Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 774015 (CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190)

Summary: <www-client/chromium-89.0.4389.72 <www-client/google-chrome-89.0.4389.72: Multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=787950
Whiteboard: A2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 718918    
Bug Blocks:    

Description Stephan Hartmann gentoo-dev 2021-03-02 21:26:11 UTC
See ${URL}.

CVE-2021-21158 and CVE-2021-21164 look unrelated, because those affect iOS only.
Comment 1 Stephan Hartmann gentoo-dev 2021-03-02 21:27:08 UTC
Depending on bug 718918 for CVE-2020-27844.
Comment 2 Larry the Git Cow gentoo-dev 2021-03-03 11:31:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57938c1ba604be3e9bd64decd711a48c828a2320

commit 57938c1ba604be3e9bd64decd711a48c828a2320
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-03-03 11:30:40 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-03-03 11:31:19 +0000

    www-client/chromium: stable channel bump to 89.0.4389.72
    
    Bug: https://bugs.gentoo.org/774015
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                          | 4 ++--
 .../{chromium-89.0.4389.69.ebuild => chromium-89.0.4389.72.ebuild}    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 3 John Helmert III gentoo-dev Security 2021-03-05 05:31:15 UTC
Thank you! Please stabilize when ready.
Comment 4 Stephan Hartmann gentoo-dev 2021-03-05 21:31:02 UTC
arm64 done
Comment 5 Stephan Hartmann gentoo-dev 2021-03-05 21:32:26 UTC
amd64 done
Comment 6 Larry the Git Cow gentoo-dev 2021-03-05 21:34:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44986e6f7775e58438fb2a543a6d2ac081df45b0

commit 44986e6f7775e58438fb2a543a6d2ac081df45b0
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-03-05 21:34:26 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-03-05 21:34:26 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/774015
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-88.0.4324.182.ebuild  | 901 ---------------------
 .../files/chromium-87-webcodecs-deps.patch         |  27 -
 .../chromium/files/chromium-88-ozone-deps.patch    |  40 -
 4 files changed, 970 deletions(-)
Comment 7 Sergei Trofimovich gentoo-dev 2021-03-06 21:43:41 UTC
dropping amd64@ assuming there is nothing to do for them.
Comment 8 Thomas Deutschmann gentoo-dev Security 2021-04-30 22:58:43 UTC
Added to an existing GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-05-01 00:02:22 UTC
This issue was resolved and addressed in
 GLSA 202104-08 at https://security.gentoo.org/glsa/202104-08
by GLSA coordinator Thomas Deutschmann (whissi).