917021 – (CVE-2023-5996) <www-client/chromium-119.0.6045.123 <www-client/google-chrome-119.0.6045.123 <www-client/microsoft-edge-119.0.2151.58: Use-after-free in WebAudio

Bug 917021 (CVE-2023-5996) - <www-client/chromium-119.0.6045.123 <www-client/google-chrome-119.0.6045.123 <www-client/microsoft-edge-119.0.2151.58: Use-after-free in WebAudio

Summary: <www-client/chromium-119.0.6045.123 <www-client/google-chrome-119.0.6045.123 ...

Status:	RESOLVED FIXED

Alias:	CVE-2023-5996

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	915465
Blocks:
	Show dependency tree

Reported:	2023-11-08 01:55 UTC by Sam James
Modified:	2024-01-31 15:45 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-11-08 01:55:14 UTC

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30

Comment 1 Sam James archtester

2023-11-08 01:55:29 UTC

Please bump to 119.0.6045.123.

Comment 2 Larry the Git Cow gentoo-dev

2023-11-13 08:03:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d2f4aa475a18a8560cf4e03f10e3434f50b8ceb

commit 8d2f4aa475a18a8560cf4e03f10e3434f50b8ceb
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-11-13 07:13:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-11-13 08:02:35 +0000

    www-client/chromium: add 119.0.6045.123
    
    Bug: https://bugs.gentoo.org/917021
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Closes: https://github.com/gentoo/gentoo/pull/33782
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-119.0.6045.123.ebuild | 1254 ++++++++++++++++++++
 2 files changed, 1255 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-31 15:39:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)