Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 582828 (CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671) - <www-client/chromium-50.0.2661.102: multiple vulnerabilities { (CVE-2016-{1667,1667,1668,1669,1670,1671})
Summary: <www-client/chromium-50.0.2661.102: multiple vulnerabilities { (CVE-2016-{166...
Alias: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa cve]
Depends on:
Reported: 2016-05-12 13:07 UTC by Agostino Sarubbo
Modified: 2016-05-17 05:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-05-12 13:07:28 UTC
From ${URL} :

The stable channel has been updated to 50.0.2661.102 for Windows, Mac, and Linux.
 Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information. 
[$8000][605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
[$3000][606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
[$1337][578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
[$500][586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2016-05-12 17:17:33 UTC
I added the ebuild, please stabilize it.
Comment 2 Agostino Sarubbo gentoo-dev 2016-05-13 12:27:58 UTC
stabilization and cleanup done
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2016-05-14 23:20:16 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-05-17 05:36:54 UTC
This issue was resolved and addressed in
 GLSA 201605-02 at
by GLSA coordinator Yury German (BlueKnight).