747013 – (CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557) <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (CVE-2020-{15967,15968,15969,15970,15971,15972,15990,15991,15973,15974,15975,15976,6557,15977,15978,15979,15980,15981,15982,15983,15984,15985,15986,15987,15992,15988,15989})

Bug 747013 (CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557) - <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (CVE-2020-{15967,15968,15969,15970,15971,15972,15990,15991,15973,15974,15975,15976,6557,15977,15978,15979,15980,15981,15982,15983,15984,15985,15986,15987,15992,15988,15989})

Summary: <www-client/{chromium,google-chrome}-86.0.4240.75: Multiple vulnerabilities (...

Status:	RESOLVED FIXED

Alias:	CVE-2020-15967, CVE-2020-15968, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-6557

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+ cve]
Keywords:	CC-ARCHES

Depends on:
Blocks:	CVE-2020-15969
	Show dependency tree

Reported:	2020-10-07 07:06 UTC by Stephan Hartmann (RETIRED)
Modified:	2020-10-22 14:26 UTC (History)
CC List:	1 user (show)

See Also:	738238
Package list:	www-client/chromium-86.0.4240.75
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephan Hartmann (RETIRED) gentoo-dev

2020-10-07 07:06:25 UTC

See ${URL}.

Tarballs for chromium are not available yet.
www-client/google-chrome already bumped and marked stable.

Comment 1 Larry the Git Cow gentoo-dev

2020-10-07 19:22:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d91784e8c8467ec91abc4a59d43dfef59fac873

commit 8d91784e8c8467ec91abc4a59d43dfef59fac873
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-07 19:21:33 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-07 19:22:34 +0000

    www-client/chromium: stable channel bump to 86.0.4240.75
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                                            | 2 +-
 .../{chromium-86.0.4240.68.ebuild => chromium-86.0.4240.75.ebuild}      | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 2 NATTkA bot gentoo-dev

2020-10-07 20:16:53 UTC

Sanity check failed:

> www-client/chromium-86.0.4240.75
>   depend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=
>   rdepend arm64 stable profile default/linux/arm64/17.0 (9 total)
>     >=media-video/ffmpeg-4.3:=

Comment 3 Sam James archtester

2020-10-08 02:22:59 UTC

amd64 done

Comment 4 Sam James archtester

2020-10-08 02:31:05 UTC

arm64 stable

Comment 5 Sam James archtester

2020-10-08 02:31:12 UTC

amd64 done

all arches done

Comment 6 Sam James archtester

2020-10-08 02:31:37 UTC

Please cleanup. Thanks!

Comment 7 Larry the Git Cow gentoo-dev

2020-10-08 06:21:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a72458f5dce3c9d8052f625df61efc7850064589

commit a72458f5dce3c9d8052f625df61efc7850064589
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2020-10-08 06:21:36 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-08 06:21:36 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/747013
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-85.0.4183.121.ebuild  | 867 ---------------------
 .../chromium/files/chromium-84-mediaalloc.patch    |  41 -
 3 files changed, 910 deletions(-)

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2020-10-17 09:07:25 UTC

This issue was resolved and addressed in
 GLSA 202010-01 at https://security.gentoo.org/glsa/202010-01
by GLSA coordinator Sam James (sam_c).