Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702498 (CVE-2019-13725, CVE-2019-13726, CVE-2019-13727, CVE-2019-13728, CVE-2019-13729, CVE-2019-13730, CVE-2019-13732, CVE-2019-13734, CVE-2019-13735, CVE-2019-13736, CVE-2019-13737, CVE-2019-13738, CVE-2019-13739, CVE-2019-13740, CVE-2019-13741, CVE-2019-13742, CVE-2019-13743, CVE-2019-13744, CVE-2019-13745, CVE-2019-13746, CVE-2019-13747, CVE-2019-13748, CVE-2019-13749, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-13754, CVE-2019-13755, CVE-2019-13756, CVE-2019-13757, CVE-2019-13758, CVE-2019-13759, CVE-2019-13761, CVE-2019-13762, CVE-2019-13763, CVE-2019-13764) - <www-client/chromium-79.0.3945.79: multiple vulnerabilities
Summary: <www-client/chromium-79.0.3945.79: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2019-13725, CVE-2019-13726, CVE-2019-13727, CVE-2019-13728, CVE-2019-13729, CVE-2019-13730, CVE-2019-13732, CVE-2019-13734, CVE-2019-13735, CVE-2019-13736, CVE-2019-13737, CVE-2019-13738, CVE-2019-13739, CVE-2019-13740, CVE-2019-13741, CVE-2019-13742, CVE-2019-13743, CVE-2019-13744, CVE-2019-13745, CVE-2019-13746, CVE-2019-13747, CVE-2019-13748, CVE-2019-13749, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-13754, CVE-2019-13755, CVE-2019-13756, CVE-2019-13757, CVE-2019-13758, CVE-2019-13759, CVE-2019-13761, CVE-2019-13762, CVE-2019-13763, CVE-2019-13764
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+ cve]
Keywords: PullRequest
Depends on: 702500
Blocks:
  Show dependency tree
 
Reported: 2019-12-10 20:07 UTC by Stephan Hartmann (RETIRED)
Modified: 2020-03-13 03:18 UTC (History)
1 user (show)

See Also:
Package list:
=www-client/chromium-79.0.3945.79
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2019-12-10 20:07:44 UTC
See ${URL}

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2019-12-10 20:59:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f6487cbe8408792dfb391362b29443630915554

commit 2f6487cbe8408792dfb391362b29443630915554
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2019-12-10 12:14:34 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-12-10 20:58:16 +0000

    www-client/chromium: stable channel bump to 79.0.3945.79
    
    Bug: https://bugs.gentoo.org/702498
    Package-Manager: Portage-2.3.79, Repoman-2.3.16
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/13939

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-79.0.3945.74.ebuild => chromium-79.0.3945.79.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Stephan Hartmann (RETIRED) gentoo-dev 2019-12-18 08:39:50 UTC
Please wait with stabilization here. Chromium released new stable channel with one more security fix and I want to avoid an additional rebuild for users. PR should be ready in some hours.
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-18 11:23:38 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Larry the Git Cow gentoo-dev 2019-12-18 17:31:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cd82be6bd5b1b1de7a3a830dc5ef3517e346f15

commit 0cd82be6bd5b1b1de7a3a830dc5ef3517e346f15
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2019-12-18 14:12:08 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-12-18 17:29:51 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/702498
    Package-Manager: Portage-2.3.79, Repoman-2.3.16
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-78.0.3904.108.ebuild  | 742 ---------------------
 www-client/chromium/files/chromium-77-clang.patch  |  13 -
 .../chromium/files/chromium-77-pulseaudio-13.patch |  82 ---
 .../chromium/files/chromium-78-gcc-alignas.patch   | 142 ----
 .../files/chromium-78-gcc-enum-range.patch         |  46 --
 .../chromium/files/chromium-78-gcc-noexcept.patch  |  32 -
 .../files/chromium-78-gcc-std-vector.patch         |  87 ---
 www-client/chromium/files/chromium-78-icon.patch   |  12 -
 .../chromium/files/chromium-78-include.patch       |  40 --
 .../chromium/files/chromium-78-pm-crash.patch      |  43 --
 .../chromium/files/chromium-widevine-r4.patch      |  26 -
 www-client/chromium/metadata.xml                   |   1 -
 13 files changed, 1268 deletions(-)
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-13 03:05:34 UTC
Added to an existing GLSA.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2020-03-13 03:18:41 UTC
This issue was resolved and addressed in
 GLSA 202003-08 at https://security.gentoo.org/glsa/202003-08
by GLSA coordinator Thomas Deutschmann (whissi).