3734 – chromium browser Security update

Bug 3734 - chromium browser Security update

Summary: chromium browser Security update

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	1
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2011-12-14 01:33 CET by D Morgan
Modified:	2011-12-14 17:30 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	chromium-browser-stable
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description D Morgan 2011-12-14 01:33:13 CET

A new version of chromium-browser-stable just landed on update_testing

Advisory: 

- new upstream release 16.0.912.63 (113337)
- security fixes
 * [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
 * [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml.
 * [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
 * [99016] High CVE-2011-3907: URL bar spoofing with view-source.
 * [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
 * [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
   property array.
 * [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
   handling.
 * [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
 * [102359] High CVE-2011-3912: Use-after-free in SVG filters.
 * [103921] High CVE-2011-3913: Use-after-free in Range handling.
 * [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
 * [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
 * [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references.
 * [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
 * [107258] High CVE-2011-3904: Use-after-free in bidi handling.

Comment 1 Dave Hodgins 2011-12-14 06:02:50 CET

Testing complete on i586 for the srpm
chromium-browser-stable-16.0.912.63-0.1.mga1.src.rpm

No poc, so just standard browser tests (flash, java, general
browsing).

CC: (none) => davidwhodgins

Comment 2 Olivier Delaune 2011-12-14 09:28:52 CET

Testing on 64-bits
No problem detected

CC: (none) => olivier.delaune

Comment 3 claire robinson 2011-12-14 13:15:21 CET

Thankyou Olivier.

Validating the update.

Advisory: 

- new upstream release 16.0.912.63 (113337)
- security fixes
 * [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
 * [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml.
 * [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
 * [99016] High CVE-2011-3907: URL bar spoofing with view-source.
 * [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
 * [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
   property array.
 * [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
   handling.
 * [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
 * [102359] High CVE-2011-3912: Use-after-free in SVG filters.
 * [103921] High CVE-2011-3913: Use-after-free in Range handling.
 * [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
 * [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
 * [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references.
 * [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
 * [107258] High CVE-2011-3904: Use-after-free in bidi handling.



SRPM: chromium-browser-stable-16.0.912.63-0.1.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All

Comment 4 Thomas Backlund 2011-12-14 17:30:34 CET

Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.