| Summary: | <www-client/chromium-45.0.2454.101: multiple vulnerabilities (CVE-2015-{1303,1304}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html | ||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
chromium-45.0.2454.101 is in the tree, and may be marked stable. [530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. [531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. Arches, please test and mark stable: =www-client/chromium-45.0.2454.101 Target Keywords : "amd64 x86" Thank you! amd64 stable x86 stable New GLSA Request filed. This issue was resolved and addressed in GLSA 201603-09 at https://security.gentoo.org/glsa/201603-09 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : THURSDAY, SEPTEMBER 24, 2015 Stable Channel Update The stable channel has been updated to 45.0.2454.101 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. The following bugs from external security researchers were fixed in this release: [$TBD][530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. [$TBD][531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.