Critical CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-10-26 [1270658] High CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita on 2021-11-16 [1272068] High CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita on 2021-11-19 [1262080] High CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair on 2021-10-21 [1278387] High CVE-2021-4102: Use after free in V8. Reported by Anonymous on 2021-12-09 Bumps done already.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e8530b49fe16e3fc5e669843ba77bd8837838a1 commit 0e8530b49fe16e3fc5e669843ba77bd8837838a1 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-12-15 11:56:39 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-12-15 11:56:39 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/829190 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-96.0.4664.93.ebuild | 963 ----------------------- 2 files changed, 964 deletions(-)
Maybe we should add www-client/microsoft-edge here too: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Fixed version is in ::gentoo already.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 commit a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-01-31 05:00:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-01-31 05:00:26 +0000 [ GLSA 202201-02 ] Chromium, Google Chrome: Multiple vulnerabilities Bug: https://bugs.gentoo.org/803167 Bug: https://bugs.gentoo.org/806223 Bug: https://bugs.gentoo.org/808715 Bug: https://bugs.gentoo.org/811348 Bug: https://bugs.gentoo.org/813035 Bug: https://bugs.gentoo.org/814221 Bug: https://bugs.gentoo.org/814617 Bug: https://bugs.gentoo.org/815673 Bug: https://bugs.gentoo.org/816984 Bug: https://bugs.gentoo.org/819054 Bug: https://bugs.gentoo.org/820689 Bug: https://bugs.gentoo.org/824274 Bug: https://bugs.gentoo.org/829190 Bug: https://bugs.gentoo.org/830642 Bug: https://bugs.gentoo.org/831624 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202201-02.xml | 257 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 257 insertions(+)
All done! \o/
