917357 – (CVE-2023-5997, CVE-2023-6112) <www-client/chromium-119.0.6045.159 <www-client/google-chrome-119.0.6045.159 <www-client/microsoft-edge-119.0.2151.72: Multiple vulnerabilities

Bug 917357 (CVE-2023-5997, CVE-2023-6112) - <www-client/chromium-119.0.6045.159 <www-client/google-chrome-119.0.6045.159 <www-client/microsoft-edge-119.0.2151.72: Multiple vulnerabilities

Summary: <www-client/chromium-119.0.6045.159 <www-client/google-chrome-119.0.6045.159 ...

Status:	RESOLVED FIXED

Alias:	CVE-2023-5997, CVE-2023-6112

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+]
Keywords:	PullRequest

Depends on:	915465 922189
Blocks:
	Show dependency tree

Reported:	2023-11-15 04:17 UTC by Sam James
Modified:	2024-01-31 15:45 UTC (History)
CC List:	4 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/33866
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-11-15 04:17:40 UTC

[$10000][1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31

[N/A][1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04

Comment 1 Sam James archtester

2023-11-15 04:17:52 UTC

Please bump to 119.0.6045.159.

Comment 2 Larry the Git Cow gentoo-dev

2023-11-17 11:13:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58d0e005aa8e8b8ec49bfb1c447c735ddc99df9e

commit 58d0e005aa8e8b8ec49bfb1c447c735ddc99df9e
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-11-17 10:43:35 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-11-17 11:11:08 +0000

    www-client/chromium: add 119.0.6045.159
    
    Bug: https://bugs.gentoo.org/917357
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-119.0.6045.159.ebuild | 1254 ++++++++++++++++++++
 2 files changed, 1255 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-31 15:39:48 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)