Release notes: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Arches, please stabilize =www-client/chromium-14.0.835.163 Mike (floppym), please handle www-client/google-chrome transition to stable channel (I guess we're not stabilizing it in Gentoo sense yet).
+*google-chrome-14.0.835.163_p101024 (16 Sep 2011) + + 16 Sep 2011; Mike Gilbert <floppym@gentoo.org> + -google-chrome-13.0.782.220_p99552.ebuild, + +google-chrome-14.0.835.163_p101024.ebuild: + Stable channel version bump. + Google Chrome 14.x has been in the tree for just under 3 weeks (28 Aug 2011) with only a couple minor bugs. If the amd64 and x86 teams don't mind, can we push it stable now? =google-chrome-14.0.835.163_p101024
Just a personal opinion about it. I see that chromium-14 supports USE bindist, so have in tree packages like google-chrome is only more work for us and for you. So we can use as time ago, chromium-bin.
(In reply to comment #3) I have no plans to resurrect chromium-bin; maintaining that is a lot more work than fetching Google's binaries. It also does not include the PDF viewer and customized Flash implementation.
chromium ok as usual on amd64
(In reply to comment #4) > I have no plans to resurrect chromium-bin; maintaining that is a lot more work > than fetching Google's binaries. Yup. The problem with chromium-bin was never bindist. It's just a hassle to maintain. Google Chrome is not affected by many of those issues because it uses many more bundled libraries and dlopen.
both done on amd64. Thanks Agostino
Ok, x86 done, both. Now we'll have a bi-weekly round of two google browser stabilizations *sigh* Something strange happened: My local CVS tree had no www-client/google-chrome directory. No cvs up would convice it to fetch one. I had to do a fresh clone to get it. Weird. Any ideas what can cause this? (e-mail me, please)
sorry.
I have reverted stable keywords on google-chrome due to unfetchable distfiles. Going forward, I think we will leave google-chrome in ~arch and come up with another way to differentiate the release channels.
CVE-2011-2874 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2874): Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. CVE-2011-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2864): Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2862): Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors. CVE-2011-2861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2861): Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation. CVE-2011-2860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2860): Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. CVE-2011-2859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2859): Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. CVE-2011-2858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2858): Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2857): Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. CVE-2011-2856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2856): Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2011-2855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2855): Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." CVE-2011-2854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2854): Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." CVE-2011-2853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2853): Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. CVE-2011-2852 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2852): Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-2851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2851): Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2850 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2850): Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2849): The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. CVE-2011-2848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2848): Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. CVE-2011-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2847): Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. CVE-2011-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2846): Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. CVE-2011-2844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2844): Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2843): Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-2841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2841): Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. CVE-2011-2840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2840): Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." CVE-2011-2839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2839): The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-2838 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2838): Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. CVE-2011-2837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2837): Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. CVE-2011-2835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2835): Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache. CVE-2011-2834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834): Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2011-3234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3234): Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Thanks, everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li).
CVE-2011-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2830): Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
