Summary: | <www-client/{chromium,google-chrome}-81.0.4044.113: use-after-free in speech recognizer (CVE-2020-6457) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stephan Hartmann (RETIRED) <sultan> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html | ||
See Also: |
https://github.com/gentoo/gentoo/pull/15387 https://bugs.gentoo.org/show_bug.cgi?id=718826 |
||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
www-client/chromium-81.0.4044.113
|
Runtime testing required: | --- |
Description
Stephan Hartmann (RETIRED)
2020-04-16 06:00:37 UTC
PR is for chromium, google-chrome needs bump too The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bca9b36ea529eca9b29863db59a25d3549e6bce4 commit bca9b36ea529eca9b29863db59a25d3549e6bce4 Author: Stephan Hartmann <stha09@googlemail.com> AuthorDate: 2020-04-16 12:19:06 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-04-16 19:25:28 +0000 www-client/chromium: stable channel bumps to 81.0.4044.113 Depend on >=media-libs/libvpx-1.8.2 for USE=system-vpx. Bug: https://bugs.gentoo.org/717652 Bug: https://bugs.gentoo.org/696924 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stephan Hartmann <stha09@googlemail.com> Signed-off-by: Mike Gilbert <floppym@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/15371 www-client/chromium/Manifest | 1 + www-client/chromium/chromium-81.0.4044.113.ebuild | 748 ++++++++++++++++++++++ 2 files changed, 749 insertions(+) google-chrome went straight to stable: https://github.com/gentoo/gentoo/commit/24695db0edeb755fc05d421a405cbeb0ca947798 81.0.4044.113. amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=635e5717f36c10289d2fe52793ae558b56ee4a1a commit 635e5717f36c10289d2fe52793ae558b56ee4a1a Author: Stephan Hartmann <stha09@googlemail.com> AuthorDate: 2020-04-17 16:16:18 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-04-17 19:36:48 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/717652 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stephan Hartmann <stha09@googlemail.com> Signed-off-by: Mike Gilbert <floppym@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/15387 www-client/chromium/Manifest | 1 - www-client/chromium/chromium-81.0.4044.92.ebuild | 748 ----------------------- 2 files changed, 749 deletions(-) Thanks all. Looks like chromium-81.0.4044.113 also requires libdrm >= 2.4.101 otherwise configuration fails with: Package 'dri' requires 'libdrm >= 2.4.101' but version of libdrm is 2.4.100 Could not run pkg-config. Looks like rebuilding mesa fixes the problem as found in https://bugs.gentoo.org/717322 (i"m using mesa-9999). I'm sorry for the noise.. New GLSA request filed. This issue was resolved and addressed in GLSA 202004-12 at https://security.gentoo.org/glsa/202004-12 by GLSA coordinator Thomas Deutschmann (whissi). |