Release Notes: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html Our package is not vulnerable to the following: CVE-2011-3015 (PDF plugin) CVE-2011-3026 (we use system libpng, so this is vuln. in libpng and not chromium)
Please test things and stabilize.
(In reply to comment #1) > Please test things and stabilize. www-client/chromium-17.0.963.56 stable on amd64. Pawel, next time please use a syntax to describe what packages and what version. e.g. Please mark stable: =www-client/chromium-17.0.963.56
x86 stable, GLSA draft is ready for review
This issue was resolved and addressed in GLSA 201202-01 at http://security.gentoo.org/glsa/glsa-201202-01.xml by GLSA coordinator Tim Sammut (underling).
CVE-2011-3027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3027): Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. CVE-2011-3025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3025): Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3024): Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. CVE-2011-3023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3023): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations. CVE-2011-3022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3022): translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. CVE-2011-3021 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3021): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. CVE-2011-3020 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3020): Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. CVE-2011-3019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3019): Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. CVE-2011-3018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3018): Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. CVE-2011-3017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3017): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. CVE-2011-3016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3016): Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.