Bug 774015 (CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21163, CVE-2021-21165, CVE-2021-21166, CVE-2021-21167, CVE-2021-21168, CVE-2021-21169, CVE-2021-21170, CVE-2021-21171, CVE-2021-21172, CVE-2021-21173, CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21177, CVE-2021-21178, CVE-2021-21179, CVE-2021-21180, CVE-2021-21181, CVE-2021-21182, CVE-2021-21183, CVE-2021-21184, CVE-2021-21185, CVE-2021-21186, CVE-2021-21187, CVE-2021-21188, CVE-2021-21189, CVE-2021-21190)

Summary:	<www-client/chromium-89.0.4389.72 <www-client/google-chrome-89.0.4389.72: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Stephan Hartmann (RETIRED) <sultan>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	chromium
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=787950
Whiteboard:	A2 [glsa+ cve]
Package list:		Runtime testing required:	---
Bug Depends on:	718918
Bug Blocks:

Description Stephan Hartmann (RETIRED) gentoo-dev

2021-03-02 21:26:11 UTC

See ${URL}.

CVE-2021-21158 and CVE-2021-21164 look unrelated, because those affect iOS only.

Comment 1 Stephan Hartmann (RETIRED) gentoo-dev

2021-03-02 21:27:08 UTC

Depending on bug 718918 for CVE-2020-27844.

Comment 2 Larry the Git Cow gentoo-dev

2021-03-03 11:31:25 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57938c1ba604be3e9bd64decd711a48c828a2320

commit 57938c1ba604be3e9bd64decd711a48c828a2320
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-03-03 11:30:40 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-03-03 11:31:19 +0000

    www-client/chromium: stable channel bump to 89.0.4389.72
    
    Bug: https://bugs.gentoo.org/774015
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                          | 4 ++--
 .../{chromium-89.0.4389.69.ebuild => chromium-89.0.4389.72.ebuild}    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comment 3 John Helmert III archtester

2021-03-05 05:31:15 UTC

Thank you! Please stabilize when ready.

Comment 4 Stephan Hartmann (RETIRED) gentoo-dev

2021-03-05 21:31:02 UTC

arm64 done

Comment 5 Stephan Hartmann (RETIRED) gentoo-dev

2021-03-05 21:32:26 UTC

amd64 done

Comment 6 Larry the Git Cow gentoo-dev

2021-03-05 21:34:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44986e6f7775e58438fb2a543a6d2ac081df45b0

commit 44986e6f7775e58438fb2a543a6d2ac081df45b0
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-03-05 21:34:26 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-03-05 21:34:26 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/774015
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-88.0.4324.182.ebuild  | 901 ---------------------
 .../files/chromium-87-webcodecs-deps.patch         |  27 -
 .../chromium/files/chromium-88-ozone-deps.patch    |  40 -
 4 files changed, 970 deletions(-)

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2021-03-06 21:43:41 UTC

dropping amd64@ assuming there is nothing to do for them.

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2021-04-30 22:58:43 UTC

Added to an existing GLSA request.

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2021-05-01 00:02:22 UTC

This issue was resolved and addressed in
 GLSA 202104-08 at https://security.gentoo.org/glsa/202104-08
by GLSA coordinator Thomas Deutschmann (whissi).