Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 561448 (CVE-2015-1303) - <www-client/chromium-45.0.2454.101: multiple vulnerabilities (CVE-2015-{1303,1304})
Summary: <www-client/chromium-45.0.2454.101: multiple vulnerabilities (CVE-2015-{1303,...
Status: RESOLVED FIXED
Alias: CVE-2015-1303
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-25 10:56 UTC by Agostino Sarubbo
Modified: 2016-03-12 12:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-09-25 10:56:28 UTC
From ${URL} :


THURSDAY, SEPTEMBER 24, 2015

Stable Channel Update
The stable channel has been updated to 45.0.2454.101 for Windows, Mac, and Linux.

 Security Fixes and Rewards

 Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.

 The following bugs from external security researchers were fixed in this release:

 [$TBD][530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$TBD][531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2015-09-26 15:52:17 UTC
chromium-45.0.2454.101 is in the tree, and may be marked stable.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2015-09-26 18:41:04 UTC
[530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2015-09-26 20:42:15 UTC
Arches, please test and mark stable:

=www-client/chromium-45.0.2454.101

Target Keywords : "amd64 x86"

Thank you!
Comment 4 Richard Freeman gentoo-dev 2015-09-26 22:36:53 UTC
amd64 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-09-27 14:35:15 UTC
x86 stable
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2015-11-03 01:35:09 UTC
New GLSA Request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 12:16:12 UTC
This issue was resolved and addressed in
 GLSA 201603-09 at https://security.gentoo.org/glsa/201603-09
by GLSA coordinator Kristian Fiskerstrand (K_F).