The Stable channel has been updated to 123.0.6312.122 to Linux which will roll out over the coming days/weeks. This update includes 3 security fixes. [$21000][331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 [$10000][328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09 [$10000][331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47e3fb7439f6b5a83bb2d77ff95f6e15d8d5319f commit 47e3fb7439f6b5a83bb2d77ff95f6e15d8d5319f Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-04-11 00:08:11 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-04-11 09:25:41 +0000 www-client/chromium: add 123.0.6312.122 Bug: https://bugs.gentoo.org/929112 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-123.0.6312.122.ebuild | 1439 ++++++++++++++++++++ .../chromium/files/chromium-123-qt-gui-check.patch | 31 + 3 files changed, 1471 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94d3b8aa03c538227848ec22ac1e5e89714dbfba commit 94d3b8aa03c538227848ec22ac1e5e89714dbfba Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-04-11 10:09:46 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-04-11 10:12:07 +0000 www-client/google-chrome: automated update (123.0.6312.122) Bug: https://bugs.gentoo.org/929112 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...chrome-123.0.6312.105.ebuild => google-chrome-123.0.6312.122.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
Resetting whiteboard status to ebuild since we still need ebuilds for microsoft-edge and opera (or perhaps just an update on the version numbers).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887 commit 309ab763e094d02598a970a50a7f0836699fd887 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 10:13:10 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 10:13:37 +0000 [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/924450 Bug: https://bugs.gentoo.org/925161 Bug: https://bugs.gentoo.org/925666 Bug: https://bugs.gentoo.org/926230 Bug: https://bugs.gentoo.org/926869 Bug: https://bugs.gentoo.org/927312 Bug: https://bugs.gentoo.org/927928 Bug: https://bugs.gentoo.org/928462 Bug: https://bugs.gentoo.org/929112 Bug: https://bugs.gentoo.org/930124 Bug: https://bugs.gentoo.org/930647 Bug: https://bugs.gentoo.org/930994 Bug: https://bugs.gentoo.org/931548 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)
