Summary: | <www-client/google-chrome-74.0.3729.108: Multiple Vulnerabilities (CVE-2019-{5805, 5806, 5807, 5808, 5809, 5810, 5811, 5812, 5813, 5814, 5815, 5816, 5817, 5818, 5819, 5820, 5821, 5822, 5823}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ulenrich <ulenrich> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=684272 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Ulenrich
2019-04-24 09:10:29 UTC
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ba620a6298bf6925991a7bf131387831cfb7e2b commit 8ba620a6298bf6925991a7bf131387831cfb7e2b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2019-04-24 14:48:52 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-04-24 14:49:54 +0000 www-client/google-chrome: automated update (74.0.3729.108) Closes: https://bugs.gentoo.org/684238 Package-Manager: Portage-2.3.62_p4, Repoman-2.3.12_p87 Signed-off-by: Mike Gilbert <floppym@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...e-chrome-73.0.3683.103.ebuild => google-chrome-74.0.3729.108.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) jer, please do not close security bugs. Thank you! (In reply to Yury German from comment #2) > jer, please do not close security bugs. Thank you! My apologies... it was not you. [$3000][913320] High CVE-2019-5805: Use after free in PDFium. Reported by Anonymous on 2018-12-10 [$3000][943087] High CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-18 [$3000][945644] High CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud of Leviathan Security Group. on 2019-03-26 [$3000][947029] High CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer on 2019-03-28 [$N/A][941008] High CVE-2019-5809: Use after free in Blink. Reported by Mark Brand of Google Project Zero on 2019-03-12 [$2000+$1,337][916838] Medium CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery on 2018-12-20 [$2000][771815] Medium CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04 [$2000][925598] Medium CVE-2019-5812: URL spoof in Omnibox on iOS. Reported by Khalil Zhani on 2019-01-26 [$2000][942699] Medium CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic of Cisco Talos on 2019-03-15 [$1000][930057] Medium CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 on 2019-02-08 [$1000][930663] Medium CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire, Agarri on 2019-02-11 [$1000][940245] Medium CVE-2019-5816: Exploit persistence extension on Android. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2019-03-10 [$1000][943709] Medium CVE-2019-5817: Heap buffer overflow in Angle on Windows. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-19 [$500][929962] Medium CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru on 2019-02-08 [$N/A][919356] Medium CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin on 2019-01-06 [$N/A][919635] Medium CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07 [$N/A][919640] Medium CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07 [$500][926105] Low CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-01-29 [$500][930154] Low CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg on 2019-02-08 ______________________________ New GLSA Opened. (In reply to Ulenrich from comment #0) Thanks, but in the future, please do not file version bump bugs for google-chrome. They are not useful. (In reply to Mike Gilbert from comment #5) > (In reply to Ulenrich from comment #0) > > Thanks, but in the future, please do not file version bump bugs for > google-chrome. They are not useful. @Mike, for me pernonally it is just a simple renaming version bump. Since I know it might probalby effect www-client/chromium AND it had such a bunch of security issues related, I bugged it for the sake of other Gentoo users. Should I name it then in future: www-client/chromium-xxx version bump please even if I don't know nothing about chromium? Or just nothing? This issue was resolved and addressed in GLSA 201908-18 at https://security.gentoo.org/glsa/201908-18 by GLSA coordinator Aaron Bauman (b-man). Restricting spam comment. |