This package provide a new version of chromium-browser-stable fixing a lot of CVE. The needed tests are just to test that all still works OK. This package obsolete chromium-browser-unstable and chromium-browser-beta as asked on dev ML. - new upstream release 14.0.835.163 (101024) - security fixes: * [49377] High CVE-2011-2835: Race condition in the certificate cache * [57908] Low CVE-2011-2837: Use PIC / pie compiler flags * [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins * [76771] High CVE-2011-2839: Crash in v8 script object wrappers * [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction * [78639] High CVE-2011-2841: Garbage collection error in PDF * [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers * [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files * [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event handling * [$1000] [89330] High CVE-2011-2847: Use-after-free in document loader * [89564] Medium CVE-2011-2848: URL bar spoof with forward button * [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets * [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling * [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters * [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling * [91120] High CVE-2011-2852: Off-by-one in v8 * [91197] High CVE-2011-2853: Use-after-free in plug-in handling * [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing * [92959] High CVE-2011-2855: Stale node in stylesheet handling * [93416] High CVE-2011-2856: Cross-origin bypass in v8 * [93420] High CVE-2011-2857: Use-after-free in focus controller * [93472] High CVE-2011-2834: Double free in libxml XPath handling * [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages * [93587] High CVE-2011-2860: Use-after-free in table style handling * [93596] Medium CVE-2011-2861: Bad string read in PDF * [93906] High CVE-2011-2862: Unintended access to v8 built-in objects * [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters * [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays * [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session * [95920] High CVE-2011-2875: Type confusion in v8 object sealing - detailed changelog at http://goo.gl/6B1kT
CC: (none) => mailinglistsduraph
Tested on x86_64. Obsoleting seems to work. Flash works, JS tests too, no regressions noticed.
CC: (none) => sander.lepikHardware: i586 => All
i586: There are no exploits for the CVE's, they are just listed as Multiple Vulnerabilities. Https OK, Java OK, Spellchecking OK, Flash OK, Import from firefox OK, Printing OK No problems to report.
CC: (none) => eeeemail
seems OK to validate. any more testers ?
I've been testing on i586 as well. Everything looks ok. Can someone from the sysadmin team push the srpm chromium-browser-stable-14.0.835.163-0.2.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This update to the chromium-browser-stable web browser includes a number of bug fixes, as well security fixes. For details see http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html https://bugs.mageia.org/show_bug.cgi?id=2764
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
update pushed.
Status: NEW => RESOLVEDResolution: (none) => FIXED