Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 715720 (CVE-2020-6450, CVE-2020-6451, CVE-2020-6452) - <www-client/{chromium,google-chrome}-80.0.3987.162: Multiple vulnerabilities (CVE-2020-{6450,6451,6452})
Summary: <www-client/{chromium,google-chrome}-80.0.3987.162: Multiple vulnerabilities ...
Status: RESOLVED FIXED
Alias: CVE-2020-6450, CVE-2020-6451, CVE-2020-6452
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A3 [glsa+ cve]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2020-04-01 07:18 UTC by Stephan Hartmann
Modified: 2020-04-10 22:03 UTC (History)
3 users (show)

See Also:
Package list:
www-client/chromium-80.0.3987.162
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann gentoo-dev 2020-04-01 07:18:34 UTC
See ${URL}

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-01 17:13:47 UTC
Thanks for reporting a security bug.

(We populate the summary with a version once a fixed version is in Gentoo for GLSA purposes. If it's in Gentoo and I missed it somehow, let me know.)

---
@maintainer(s), please create an appropriate ebuild.
Comment 2 Larry the Git Cow gentoo-dev 2020-04-01 19:13:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30cc9ceeb006edbd292f56adc680a8937ce022d0

commit 30cc9ceeb006edbd292f56adc680a8937ce022d0
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2020-04-01 17:21:14 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-04-01 19:13:35 +0000

    www-client/chromium: stable channel bump to 80.0.3987.162
    
    Bug: https://bugs.gentoo.org/715720
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Closes: https://github.com/gentoo/gentoo/pull/15201

 www-client/chromium/Manifest                      |   1 +
 www-client/chromium/chromium-80.0.3987.162.ebuild | 739 ++++++++++++++++++++++
 2 files changed, 740 insertions(+)
Comment 3 Agostino Sarubbo gentoo-dev 2020-04-02 16:53:07 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Larry the Git Cow gentoo-dev 2020-04-02 17:52:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38f15cb17e29f052ac0a9db1ff953ba25a078d52

commit 38f15cb17e29f052ac0a9db1ff953ba25a078d52
Author:     Stephan Hartmann <stha09@googlemail.com>
AuthorDate: 2020-04-02 17:01:20 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-04-02 17:52:04 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/715720
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Stephan Hartmann <stha09@googlemail.com>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                      |   1 -
 www-client/chromium/chromium-80.0.3987.149.ebuild | 739 ----------------------
 2 files changed, 740 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-02 19:05:26 UTC
Thanks.  Tree clean.
Comment 6 NATTkA bot gentoo-dev 2020-04-06 11:20:46 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 7 NATTkA bot gentoo-dev 2020-04-09 17:24:23 UTC
Unable to check for sanity:

> no match for package: www-client/chromium-80.0.3987.162
Comment 8 Thomas Deutschmann gentoo-dev 2020-04-10 21:55:00 UTC
New GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-04-10 22:03:23 UTC
This issue was resolved and addressed in
 GLSA 202004-09 at https://security.gentoo.org/glsa/202004-09
by GLSA coordinator Thomas Deutschmann (whissi).