Google has released Chrome version 92.0.4515.107 on July 20: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html It fixes a security issue in sqlite3. Nicolas tracked down the issue, which was fixed upstream in 3.36.0: https://bugs.mageia.org/show_bug.cgi?id=28732#c30 "Regarding CVE-2021-30569 in sqlite3, I found this link: https://codereview.qt.nokia.com/c/qt/qtwebengine-chromium/+/367015 which is a backport of: https://chromium.googlesource.com/chromium/deps/sqlite.git/+/09b4d6e90623cea239af64d3ba4dd9327ce99f23 which finally refers to: https://sqlite.org/src/info/45f459d2fa4be97d "
Status comment: (none) => Fixed upstream in 3.36.0
And another one that "Nobody" maintains
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30569) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30569 https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html ======================== Updated packages in core/updates_testing: ======================== lemon-3.34.1-1.1.mga8 sqlite3-tcl-3.34.1-1.1.mga8 sqlite3-tools-3.34.1-1.1.mga8 lib(64)sqlite3_0-3.34.1-1.1.mga8 lib(64)sqlite3-devel-3.34.1-1.1.mga8 lib(64)sqlite3-static-devel-3.34.1-1.1.mga8 from SRPM: sqlite3-3.34.1-1.1.mga8.src.rpm
CVE: (none) => CVE-2021-30569Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsStatus comment: Fixed upstream in 3.36.0 => (none)CC: (none) => nicolas.salguero
MGA8-64,Mate, VM The following 9 packages are going to be installed: - cpupower-5.10.70-1.mga8.x86_64 - glibc-2.32-20.mga8.x86_64 - glibc-devel-2.32-20.mga8.x86_64 - kernel-desktop-5.10.70-1.mga8-1-1.mga8.x86_64 - kernel-desktop-latest-5.10.70-1.mga8.x86_64 - lemon-3.34.1-1.mga8.x86_64 - lib64sqlite3_0-3.34.1-1.1.mga8.x86_64 - sqlite3-tcl-3.34.1-1.1.mga8.x86_64 - sqlite3-tools-3.34.1-1.1.mga8.x86_64 75MB of additional disk space will be used. -- rebooted VM Installed Nextcloud server and configured to use sqlite - NextCloud completed initial install. - added photos, etc. to Nextcloud. All of this working as designed. I consider this a heavy hitting test of SQLite.
CC: (none) => brtians1Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0458.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED