Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 747013 (CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557) - <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (CVE-2020-{15967,15968,15969,15970,15971,15972,15990,15991,15973,15974,15975,15976,6557,15977,15978,15979,15980,15981,15982,15983,15984,15985,15986,15987,15992,15988,15989})
Summary: <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (...
Status: RESOLVED FIXED
Alias: CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+ cve]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-15969
  Show dependency tree
 
Reported: 2020-10-07 07:06 UTC by Stephan Hartmann
Modified: 2020-10-22 14:26 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-86.0.4240.75
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann gentoo-dev 2020-10-07 07:06:25 UTC
See ${URL}.

Tarballs for chromium are not available yet.
www-client/google-chrome already bumped and marked stable.
Comment 1 Larry the Git Cow gentoo-dev 2020-10-07 19:22:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d91784e8c8467ec91abc4a59d43dfef59fac873

commit 8d91784e8c8467ec91abc4a59d43dfef59fac873
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-07 19:21:33 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-07 19:22:34 +0000

    www-client/chromium: stable channel bump to 86.0.4240.75
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-86.0.4240.68.ebuild => chromium-86.0.4240.75.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 NATTkA bot gentoo-dev 2020-10-07 20:16:53 UTC
Sanity check failed:

> www-client/chromium-86.0.4240.75
>   depend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
>   rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
Comment 3 Sam James archtester gentoo-dev Security 2020-10-08 02:22:59 UTC
amd64 done
Comment 4 Sam James archtester gentoo-dev Security 2020-10-08 02:31:05 UTC
arm64 stable
Comment 5 Sam James archtester gentoo-dev Security 2020-10-08 02:31:12 UTC
amd64 done

all arches done
Comment 6 Sam James archtester gentoo-dev Security 2020-10-08 02:31:37 UTC
Please cleanup. Thanks!
Comment 7 Larry the Git Cow gentoo-dev 2020-10-08 06:21:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a72458f5dce3c9d8052f625df61efc7850064589

commit a72458f5dce3c9d8052f625df61efc7850064589
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-08 06:21:36 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-08 06:21:36 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-85.0.4183.121.ebuild  | 867 ---------------------
 .../chromium/files/chromium-84-mediaalloc.patch    |  41 -
 3 files changed, 910 deletions(-)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-10-17 09:07:25 UTC
This issue was resolved and addressed in
 GLSA 202010-01 at https://security.gentoo.org/glsa/202010-01
by GLSA coordinator Sam James (sam_c).