A buffer overlow was found in the expat component of chromium: From ${URL} : [$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Do you have the patch? There haven't been any commits to expat upstream since 2010 as far as I can tell, and I don't have permission to access the google bug at $URL...
@security, can you confirm, is this the patch in question: https://hg.mozilla.org/mozilla-central/rev/438d9e2a991a (seems that mozilla guys noticed it first)
(In reply to Alexandre Rostovtsev from comment #2) > @security, can you confirm, is this the patch in question: > https://hg.mozilla.org/mozilla-central/rev/438d9e2a991a > > (seems that mozilla guys noticed it first) I have access to the Chromium bug in question and it's the same patch. See https://codereview.chromium.org/1151263010 for the Chromium patch corresponding to the bug.
Thanks! Fixed in expat-2.1.0-r5 - which is ready for stabilization. +*expat-2.1.0-r5 (30 Jul 2015) + + 30 Jul 2015; Alexandre Rostovtsev <tetromino@gentoo.org> + -expat-2.1.0-r2.ebuild, -expat-2.1.0-r3.ebuild, expat-2.1.0-r4.ebuild, + +expat-2.1.0-r5.ebuild, +files/expat-2.1.0-mozilla-sanity-check-size.patch: + Fix buffer overflow (bug #555642, CVE-2015-1283, thanks to Agostino Sarubbo + and Paweł Hajdan, Jr.). Improve description. Clean out old ebuilds.
(In reply to Alexandre Rostovtsev from comment #4) > Thanks! > > Fixed in expat-2.1.0-r5 - which is ready for stabilization. > Thanks for the bump. Arches, please stabilize: =dev-libs/expat-2.1.0-r5 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
Stable on alpha.
sparc stable
ia64 stable
Stable for HPPA PPC64.
arm stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Removed vulnerable versions.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201701-21 at https://security.gentoo.org/glsa/201701-21 by GLSA coordinator Aaron Bauman (b-man).