packages and as before mageia 6 does not have a C++ compiler that can build chromium.
Comment 1 Christiaan Welvaart 2019-10-16 21:13:51 CEST
Updated packages are available for testing:

MGA7
SRPM:
chromium-browser-stable-77.0.3865.120-1.mga7.src.rpm
RPMS:
chromium-browser-77.0.3865.120-1.mga7.i586.rpm
chromium-browser-stable-77.0.3865.120-1.mga7.i586.rpm
chromium-browser-77.0.3865.120-1.mga7.x86_64.rpm
chromium-browser-stable-77.0.3865.120-1.mga7.x86_64.rpm


Advisory:



Chromium-browser 77.0.3865.120 fixes security issues:

Four use-after-free bugs were found in Chromium 77.0.3865.90: one in the IndexedDB component (CVE-2019-13693), one in the WebRTC component (CVE-2019-13694), one in the audio component (CVE-2019-13695), and one in the V8 component (CVE-2019-13696). A cross-origin size leak (CVE-2019-13697) was also fixed, as well as various problems found using internal audits, fuzzing and other initiatives.



References:

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 2 Brian Rockwell 2019-10-18 00:39:06 CEST
$ uname -a
Linux localhost 5.3.6-desktop-2.mga7 #1 SMP Sun Oct 13 18:22:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux


The following 10 packages are going to be installed:

- chromium-browser-77.0.3865.120-1.mga7.x86_64
- chromium-browser-stable-77.0.3865.120-1.mga7.x86_64
- lib64jsoncpp19-1.8.4-2.mga7.x86_64
- lib64minizip1-1.2.11-7.mga7.x86_64
- lib64rpm8-4.14.2.1-12.1.mga7.x86_64
- python3-rpm-4.14.2.1-12.1.mga7.x86_64
- rpm-4.14.2.1-12.1.mga7.x86_64
- rpm-build-4.14.2.1-12.1.mga7.x86_64
- rpm-plugin-syslog-4.14.2.1-12.1.mga7.x86_64
- rpm-plugin-systemd-inhibit-4.14.2.1-12.1.mga7.x86_64

---

Did Email and watched youtube videos.  Sound, video and formatting is all working as designed.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => brtians1

Comment 3 Len Lawrence 2019-10-20 16:49:33 CEST
Mageia 7, x86_64

Installed all the packages in comment 2.  Launched the browser from the systems menu.  Visited a few sites including gmail account.  Started to synchronize with firefox bookmarks - first shut down firefox then started synch.  That brought up a red box in the top right-hand corner which reported that synchronization was not working.  Tried signing into Google but that wanted a pass-phrase - no idea what to enter but after a long search discovered something from long ago regarding synchronizing "devices" which it seemed to accept but the red box remained.  A tab appeared in the menu which opened out into a cascading menu of all the firefox bookmarks.  There does not seem to be any way to install those as a side-bar like in firefox so there is always a lot of clicking to find a particular entry (three tiers and a total of maybe 2000 bookmarks).  So, it does work, sort of.  As in firefox, the Ctrl +/- operation allows zooming.

CC: (none) => tarazed25

Comment 4 Thomas Andrews 2019-10-22 02:41:54 CEST
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-10-23 19:34:21 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-10-23 23:08:45 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0304.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.