Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 708322 (CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6406, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416) - <www-client/chromium-80.0.3987.87: multiple vulnerabilities
Summary: <www-client/chromium-80.0.3987.87: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6406, CVE-2020-6408, CVE-2020-6409, CVE-2020-6410, CVE-2020-6411, CVE-2020-6412, CVE-2020-6413, CVE-2020-6414, CVE-2020-6415, CVE-2020-6416
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+ cve]
Keywords: PullRequest
Depends on: 708278 708324
Blocks:
  Show dependency tree
 
Reported: 2020-02-05 07:47 UTC by Stephan Hartmann
Modified: 2020-03-13 03:19 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-80.0.3987.87
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann gentoo-dev 2020-02-05 07:47:50 UTC
See ${URL}

Fixed version is already in tree.

Reproducible: Always
Comment 1 Stephan Hartmann gentoo-dev 2020-02-05 08:01:58 UTC
Left out SQLite CVE's (CVE-2019-19926, CVE-2019-19880, CVE-2020-6405, CVE-2019-19923) because we use system SQLite.
CVE-2020-6417 only relevant for installer.
CVE-2019-18197 alias is already used by bug 700386.
Comment 2 Stabilization helper bot gentoo-dev 2020-02-05 11:58:52 UTC
An automated check of this bug failed - the following atom is unknown:

www-client/chromium-80.0.3987.87

Please verify the atom list.
Comment 3 Larry the Git Cow gentoo-dev 2020-02-05 15:47:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f8fca35b3785b25218657dad123c0635076883f

commit 1f8fca35b3785b25218657dad123c0635076883f
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2020-02-05 12:47:02 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-02-05 15:46:44 +0000

    www-client/chromium: stable channel bump to 80.0.3987.87
    
    Bug: https://bugs.gentoo.org/708322
    Package-Manager: Portage-2.3.76, Repoman-2.3.16
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/14571

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-80.0.3987.85.ebuild => chromium-80.0.3987.87.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 4 Agostino Sarubbo gentoo-dev 2020-02-06 12:28:58 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 5 Larry the Git Cow gentoo-dev 2020-02-06 20:23:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fa03d97f8516e35e00f7a1bbfb78580cb35dbed

commit 0fa03d97f8516e35e00f7a1bbfb78580cb35dbed
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2020-02-06 12:33:20 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-02-06 20:23:52 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/708322
    Package-Manager: Portage-2.3.76, Repoman-2.3.16
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/14580

 www-client/chromium/Manifest                       |   1 -
 www-client/chromium/chromium-79.0.3945.130.ebuild  | 736 ---------------------
 .../chromium-79-gcc-ambiguous-nodestructor.patch   |  39 --
 .../files/chromium-79-gcc-name-clash.patch         | 135 ----
 .../files/chromium-79-gcc-permissive.patch         |  79 ---
 www-client/chromium/files/chromium-79-icu-65.patch |  13 -
 .../chromium/files/chromium-79-include.patch       | 131 ----
 .../chromium/files/chromium-79-system-hb.patch     |  19 -
 8 files changed, 1153 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2020-02-10 15:37:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9c8c2bd177b166ea1b50120c87fa3196a7cfcc9

commit f9c8c2bd177b166ea1b50120c87fa3196a7cfcc9
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2020-02-10 15:37:08 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2020-02-10 15:37:08 +0000

    media-libs/opus: Remove old
    
    Bug: https://bugs.gentoo.org/708322
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: David Seifert <soap@gentoo.org>

 media-libs/opus/Manifest          |  1 -
 media-libs/opus/opus-1.3.1.ebuild | 38 -----------------------------
 media-libs/opus/opus-1.3.ebuild   | 51 ---------------------------------------
 3 files changed, 90 deletions(-)
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-03-13 03:09:50 UTC
Added to an existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-03-13 03:19:15 UTC
This issue was resolved and addressed in
 GLSA 202003-08 at https://security.gentoo.org/glsa/202003-08
by GLSA coordinator Thomas Deutschmann (whissi).