Bug 8161 - [UPDATE REQUEST 2016.1] chromium-browser-stable CVE-2018-6037
: [UPDATE REQUEST 2016.1] chromium-browser-stable CVE-2018-6037
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-21 19:59 MSD by Алексей-З
Modified: 2018-02-03 16:37 MSK (History)
3 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей-З 2017-07-21 19:59:57 MSD
Обновился Хромиум.
Comment 1 Алексей-З 2017-07-21 21:21:24 MSD
harfbuzz 1.4.7
https://abf.io/build_lists/2883310
https://abf.io/build_lists/2883311

chromium-browser-stable 59.0.3071.115
https://abf.io/build_lists/2883313
https://abf.io/build_lists/2883314
Comment 2 Алексей-З 2017-07-29 23:17:58 MSD
Add Remove chromium-browser-install package

chromium-browser-stable 59.0.3071.115-2
https://abf.io/build_lists/2884552
https://abf.io/build_lists/2884553
Comment 3 Vladimir Potapov 2017-08-04 12:36:08 MSD
The update is sent to expanded testing
*****************************************
Comment 4 Vladimir Potapov 2017-08-07 18:59:29 MSD
harfbuzz-1.4.7-1
https://abf.io/build_lists/2883310
https://abf.io/build_lists/2883311

chromium-browser-stable-59.0.3071.115-2
https://abf.io/build_lists/2884552
https://abf.io/build_lists/2884553
************************** Advisory *********************
Add Remove chromium-browser-install package
up to 59.0.3071.115-2 with new harfbuzz
**********************************************************
QA Verified
Comment 5 Алексей-З 2017-08-10 03:32:55 MSD
chromium-browser-stable 60.0.3112.90
https://abf.io/build_lists/2885808
https://abf.io/build_lists/2885809
Comment 6 Vladimir Potapov 2017-08-11 12:50:31 MSD
The update is sent to expanded testing
**************************************
Comment 7 Vladimir Potapov 2017-08-16 08:20:48 MSD
chromium-browser-stable-60.0.3112.90-1
https://abf.io/build_lists/2885808
https://abf.io/build_lists/2885809
***************************** Advisory **************************
Updated to 60.0.3112.90
*****************************************************************
QA Verified
Comment 8 Алексей-З 2017-08-26 19:58:27 MSD
Updated 60.0.3112.101
https://abf.io/build_lists/2888552
https://abf.io/build_lists/2888554
Comment 9 Алексей-З 2017-08-29 01:56:47 MSD
Updated Bookmarks
https://abf.io/build_lists/2889082
https://abf.io/build_lists/2889083
Comment 10 Vladimir Potapov 2017-09-07 18:44:58 MSD
1) Не работает установка браузера по-умолчанию кнопкой, хотя спрашивает
2) Стартовая страница - не стандартная росная. Т.к. хромиум у нас бывает в образах, это неправильно
Comment 11 Алексей-З 2017-09-23 09:46:21 MSD
Updated to 61.0.3163.91
https://abf.io/build_lists/2894932
https://abf.io/build_lists/2894933
Comment 12 Алексей-З 2017-09-25 15:31:46 MSD
Updated to 61.0.3163.100
https://abf.io/build_lists/2895128
https://abf.io/build_lists/2895125
Comment 13 Vladimir Potapov 2017-09-29 16:32:37 MSD
************************
QA Denied
Comment 14 Zombie Ryushu 2018-02-03 16:37:02 MSK
Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2017-15420

    Drew Springall discovered a URL spoofing issue.
    CVE-2017-15429

    A cross-site scripting issue was discovered in the v8 javascript library.
    CVE-2018-6031

    A use-after-free issue was discovered in the pdfium library.
    CVE-2018-6032

    Jun Kokatsu discovered a way to bypass the same origin policy.
    CVE-2018-6033

    Juho Nurminen discovered a race condition when opening downloaded files.
    CVE-2018-6034

    Tobias Klein discovered an integer overflow issue.
    CVE-2018-6035

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6036

    UK's National Cyber Security Centre discovered an integer overflow issue.
    CVE-2018-6037

    Paul Stone discovered an issue in the autofill feature.
    CVE-2018-6038

    cloudfuzzer discovered a buffer overflow issue.
    CVE-2018-6039

    Juho Nurminen discovered a cross-site scripting issue in the developer tools.
    CVE-2018-6040

    WenXu Wu discovered a way to bypass the content security policy.
    CVE-2018-6041

    Luan Herrera discovered a URL spoofing issue.
    CVE-2018-6042

    Khalil Zhani discovered a URL spoofing issue.
    CVE-2018-6043

    A character escaping issue was discovered.
    CVE-2018-6045

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6046

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6047

    Masato Kinugawa discovered an information leak issue.
    CVE-2018-6048

    Jun Kokatsu discovered a way to bypass the referrer policy.
    CVE-2018-6049

    WenXu Wu discovered a user interface spoofing issue.
    CVE-2018-6050

    Jonathan Kew discovered a URL spoofing issue.
    CVE-2018-6051

    Antonio Sanso discovered an information leak issue.
    CVE-2018-6052

    Tanner Emek discovered that the referrer policy implementation was incomplete.
    CVE-2018-6053

    Asset Kabdenov discovered an information leak issue.
    CVE-2018-6054

    Rob Wu discovered a use-after-free issue.