Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 326717 - <www-client/chromium-5.0.375.99: Multiple vulnerabilities
Summary: <www-client/chromium-5.0.375.99: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-03 08:31 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2010-12-18 00:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-07-03 08:31:23 UTC
See the release notes at http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html . Some details:

[42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined). 
[42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team.
[$500] [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509.
[$500] [44424] High Memory corruption in bidi algorithm. Credit to wushi of team509.
[45164] Low Crash with invalid image. Credit to javg0x83.
[$500] [46360] High Memory corruption in CSS style rendering. Credit to wushi of team509.
[46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
[47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.

You can read more about the severity ratings at http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I suggest to rate it B2 on the Gentoo scale.

Security, this bug sort of obsoletes bug #325451. Arches, please stabilize.
Comment 1 Thomas Kahle (RETIRED) gentoo-dev 2010-07-03 11:58:00 UTC
Archtested on x86: No regressions.
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2010-07-04 08:54:15 UTC
Pacho already did the amd64 but forgot to comment here. So amd64 done
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-07-06 19:05:27 UTC
x86 stable, last one so update the whiteboard
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-07-06 21:33:16 UTC
We do not only have to change whiteboard, but also file a glsa request - which I did now.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-17 01:05:14 UTC
Chromium Herd has nothing to do here. The vulnerable versions are no longer in the tree.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2010-12-18 00:06:09 UTC
GLSA 201012-01, thanks everyone.