| Summary: | <www-client/chromium-94.0.4606.81 <www-client/google-chrome-94.0.4606.81: Multiple vulnerabilities (CVE-2021-{37977,37978,37979}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stephan Hartmann (RETIRED) <sultan> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html | ||
| Whiteboard: | A2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 816996 | ||
| Bug Blocks: | |||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4864f73611be3ad9c1d6f3d61ae5def31d84299b commit 4864f73611be3ad9c1d6f3d61ae5def31d84299b Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-10-08 19:31:05 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-10-08 19:31:43 +0000 www-client/chromium: stable channel bump to 94.0.4606.81 Enable official build by default. Bug: https://bugs.gentoo.org/816984 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-94.0.4606.81.ebuild | 943 +++++++++++++++++++++++ 2 files changed, 944 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b924f713b3df104597d6c0e410ebb016054c99f1 commit b924f713b3df104597d6c0e410ebb016054c99f1 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-10-11 06:28:33 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-10-11 06:28:33 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/816984 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-94.0.4606.71.ebuild | 943 ----------------------- 2 files changed, 944 deletions(-) (In reply to Larry the Git Cow from comment #1) > Enable official build by default. @Stephan: What's the reason for enabling "official" build by default? Is this required to mitigate the CVEs? If so, then shouldn't the flag be forced on? (In reply to Matt Whitlock from comment #3) > (In reply to Larry the Git Cow from comment #1) > > Enable official build by default. > > @Stephan: What's the reason for enabling "official" build by default? Is > this required to mitigate the CVEs? If so, then shouldn't the flag be forced > on? It is not needed to mitigate one of the CVEs here, only recommended upstream to enable it by default for end users. My goal was to avoid a rebuild with the flip and did the change together with a bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 commit a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-01-31 05:00:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-01-31 05:00:26 +0000 [ GLSA 202201-02 ] Chromium, Google Chrome: Multiple vulnerabilities Bug: https://bugs.gentoo.org/803167 Bug: https://bugs.gentoo.org/806223 Bug: https://bugs.gentoo.org/808715 Bug: https://bugs.gentoo.org/811348 Bug: https://bugs.gentoo.org/813035 Bug: https://bugs.gentoo.org/814221 Bug: https://bugs.gentoo.org/814617 Bug: https://bugs.gentoo.org/815673 Bug: https://bugs.gentoo.org/816984 Bug: https://bugs.gentoo.org/819054 Bug: https://bugs.gentoo.org/820689 Bug: https://bugs.gentoo.org/824274 Bug: https://bugs.gentoo.org/829190 Bug: https://bugs.gentoo.org/830642 Bug: https://bugs.gentoo.org/831624 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202201-02.xml | 257 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 257 insertions(+) All done! \o/ |
See ${URL}. CVE-2021-37980 is for Windows only.