Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 792084 (CVE-2021-30521, CVE-2021-30522, CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE-2021-30527, CVE-2021-30528, CVE-2021-30530, CVE-2021-30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30536, CVE-2021-30537, CVE-2021-30538, CVE-2021-30539, CVE-2021-30540)

Summary: <www-client/chromium-91.0.4472.77 <www-client/google-chrome-91.0.4472.77: Multiple vulnerabilities (CVE-2021-{30521,30522,30523,30524,30525,30526,30527,30528,30529,30530,30531,30532,30533,30534,30537,30538,30539,30540})
Product: Gentoo Security Reporter: Stephan Hartmann (RETIRED) <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=788112
https://bugs.gentoo.org/show_bug.cgi?id=800181
https://bugs.gentoo.org/show_bug.cgi?id=810781
Whiteboard: A2 [glsa+ cve]
Package list:
www-client/chromium-91.0.4472.77
Runtime testing required: ---

Description Stephan Hartmann (RETIRED) gentoo-dev 2021-05-25 20:25:31 UTC
See ${URL}.

Bumps done already. Need to go stable together with dev-libs/icu-69.1

CVE-2021-30535 looks related to ICU only.
CVE-2021-21212 was reported already in bug #782970
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-01 09:00:04 UTC
amd64 done
Comment 2 NATTkA bot gentoo-dev 2021-06-01 10:48:23 UTC Comment hidden (obsolete)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-01 10:49:15 UTC
arm64 done

all arches done
Comment 4 Larry the Git Cow gentoo-dev 2021-06-01 13:05:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2938c46398bfb6f089ecf14420aabb7da940b75

commit f2938c46398bfb6f089ecf14420aabb7da940b75
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-06-01 13:03:43 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-06-01 13:05:28 +0000

    www-client/chromium: drop keywords, except ppc64
    
    Bug: https://bugs.gentoo.org/792084
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/chromium-90.0.4430.212.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 Larry the Git Cow gentoo-dev 2021-06-01 20:46:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93557a7ee3ccb58f8ebe78188d2b36a5299157b6

commit 93557a7ee3ccb58f8ebe78188d2b36a5299157b6
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-06-01 20:45:54 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-06-01 20:46:12 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/792084
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |   3 -
 www-client/chromium/chromium-90.0.4430.212.ebuild | 931 ----------------------
 www-client/chromium/metadata.xml                  |   1 -
 3 files changed, 935 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-02 02:28:52 UTC
Thank you!
Comment 7 NATTkA bot gentoo-dev 2021-06-12 07:48:22 UTC
Unable to check for sanity:

> no match for package: www-client/chromium-91.0.4472.77
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-05 03:27:25 UTC
Request filed
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-07-06 03:34:57 UTC
This issue was resolved and addressed in
 GLSA 202107-06 at https://security.gentoo.org/glsa/202107-06
by GLSA coordinator John Helmert III (ajak).