Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617504 (CVE-2017-5068) - <www-client/chromium-58.0.3029.110: Race condition in webrtc (CVE-2017-5068)
Summary: <www-client/chromium-58.0.3029.110: Race condition in webrtc (CVE-2017-5068)
Status: RESOLVED FIXED
Alias: CVE-2017-5068
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-04 18:08 UTC by Volkan
Modified: 2017-06-20 19:05 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-58.0.3029.110
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-05-04 18:08:08 UTC
A race condition flaw was found in the WebRTC component of the Chromium browser.

Upstream bug(s):

https://code.google.com/p/chromium/issues/detail?id=679306

External References:

https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-17 01:05:27 UTC
Fixed in: https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-chrome-os_11.html

The Stable channel has been updated to 58.0.3029.112 (Platform version: 9334.69.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-18 05:54:11 UTC
(In reply to Yury German from comment #1)
> Fixed in:
> https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-
> chrome-os_11.html

Please ignore above.
Comment 3 Mike Gilbert gentoo-dev 2017-05-23 15:51:28 UTC
I somehow missed this bug.

From the URL, this was fixed in 58.0.3029.96.

58.0.3029.110 is already in the tree, so let's jump to that.
Comment 4 Agostino Sarubbo gentoo-dev 2017-05-24 06:51:25 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-26 14:06:02 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 6 Thomas Deutschmann gentoo-dev Security 2017-06-05 21:30:42 UTC
GLSA Vote: Yes, will be handled together with bug 620956.


@ Maintainer(s): Please cleanup and drop =www-client/chromium-58.0.3029.81!
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2017-06-20 19:05:40 UTC
This issue was resolved and addressed in
 GLSA 201706-20 at https://security.gentoo.org/glsa/201706-20
by GLSA coordinator Kristian Fiskerstrand (K_F).