Summary: | <www-client/chromium-9.0.597.84: multiple vulnerabilities (CVE-2011-{0777,0778,0779,0781,0783,0784}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 353633, 353642 | ||
Bug Blocks: |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-02-03 17:23:39 UTC
also pulled in: =dev-util/chromium-tools-0.1.5 and =dev-python/pysvn-1.7.4 @chromium: we proceed right? @python: you have problem to stabilize this package? (In reply to comment #1) > also pulled in: > =dev-util/chromium-tools-0.1.5 Please use chromium-tools-0.1.6 as indicated in the initial report. (In reply to comment #1) > =dev-python/pysvn-1.7.4 > > @python: you have problem to stabilize this package? Please request stabilization in a separate bug. amd64 ok I've bumped chromium-bin, now we only need to stabilize/keyword chromium. ok also on my x86 hardened stable x86/amd64, thanks Ago, with ok from hwoarang for amd64 05 Feb 2011; Markus Meier <maekke@gentoo.org> chromium-9.0.597.84.ebuild: add ~arm, bug #350648 Thanks, everyone. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-0784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0784): Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio. CVE-2011-0783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0783): Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." CVE-2011-0781 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0781): Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors. CVE-2011-0779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0779): Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. CVE-2011-0778 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0778): Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2011-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0777): Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading. |