Summary: | <www-client/chromium-59.0.3071.104: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
www-client/chromium-59.0.3071.104
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-06-16 08:12:36 UTC
On Thursday, June 9, 2017 ========================= The Stable channel has been updated to 59.0.3071.91, 59.0.3071.92 (Platform version: 9460.60.0, 9460.60.2) for all Chrome OS devices except the Google Chromebook Pixel (2015). This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over the next several days. Security Fixes: Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. $N/A] [702030] Low CVE-2017-5084: Local access to local files via dbus. Reported by Rory McNamara on 2017-03-17 On Thursday, June 15, 2017 ========================== The stable channel has been updated to 59.0.3071.104 for Windows, Mac, and Linux. This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers: [$10,500][725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22 [$4,000][729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06 [$2,000][714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski on 2017-04-21. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Added to an existing GLSA. This issue was resolved and addressed in GLSA 201706-20 at https://security.gentoo.org/glsa/201706-20 by GLSA coordinator Kristian Fiskerstrand (K_F). |