Re: [blfs-book] [BLFS Trac] #10495: chromium-67.0.3396.87 (was: chromium-67.0.3396.79)

Thu, 14 Jun 2018 11:38:36 -0700 

#10495: chromium-67.0.3396.87
----------------------+------------------------
 Reporter:  bdubbs@…  |       Owner:  blfs-book
     Type:  defect    |      Status:  new
 Priority:  high      |   Milestone:  8.3
Component:  BOOK      |     Version:  SVN
 Severity:  normal    |  Resolution:
 Keywords:            |
----------------------+------------------------
Description changed by ken@…:

Old description:

> Vulnerability fixes. While investigating a firefox vulnerability, I got
> to https://security-tracker.debian.org/tracker/CVE-2018-6126 where it
> turns out that the vulnerability was originally found in chromium (or
> perhaps in chrome).
>
> According to that, it is fixed in 67.0.3396.62. But Arch's security
> report says it is fixed in 67.0.3396.79.
>
> Looking at qtwebengine there are lots more vulnerabilities addressed by
> upstream patches to the chromium code.
>
> I don't know my way around chromium, but a .tar.gz for .79 is currently
> on about the fourth page of https://github.com/chromium/chromium/releases

New description:

 Vulnerability fixes. While investigating a firefox vulnerability, I got to
 https://security-tracker.debian.org/tracker/CVE-2018-6126 where it turns
 out that the vulnerability was originally found in chromium (or perhaps in
 chrome).

 According to that, it is fixed in 67.0.3396.62. But Arch's security report
 says it is fixed in 67.0.3396.79.

 Looking at qtwebengine there are lots more vulnerabilities addressed by
 upstream patches to the chromium code.

 I don't know my way around chromium, but a .tar.gz for .79 is currently on
 about the fourth page of https://github.com/chromium/chromium/releases

 According to Arch, .87 fixes an out of bounds write in the V8 code which
 can lead to arbitrary code execution.

 I'm still trying to see if I can build this beast (Arch use clang because
 of a gcc-8.1 issue, but I found a patch at fedora this morning, haven't
 had time to try it yet).

--

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/10495#comment:5>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to