Upstream released 78.0.3904.70 and 78.0.3904.87 with several security fixes: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Updated packages are available for testing: MGA7 SRPM: chromium-browser-stable-78.0.3904.87-1.mga7.src.rpm RPMS: chromium-browser-78.0.3904.87-1.mga7.i586.rpm chromium-browser-stable-78.0.3904.87-1.mga7.i586.rpm chromium-browser-78.0.3904.87-1.mga7.x86_64.rpm chromium-browser-stable-78.0.3904.87-1.mga7.x86_64.rpm Advisory: Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2019-13699, CVE-2019-13700, CVE-2019-13701, CVE-2019-13702, CVE-2019-13703, CVE-2019-13704, CVE-2019-13705, CVE-2019-13706, CVE-2019-13707, CVE-2019-13708, CVE-2019-13709, CVE-2019-13710, CVE-2019-13711, CVE-2019-13713, CVE-2019-13714, CVE-2019-13715, CVE-2019-13716, CVE-2019-13717, CVE-2019-13718, CVE-2019-13719, CVE-2019-15903, CVE-2019-13720, CVE-2019-13721) References: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13717 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721
Assignee: cjw => qa-bugsCC: (none) => cjw
Fixing CVE-2019-15903 will require updating expat.
Keywords: (none) => feedback
Oops, I did not see that. Updated advisory: Chromium-browser 78.0.3904.87 fixes security issues: Multiple flaws were found in the way Chromium 77.0.3865.120 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2019-13699, CVE-2019-13700, CVE-2019-13701, CVE-2019-13702, CVE-2019-13703, CVE-2019-13704, CVE-2019-13705, CVE-2019-13706, CVE-2019-13707, CVE-2019-13708, CVE-2019-13709, CVE-2019-13710, CVE-2019-13711, CVE-2019-13713, CVE-2019-13714, CVE-2019-13715, CVE-2019-13716, CVE-2019-13717, CVE-2019-13718, CVE-2019-13719, CVE-2019-13720, CVE-2019-13721) References: https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13713 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13715 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13717 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721
Is there no mga bug report for expat yet?
I did not file a separate bug.
AFAICT chromium bundled expat was updated to 2.2.8, which AFAIK we should not do, so I filed a separate bug for the expat security issue: #25661 .
Keywords: feedback => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. Usual surfing operations all OK. Ref to bug25580 Comment 2: succeeded in syncing with Google device and importing exported Firefox bookmarks . OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
OK by me. Validating. Advisory information in Comments 1 and 3. The expat update is my next stop.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0320.html
Status: NEW => RESOLVEDResolution: (none) => FIXED