Bug 917357 (CVE-2023-5997, CVE-2023-6112)

Summary:	<www-client/chromium-119.0.6045.159 <www-client/google-chrome-119.0.6045.159 <www-client/microsoft-edge-119.0.2151.72: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	ajak, chromium, kangie, preed
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
See Also:	https://github.com/gentoo/gentoo/pull/33866
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	915465, 922189
Bug Blocks:

Description Sam James archtester

2023-11-15 04:17:40 UTC

[$10000][1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31

[N/A][1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04

Comment 1 Sam James archtester

2023-11-15 04:17:52 UTC

Please bump to 119.0.6045.159.

Comment 2 Larry the Git Cow gentoo-dev

2023-11-17 11:13:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58d0e005aa8e8b8ec49bfb1c447c735ddc99df9e

commit 58d0e005aa8e8b8ec49bfb1c447c735ddc99df9e
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-11-17 10:43:35 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-11-17 11:11:08 +0000

    www-client/chromium: add 119.0.6045.159
    
    Bug: https://bugs.gentoo.org/917357
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-119.0.6045.159.ebuild | 1254 ++++++++++++++++++++
 2 files changed, 1255 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-31 15:39:48 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)