Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 689944 (CVE-2019-5847, CVE-2019-5848)

Summary: <www-client/chromium-75.0.3770.142: multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop.html
See Also: https://github.com/gentoo/gentoo/pull/12456
https://github.com/gentoo/gentoo/pull/12460
Whiteboard: A3 [glsa+ cve]
Package list:
www-client/chromium-75.0.3770.142
Runtime testing required: ---

Description Stephan Hartmann gentoo-dev 2019-07-16 06:19:57 UTC
See ${URL}

I try to prepare a PR today.

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2019-07-16 15:07:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aaf9c1bfd391a6e7bb3ddd2d43b5a94c445873c

commit 5aaf9c1bfd391a6e7bb3ddd2d43b5a94c445873c
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2019-07-16 12:40:39 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-07-16 15:07:02 +0000

    www-client/chromium: stable channel bump to 75.0.3770.142
    
    Bug: https://bugs.gentoo.org/689944
    Closes: https://github.com/gentoo/gentoo/pull/12456
    Package-Manager: Portage-2.3.66, Repoman-2.3.11
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-75.0.3770.100-r1.ebuild => chromium-75.0.3770.142.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-07-17 10:20:53 UTC
amd64 stable
Comment 3 Larry the Git Cow gentoo-dev 2019-07-17 14:39:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b0860b09b2c5c83f52b4308e389521706ec0c19

commit 7b0860b09b2c5c83f52b4308e389521706ec0c19
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2019-07-17 10:45:21 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-07-17 14:39:16 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/689944
    Closes: https://github.com/gentoo/gentoo/pull/12460
    Package-Manager: Portage-2.3.66, Repoman-2.3.11
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                     |   1 -
 www-client/chromium/chromium-75.0.3770.90.ebuild | 706 -----------------------
 www-client/chromium/files/chromium-75-lss.patch  |  63 --
 3 files changed, 770 deletions(-)
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2019-08-15 16:03:40 UTC
This issue was resolved and addressed in
 GLSA 201908-18 at https://security.gentoo.org/glsa/201908-18
by GLSA coordinator Aaron Bauman (b-man).