Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635556 (CVE-2017-15396) - <www-client/chromium-62.0.3202.75: multiple vulnerabilities
Summary: <www-client/chromium-62.0.3202.75: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-15396
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-27 06:54 UTC by Agostino Sarubbo
Modified: 2017-11-10 16:04 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-62.0.3202.75
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-10-27 06:54:03 UTC
From ${URL} :

The stable channel has been updated to 62.0.3202.75 for Windows, Mac and Linux which will roll out over the coming days/weeks. 
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other 
projects similarly depend on, but haven’t yet fixed.
 This update includes 1 security fix contributed by an external researcher, detailed below. Please see the Chrome Security Page for more information.
 [$3000][770452] High CVE-2017-15396: Stack overflow in V8. Reported by Yu Zhou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) on 2017-09-30
 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
 A list of changes is available in the log. Interested in switching release channels? Find out how.  If you find a new issue, please let us know by filing a bug.  The community help forum is also a 
great place to reach out for help or learn about common issues.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-10-29 15:55:44 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-11-10 16:04:53 UTC
This issue was resolved and addressed in
 GLSA 201711-02 at https://security.gentoo.org/glsa/201711-02
by GLSA coordinator Aaron Bauman (b-man).