See ${URL} Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f3c3a9f2c158caaf710a4b581c0a0835fe3e8e commit c0f3c3a9f2c158caaf710a4b581c0a0835fe3e8e Author: Stephan Hartmann <stha09@googlemail.com> AuthorDate: 2020-02-25 11:33:39 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-02-25 15:21:47 +0000 www-client/chromium: stable channel bump to 80.0.3987.122 Bug: https://bugs.gentoo.org/710760 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Stephan Hartmann <stha09@googlemail.com> Signed-off-by: Mike Gilbert <floppym@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/14772 www-client/chromium/Manifest | 2 +- .../{chromium-80.0.3987.116.ebuild => chromium-80.0.3987.122.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
*** Bug 710776 has been marked as a duplicate of this bug. ***
Doesn't this affect google-chrome as well? Current package in tree: 80.0.3987.116
Yes, it affects google chrome, and my google-chrome bug was merged with this one. So #710776 isn't solved and shouldn't have been merged with this one...
amd64 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53214591636f7e86b5c45c2387ac7413826ea454 commit 53214591636f7e86b5c45c2387ac7413826ea454 Author: Stephan Hartmann <stha09@googlemail.com> AuthorDate: 2020-02-27 18:04:27 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-02-28 19:40:45 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/710760 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Stephan Hartmann <stha09@googlemail.com> Signed-off-by: Mike Gilbert <floppym@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/14792 www-client/chromium/Manifest | 1 - www-client/chromium/chromium-80.0.3987.100.ebuild | 738 ---------------------- 2 files changed, 739 deletions(-)
CVE-2020-6418 (https://nvd.nist.gov/vuln/detail/CVE-2020-6418): Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6407 (https://nvd.nist.gov/vuln/detail/CVE-2020-6407): Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
New GLSA request filed. Repository is clean.
This issue was resolved and addressed in GLSA 202003-08 at https://security.gentoo.org/glsa/202003-08 by GLSA coordinator Thomas Deutschmann (whissi).