Similar to bug 381245. From the Google Security blog: An update on attempted man-in-the-middle attacks Monday, August 29, 2011 8:59 PM Posted by Heather Adkins, Information Security Manager Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates. Microsoft also has taken prompt action. To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings.
I have added versions to the tree which blacklist the DigiNotar Root CA. =www-client/chromium-13.0.782.220 =www-client/google-chrome-13.0.782.220_p99552 www-client/google-chrome has no stable keywords.
Please stabilize =www-client/chromium-13.0.782.220
amd64 ok as usual
amd64: pass
Archtested both on x86: everything fine.
+ 04 Sep 2011; Tony Vroon <chainsaw@gentoo.org> chromium-13.0.782.220.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & + Elijah "Armageddon" El Lazkani in security bug #381713 filed by Mike + "floppym" Gilbert.
x86 stable
Thanks all. Adding glsa vote request.
This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li).