OpenSuSE has issued an advisory today (July 3): http://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html It is primarily an update for Chromium, but it also updates the v8 package to a much newer version than ours. It is unclear if there are security issues fixed between our version and the one they updated to.
CC: (none) => dmorganec
CC: (none) => shikamaru
Whiteboard: (none) => MGA2TOO, MGA1TOO
D Morgan has fixed this in Cauldron. He has also built chromium for Mageia 2. Still pending is v8. Also still pending are updates for Mageia 1. Packages built so far: chromium-browser-stable-20.0.1132.47-0.1.mga2.i586.rpm chromium-browser-20.0.1132.47-0.1.mga2.i586.rpm from chromium-browser-stable-20.0.1132.47-0.1.mga2.src.rpm
Version: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
v8 is now built. Mageia 1 is pending. Packages built so far: v8-3.12.7-0.1.mga2.i586.rpm v8-devel-3.12.7-0.1.mga2.i586.rpm chromium-browser-stable-20.0.1132.47-0.1.mga2.i586.rpm chromium-browser-20.0.1132.47-0.1.mga2.i586.rpm from SRPMS: v8-3.12.7-0.1.mga2.src.rpm chromium-browser-stable-20.0.1132.47-0.1.mga2.src.rpm
v8 for Mageia 1 is now built. Chromium for Mageia 1 is the last piece needed. Packages built so far for Mageia 1: v8-3.12.7-0.1.mga1.i586.rpm v8-devel-3.12.7-0.1.mga1.i586.rpm from v8-3.12.7-0.1.mga1.src.rpm
Just an FYI when you get this to build, Mandriva has updated this in MDV 2010.2, and here is there package version: chromium-browser-stable-20.0.1132.47-2mdv2010.2 So we should increase the release tag to 2. This may require a rebuild anyway, as a user on IRC (lemonzest) was saying the current build (mga2 updates_testing) has a problem with its icons.
new package pushed to fix the "icons" issue
Testing on Mageia 2 64-bits. No more "icons" problem. However, chromium seems to rather slow to start. I tried to delete ~/.config/chromium but it is the same. Maybe it is a local problem but if there are other people who have this problem, we should check.
CC: (none) => olivier.delaune
I forgot, I tested chromium-browser-stable-20.0.1132.47-2.1.mga2
Thanks D Morgan. Current package list for Mageia 2: v8-3.12.7-0.1.mga2.i586.rpm v8-devel-3.12.7-0.1.mga2.i586.rpm chromium-browser-stable-20.0.1132.47-2.1.mga2.i586.rpm chromium-browser-20.0.1132.47-2.1.mga2.i586.rpm from SRPMS: v8-3.12.7-0.1.mga2.src.rpm chromium-browser-stable-20.0.1132.47-2.1.mga2.src.rpm
chromium-browser-stable-20.0.1132.57-0.1.mga2 is now in Mageia 2 updates_testing. Note that the version in Mandriva 2010.2 is now higher again: chromium-browser-stable-20.0.1132.57-1mdv2010.2
chromium-browser-stable for Mageia 1 is finishing up on the build system now, but it looks like it's gonna build, so that gives us the full set of packages. Now all we need is an advisory. Then we can send to QA. Thanks D Morgan :o) Updated packages in core/updates_testing: ======================== v8-3.12.7-0.1.mga1.i586.rpm v8-devel-3.12.7-0.1.mga1.i586.rpm chromium-browser-stable-20.0.1132.57-2.1.mga1.i586.rpm chromium-browser-20.0.1132.57-2.1.mga1.i586.rpm v8-3.12.7-0.1.mga2.i586.rpm v8-devel-3.12.7-0.1.mga2.i586.rpm chromium-browser-stable-20.0.1132.57-2.1.mga2.i586.rpm chromium-browser-20.0.1132.57-2.1.mga2.i586.rpm from SRPMS: v8-3.12.7-0.1.mga1.src.rpm chromium-browser-stable-20.0.1132.57-2.1.mga1.src.rpm v8-3.12.7-0.1.mga2.src.rpm chromium-browser-stable-20.0.1132.57-2.1.mga2.src.rpm
We provide a new version of chromium, fixing all those issues : [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh). [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken âgetsâ Russell of the Chromium development community. [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. [122925] Medium CVE-2012-2821: Autofill display problem. Credit to âsimonbrown60â. [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind). [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan). [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team and Google Chrome Security Team (Chris Evans). [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting. [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team. [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team. [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla.
Thanks D Morgan. Assigning to QA. Advisory in Comment 11, list of packages in Comment 10.
Assignee: bugsquad => qa-bugs
Blocks: (none) => 5966
I don't know how to test v8, but chromium is ok on mga1 x86_64
Hardware: i586 => AllBlocks: 5966 => (none)Summary: v8 package is old and possibly missing security updates => v8 package is old and possibly missing security updates (and chromium-browser update) [mga1 & 2]
v8 is the javascript engine, you can test it with google's own v8 performance tester here: http://v8.googlecode.com/svn/data/benchmarks/v7/run.html
Testing complete Mageia 2 x86_64 Tested java, flash, v8, spellcheck, general browser stuff.
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK
ok, thanks, so v8 is ok too on mga1/64
Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK mga1-64-OK
Testing chromium-browser complete Mageia 2 i586 Seems chromium can run the v8 test with or without v8 installed so that is not a good test for the separate v8 package. It does install d8 in /usr/bin/ which appears to be a javascript shell. Testing with a few examples from here.. http://www.sandeepdatta.com/2011/10/using-v8-javascript-shell-d8.html $ d8 V8 version 3.12.7 [console: dumb] d8> print("Hello", "world", 5, 3.14, [1,2], {"a":5}) Hello world 5 3.14 1,2 [object Object] d8> var s = read("LICENSE") (d8):1: Error loading file var s = read("LICENSE") ^ d8> os.system("pwd") (d8):1: ReferenceError: os is not defined os.system("pwd") ^ ReferenceError: os is not defined at (d8):1:1 d8> Not sure if this means there is something wrong with v8?
Whiteboard: MGA1TOO mga2-64-OK mga1-64-OK => MGA1TOO mga2-64-OK mga1-64-OK mga2-32-OK
The following packages will require linking: libflac8-1.2.1-10.mga1 (Core Release (distrib1))
CC: (none) => davidwhodginsDepends on: (none) => 2317
$ d8 V8 version 3.12.7 [console: dumb] d8> x = 10 10 d8> x 10 d8> quit() Testing of v8 on i586 complete.
Testing complete on Mageia 1 i586. Could someone from the sysadmin team push the srpms v8-3.12.7-0.1.mga2.src.rpm chromium-browser-stable-20.0.1132.57-2.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpms v8-3.12.7-0.1.mga1.src.rpm chromium-browser-stable-20.0.1132.57-2.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core updates and link the rpm package libflac8 from Core Release to Core Updates in both Mageia 1 and 2. Advisory: This security update to the chromium-browser and the v8 standalone javascript processor corrects the following security issues. [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh). [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken âgetsâ Russell of the Chromium development community. [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. [122925] Medium CVE-2012-2821: Autofill display problem. Credit to âsimonbrown60â. [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind). [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan). [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team and Google Chrome Security Team (Chris Evans). [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting. [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team. [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team. [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. https://bugs.mageia.org/show_bug.cgi?id=6679
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO mga2-64-OK mga1-64-OK mga2-32-OK => MGA1TOO mga2-64-OK mga1-64-OK mga2-32-OK MGA1-32-OK
Packages linked and update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0177
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED