From ${URL} : TUESDAY, SEPTEMBER 9, 2014 Stable Channel Update The stable channel has been updated to 37.0.2062.120 for Windows, Mac and Linux. This release contains an update for Adobe Flash as well as a number of other fixes. A full list of changes is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information. [$2000][401362] High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. As usual, our ongoing internal security work responsible for a wide range of fixes: [411014] CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
www-client/chromium-37.0.2062.120 is in the tree. It compiles, but I have not been able to do runtime testing. Nonetheless, I assume it is safe to stabilize on amd64 and x86. Please proceed.
CVE-2014-3179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3179): Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-3178 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3178): Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.
Arches, please test and mark stable: =www-client/chromium-37.0.2062.120 Target Keywords : "amd64 x86" Thank you!
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New GLSA request filed.
cleanup done.
This issue was resolved and addressed in GLSA 201409-06 at http://security.gentoo.org/glsa/glsa-201409-06.xml by GLSA coordinator Kristian Fiskerstrand (K_F).