Bug 647636 (CVE-2018-6056)

Summary:	<www-client/chromium-64.0.3282.167: Incorrect derived class instantiation vulnerability
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	chromium
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html
Whiteboard:	B1 [glsa+ cve]
Package list:	www-client/chromium-64.0.3282.167	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	647124

Description GLSAMaker/CVETool Bot gentoo-dev

2018-02-14 17:55:21 UTC

CVE-2018-6056 (https://nvd.nist.gov/vuln/detail/CVE-2018-6056):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Mike Gilbert gentoo-dev

2018-02-14 20:09:16 UTC

Please stabilize.

Comment 2 Larry the Git Cow gentoo-dev

2018-02-16 15:45:28 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05053a3e0286c1882bdca0de8cf68ece2ee3e75e

commit 05053a3e0286c1882bdca0de8cf68ece2ee3e75e
Author:     Richard Freeman <rich0@gentoo.org>
AuthorDate: 2018-02-16 15:45:08 +0000
Commit:     Richard Freeman <rich0@gentoo.org>
CommitDate: 2018-02-16 15:45:08 +0000

    www-client/chromium: amd64 stable
    
    Bug: https://bugs.gentoo.org/647636
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 www-client/chromium/chromium-64.0.3282.167.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2018-02-19 23:22:27 UTC

This issue was resolved and addressed in
 GLSA 201802-02 at https://security.gentoo.org/glsa/201802-02
by GLSA coordinator Christopher Diaz Riveros (chrisadr).