Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 752375 (CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16008, CVE-2020-16009)

Summary: <www-client/chromium-86.0.4240.183 <www-client/google-chrome-86.0.4240.183: Multiple vulnerabilities (CVE-2020-{16004,16005,16006,16008,16009})
Product: Gentoo Security Reporter: Stephan Hartmann (RETIRED) <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal Keywords: CC-ARCHES
Version: unspecifiedFlags: nattka: sanity-check-
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
Whiteboard: A2 [glsa cve]
Package list:
www-client/chromium-86.0.4240.183
Runtime testing required: ---

Description Stephan Hartmann (RETIRED) gentoo-dev 2020-11-02 19:29:26 UTC
See ${URL}.

CVE-2020-16007: Ignored, because we don't use installer and looks Windows 
                specific.
  https://chromium-review.googlesource.com/c/chromium/src/+/2484651
CVE-2020-16011: Windows-only problem
  https://chromium-review.googlesource.com/c/chromium/src/+/2513345
Comment 1 Jouni Kosonen 2020-11-02 22:34:05 UTC
Tarball is up.

DIST chromium-86.0.4240.183.tar.xz 825615220 BLAKE2B 72cf9099de420b1cb2af8841a4f7c430ad137a81d0cecb3130549a8bb15e66b1c13d4ff462c6b9e2682f269e1efd24d77416071fe4785481dfd97cac0a740661 SHA512 25d46413a39c0181ee400bcc9cf9ba4a83b4b000c4dcee5a8d471f5ddf21b80b010e6887cf387722278144657fd5f77e8ca4002b9d4f738853473bc79c776cc1
Comment 2 Larry the Git Cow gentoo-dev 2020-11-03 17:22:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2689264e3d86e40b0bb252d97eb18e20393b361a

commit 2689264e3d86e40b0bb252d97eb18e20393b361a
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-11-03 17:21:27 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-11-03 17:21:41 +0000

    www-client/chromium: stable channel bump to 86.0.4240.183
    
    Bug: https://bugs.gentoo.org/752375
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |   1 +
 www-client/chromium/chromium-86.0.4240.183.ebuild | 892 ++++++++++++++++++++++
 2 files changed, 893 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-05 15:55:34 UTC
amd64 done
Comment 4 Stephan Hartmann (RETIRED) gentoo-dev 2020-11-06 18:07:02 UTC
arm64 done
Comment 5 Larry the Git Cow gentoo-dev 2020-11-06 18:09:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d3828e988df46b3997c07504bc18dd6e78a1777

commit 9d3828e988df46b3997c07504bc18dd6e78a1777
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-11-06 18:07:54 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-11-06 18:09:00 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/752375
    Bug: https://bugs.gentoo.org/750854
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   3 -
 .../chromium/chromium-86.0.4240.111-r1.ebuild      | 892 ---------------------
 www-client/chromium/chromium-86.0.4240.75.ebuild   | 889 --------------------
 3 files changed, 1784 deletions(-)
Comment 6 NATTkA bot gentoo-dev 2020-11-11 06:37:38 UTC
Unable to check for sanity:

> no match for package: www-client/chromium-86.0.4240.183