Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 747013 (CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557)

Summary: <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (CVE-2020-{15967,15968,15969,15970,15971,15972,15990,15991,15973,15974,15975,15976,6557,15977,15978,15979,15980,15981,15982,15983,15984,15985,15986,15987,15992,15988,15989})
Product: Gentoo Security Reporter: Stephan Hartmann <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal Keywords: CC-ARCHES
Version: unspecifiedFlags: nattka: sanity-check-
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=738238
Whiteboard: A2 [glsa+ cve]
Package list:
www-client/chromium-86.0.4240.75
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 750743    

Description Stephan Hartmann gentoo-dev 2020-10-07 07:06:25 UTC
See ${URL}.

Tarballs for chromium are not available yet.
www-client/google-chrome already bumped and marked stable.
Comment 1 Larry the Git Cow gentoo-dev 2020-10-07 19:22:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d91784e8c8467ec91abc4a59d43dfef59fac873

commit 8d91784e8c8467ec91abc4a59d43dfef59fac873
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-07 19:21:33 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-07 19:22:34 +0000

    www-client/chromium: stable channel bump to 86.0.4240.75
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-86.0.4240.68.ebuild => chromium-86.0.4240.75.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 NATTkA bot gentoo-dev 2020-10-07 20:16:53 UTC
Sanity check failed:

> www-client/chromium-86.0.4240.75
>   depend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
>   rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
Comment 3 Sam James archtester gentoo-dev Security 2020-10-08 02:22:59 UTC
amd64 done
Comment 4 Sam James archtester gentoo-dev Security 2020-10-08 02:31:05 UTC
arm64 stable
Comment 5 Sam James archtester gentoo-dev Security 2020-10-08 02:31:12 UTC
amd64 done

all arches done
Comment 6 Sam James archtester gentoo-dev Security 2020-10-08 02:31:37 UTC
Please cleanup. Thanks!
Comment 7 Larry the Git Cow gentoo-dev 2020-10-08 06:21:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a72458f5dce3c9d8052f625df61efc7850064589

commit a72458f5dce3c9d8052f625df61efc7850064589
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-08 06:21:36 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-08 06:21:36 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-85.0.4183.121.ebuild  | 867 ---------------------
 .../chromium/files/chromium-84-mediaalloc.patch    |  41 -
 3 files changed, 910 deletions(-)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-10-17 09:07:25 UTC
This issue was resolved and addressed in
 GLSA 202010-01 at https://security.gentoo.org/glsa/202010-01
by GLSA coordinator Sam James (sam_c).