Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626382 - <www-client/chromium-60.0.3112.78: multiple vulnerabilites
Summary: <www-client/chromium-60.0.3112.78: multiple vulnerabilites
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on: 604420
Blocks: CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
  Show dependency tree
 
Reported: 2017-07-27 20:19 UTC by Mike Gilbert
Modified: 2017-09-24 15:36 UTC (History)
2 users (show)

See Also:
Package list:
www-client/chromium-60.0.3112.78
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2017-07-27 20:19:18 UTC 
+++ This bug was initially created as a clone of Bug #626290 +++

From URL:

Chrome 60.0.3112.78 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 60.
Comment 1 Stabilization helper bot gentoo-dev 2017-07-27 21:00:50 UTC 
An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/openh264-1.6.0:=']
> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/openh264-1.6.0:=']
> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/openh264-1.6.0:=']
Comment 2 Stabilization helper bot gentoo-dev 2017-07-27 22:01:06 UTC 
An automated check of this bug failed - repoman reported dependency errors (41 lines truncated): 

> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/openh264-1.6.0:=']
> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/openh264-1.6.0:=']
> dependency.bad www-client/chromium/chromium-60.0.3112.78.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/openh264-1.6.0:=']
Comment 3 Agostino Sarubbo gentoo-dev 2017-07-29 21:24:20 UTC 
amd64 stable
Comment 4 Mike Gilbert gentoo-dev 2017-08-25 19:32:58 UTC 
We have dropped the vulnerable versions, and the x86 stable keyword along with them.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0800f8979f71b727e0604bee486ed5d065379f5b

commit 0800f8979f71b727e0604bee486ed5d065379f5b
Author: Pawel Hajdan, Jr <phajdan.jr@gentoo.org>
Date:   Wed Aug 23 21:12:07 2017 +0200

    www-client/chromium: remove old

    This drops stable x86 keywords. The security bug #626382
    has not been handled for ~3 weeks.

    Package-Manager: Portage-2.3.6, Repoman-2.3.1

 www-client/chromium/Manifest                      |   2 -
 www-client/chromium/chromium-59.0.3071.104.ebuild | 629 ---------------------
 www-client/chromium/chromium-60.0.3112.40.ebuild  | 649 ----------------------
 www-client/chromium/metadata.xml                  |   2 -
 4 files changed, 1282 deletions(-)
Comment 5 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-17 21:46:30 UTC 
GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-09-24 15:36:08 UTC 
This issue was resolved and addressed in
 GLSA 201709-15 at https://security.gentoo.org/glsa/201709-15
by GLSA coordinator Aaron Bauman (b-man).