Summary: | <www-client/chromium-107.0.5304.87 <www-client/google-chrome-107.0.5304.87 <www-client/chromium-bin-108.0.5359.124: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael <ostekiks> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium, jano.vesely |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/28100 | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 879957 | ||
Bug Blocks: |
Description
Michael
2022-10-30 13:48:56 UTC
Thanks. The affected versions of these packages, which are still being distributed by Gentoo, includes a remote code execution vulnerability which has been seen in the wild. The vulnerable packages have not been updated for nearly a month, and don't appear to be being worked on. Should they be masked until they do get the security fix? *** Bug 879579 has been marked as a duplicate of this bug. *** (In reply to Ooblick from comment #2) > The affected versions of these packages, which are still being distributed > by Gentoo, includes a remote code execution vulnerability which has been > seen in the wild. > > The vulnerable packages have not been updated for nearly a month, and don't > appear to be being worked on. Should they be masked until they do get the > security fix? They were being worked on and were pushed a few days ago: commit 74692ef14eb7c74deaf262d09acf4d05b491b249 Author: Marek Behún <kabel@kernel.org> Date: Wed Nov 2 12:54:41 2022 +0100 www-client/chromium: promote M107 to stable Signed-off-by: Marek Behún <kabel@kernel.org> Closes: https://github.com/gentoo/gentoo/pull/28100 Signed-off-by: Mike Gilbert <floppym@gentoo.org> commit d14c195edacaa061b80a60b6c786be89dc48e8aa Author: Marek Behún <kabel@kernel.org> Date: Wed Nov 2 12:53:56 2022 +0100 www-client/chromium: beta channel bump to 107.0.5304.87 Signed-off-by: Marek Behún <kabel@kernel.org> Signed-off-by: Mike Gilbert <floppym@gentoo.org> The Stable channel has been updated to 107.0.5304.110 for Mac and Linux Are we going to address https://amp-thehackernews-com.cdn.ampproject.org/c/s/amp.thehackernews.com/thn/2022/11/update-chrome-browser-now-to-patch-new.html chromium-bin ebuilds need to be updated. GLSA request filed, see https://bugs.gentoo.org/876855#c10 wrt edge. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3df173efb2982a5d08d6bff00cd84eb619e793cd commit 3df173efb2982a5d08d6bff00cd84eb619e793cd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:22 +0000 [ GLSA 202305-10 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/876855 Bug: https://bugs.gentoo.org/878825 Bug: https://bugs.gentoo.org/883031 Bug: https://bugs.gentoo.org/883697 Bug: https://bugs.gentoo.org/885851 Bug: https://bugs.gentoo.org/886479 Bug: https://bugs.gentoo.org/890726 Bug: https://bugs.gentoo.org/890728 Bug: https://bugs.gentoo.org/891501 Bug: https://bugs.gentoo.org/891503 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-10.xml | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) |