724008 – (CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491) <www-client/{chromium,google-chrome}-83.0.4103.61: Multiple vulnerabilities (CVE-2020-{6465,6466,6467,6468,6469,6470,6471,6472,6473,6474,6475,6476,6477,6478,6479,6480,6481,6482,6483,6484,6485,6486,6487,6488,6489,6490,6491})

Bug 724008 (CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491) - <www-client/{chromium,google-chrome}-83.0.4103.61: Multiple vulnerabilities (CVE-2020-{6465,6466,6467,6468,6469,6470,6471,6472,6473,6474,6475,6476,6477,6478,6479,6480,6481,6482,6483,6484,6485,6486,6487,6488,6489,6490,6491})

Summary: <www-client/{chromium,google-chrome}-83.0.4103.61: Multiple vulnerabilities (...

Status:	RESOLVED FIXED

Alias:	CVE-2020-6465, CVE-2020-6466, CVE-2020-6467, CVE-2020-6468, CVE-2020-6469, CVE-2020-6470, CVE-2020-6471, CVE-2020-6472, CVE-2020-6473, CVE-2020-6474, CVE-2020-6475, CVE-2020-6476, CVE-2020-6477, CVE-2020-6478, CVE-2020-6479, CVE-2020-6480, CVE-2020-6481, CVE-2020-6482, CVE-2020-6483, CVE-2020-6484, CVE-2020-6485, CVE-2020-6486, CVE-2020-6487, CVE-2020-6488, CVE-2020-6489, CVE-2020-6490, CVE-2020-6491

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+ cve]
Keywords:

Depends on:	icu-67.1-stable 723954
Blocks:
	Show dependency tree

Reported:	2020-05-19 18:39 UTC by Stephan Hartmann (RETIRED)
Modified:	2020-06-13 01:02 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2020-6493, CVE-2020-6494, CVE-2020-6495, CVE-2020-6496
Package list:	www-client/chromium-83.0.4103.61 dev-util/gn-0.1726
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephan Hartmann (RETIRED) gentoo-dev

2020-05-19 18:39:02 UTC

See ${URL}.

www-client/{chromium,google-chrome}-83.0.4103.61 are already in the tree.

Comment 1 NATTkA bot gentoo-dev

2020-05-19 19:28:36 UTC

Unable to check for sanity:

> dependent bug #723954 is missing keywords

Comment 2 NATTkA bot gentoo-dev

2020-05-19 19:32:35 UTC

Sanity check failed:

> www-client/chromium-83.0.4103.61
>   bdepend amd64 stable profile default/linux/amd64/17.0 (28 total)
>     >=dev-util/gn-0.1726
>   bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (1 total)
>     >=dev-util/gn-0.1726

Comment 3 NATTkA bot gentoo-dev

2020-05-19 19:40:40 UTC

All sanity-check issues have been resolved

Comment 4 Agostino Sarubbo gentoo-dev

2020-05-24 07:33:01 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 5 Larry the Git Cow gentoo-dev

2020-05-30 00:19:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a984f74a72b698232dd18f11edb3047b79cd7b42

commit a984f74a72b698232dd18f11edb3047b79cd7b42
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-05-30 00:19:04 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-05-30 00:19:04 +0000

    www-client/chromium: remove old
    
    Bug: https://bugs.gentoo.org/724008
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                       |   1 -
 www-client/chromium/chromium-81.0.4044.138.ebuild  | 764 ---------------------
 .../chromium/files/chromium-80-gcc-blink.patch     |  45 --
 www-client/chromium/files/chromium-81-gcc-10.patch | 116 ----
 .../chromium/files/chromium-81-gcc-constexpr.patch |  19 -
 .../chromium/files/chromium-81-gcc-noexcept.patch  |  13 -
 www-client/chromium/files/chromium-81-icu67.patch  | 162 -----
 .../chromium/files/chromium-compiler-r11.patch     | 185 -----
 8 files changed, 1305 deletions(-)

Comment 6 NATTkA bot gentoo-dev

2020-06-07 17:20:38 UTC

Unable to check for sanity:

> no match for package: www-client/chromium-83.0.4103.61

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2020-06-13 01:02:43 UTC

This issue was resolved and addressed in
 GLSA 202006-02 at https://security.gentoo.org/glsa/202006-02
by GLSA coordinator Aaron Bauman (b-man).