Release notes in URL. I'm working on the version bump.
Removing PDF viewer related CVEs.
Please stabilize on amd64 and x86. =dev-lang/v8-3.11.10.17 =www-client/chromium-21.0.1180.57
amd64 stable
(In reply to comment #3) > amd64 stable Hmm, on my stable amd64 box Gmail doesn't load correctly with v21. ago - does that work for you?
(In reply to comment #4) > Hmm, on my stable amd64 box Gmail doesn't load correctly with v21. Works ok here. Can you try it with a fresh profile? chromium --user-data-dir=/tmp/fresh
(In reply to comment #5) > (In reply to comment #4) > > Hmm, on my stable amd64 box Gmail doesn't load correctly with v21. > > Works ok here. Can you try it with a fresh profile? > > chromium --user-data-dir=/tmp/fresh That fixed it. I'll nuke my profile.
Archtested on x86: Everything fine (build, runs, repoman check) flollowing USEs combinations has been tested (with FEATURE "test" enabled) www-client/chromium -bindist cups -custom-cflags gnome -gnome-keyring -kerberos www-client/chromium -bindist -cups custom-cflags gnome -gnome-keyring -kerberos www-client/chromium bindist -cups custom-cflags gnome -gnome-keyring -kerberos www-client/chromium bindist -cups -custom-cflags -gnome gnome-keyring -kerberos www-client/chromium bindist -cups -custom-cflags gnome gnome-keyring -kerberos www-client/chromium bindist cups -custom-cflags gnome gnome-keyring -kerberos www-client/chromium -bindist cups custom-cflags gnome gnome-keyring -kerberos www-client/chromium bindist cups custom-cflags gnome gnome-keyring -kerberos www-client/chromium bindist -cups -custom-cflags -gnome -gnome-keyring kerberos www-client/chromium -bindist -cups -custom-cflags gnome gnome-keyring kerberos www-client/chromium -bindist cups -custom-cflags gnome gnome-keyring kerberos www-client/chromium bindist cups custom-cflags gnome gnome-keyring kerberos www-client/chromium bash-completion xml python
@floppym/chromium: I can't keyword for x86 because I can't fetch v8-3.9.24.9.tar.bz2 to update the manifest. Please keyword both v8 and chromium for x86, works perfectly for me.
(In reply to comment #8) > @floppym/chromium: > > I can't keyword for x86 because I can't fetch v8-3.9.24.9.tar.bz2 to update > the manifest. Please keyword both v8 and chromium for x86, works perfectly > for me. x86 stable
Removed vulnerable version Pawel, go ahead with glsa.
(In reply to comment #10) > Pawel, go ahead with glsa. I believe he is still on vacation, and would not object if someone else took care of it.
This is already on a GLSA draft - just waiting for another review.
CVE-2012-2860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860): The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. CVE-2012-2859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859): Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. CVE-2012-2858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858): Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. CVE-2012-2857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857): Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. CVE-2012-2854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854): Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. CVE-2012-2853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853): The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. CVE-2012-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849): Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. CVE-2012-2848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848): The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. CVE-2012-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847): Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. CVE-2012-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846): Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
This issue was resolved and addressed in GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml by GLSA coordinator Sean Amoss (ackle).