Bug 747013 (CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557)

Summary:	<www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (CVE-2020-{15967,15968,15969,15970,15971,15972,15990,15991,15973,15974,15975,15976,6557,15977,15978,15979,15980,15981,15982,15983,15984,15985,15986,15987,15992,15988,15989})
Product:	Gentoo Security	Reporter:	Stephan Hartmann (RETIRED) <sultan>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	chromium
Priority:	Normal	Keywords:	CC-ARCHES
Version:	unspecified	Flags:	nattka: sanity-check-
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=738238
Whiteboard:	A2 [glsa+ cve]
Package list:	www-client/chromium-86.0.4240.75	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	750743

Description Stephan Hartmann (RETIRED) gentoo-dev

2020-10-07 07:06:25 UTC

See ${URL}.

Tarballs for chromium are not available yet.
www-client/google-chrome already bumped and marked stable.

Comment 1 Larry the Git Cow gentoo-dev

2020-10-07 19:22:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d91784e8c8467ec91abc4a59d43dfef59fac873

commit 8d91784e8c8467ec91abc4a59d43dfef59fac873
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-07 19:21:33 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-07 19:22:34 +0000

    www-client/chromium: stable channel bump to 86.0.4240.75
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-86.0.4240.68.ebuild => chromium-86.0.4240.75.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 2 NATTkA bot gentoo-dev

2020-10-07 20:16:53 UTC

Sanity check failed:

> www-client/chromium-86.0.4240.75
>   depend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
>   rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=

Comment 3 Sam James archtester

2020-10-08 02:22:59 UTC

amd64 done

Comment 4 Sam James archtester

2020-10-08 02:31:05 UTC

arm64 stable

Comment 5 Sam James archtester

2020-10-08 02:31:12 UTC

amd64 done

all arches done

Comment 6 Sam James archtester

2020-10-08 02:31:37 UTC

Please cleanup. Thanks!

Comment 7 Larry the Git Cow gentoo-dev

2020-10-08 06:21:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a72458f5dce3c9d8052f625df61efc7850064589

commit a72458f5dce3c9d8052f625df61efc7850064589
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-08 06:21:36 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-08 06:21:36 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-85.0.4183.121.ebuild  | 867 ---------------------
 .../chromium/files/chromium-84-mediaalloc.patch    |  41 -
 3 files changed, 910 deletions(-)

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2020-10-17 09:07:25 UTC

This issue was resolved and addressed in
 GLSA 202010-01 at https://security.gentoo.org/glsa/202010-01
by GLSA coordinator Sam James (sam_c).