Chrome and derivatives update -- CVE-2022-1096
Hi, Two days ago, google released a critical security fix for a vulnerability presumably already exploited in the wild. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096 https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergenc... https://www.heise.de/news/Webbrowser-Notfallupdate-fuer-Google-Chrome-663841... (German) Packages e.g. for chromium have been fixed in Factory and SLE Backports, but the current snapshot of Tumbleweed still does not have it. https://bugzilla.opensuse.org/show_bug.cgi?id=1197552 Shouldn't there be some fasttrack through OpenQA in order to prevent such delays? - Ben
On Mon, Mar 28, 2022 at 04:52:45PM +0200, Ben Greiner wrote:
Hi,
Two days ago, google released a critical security fix for a vulnerability presumably already exploited in the wild.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096 https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergenc... https://www.heise.de/news/Webbrowser-Notfallupdate-fuer-Google-Chrome-663841... (German)
Packages e.g. for chromium have been fixed in Factory and SLE Backports, but the current snapshot of Tumbleweed still does not have it.
https://bugzilla.opensuse.org/show_bug.cgi?id=1197552
Shouldn't there be some fasttrack through OpenQA in order to prevent such delays?
I also submitted it to openSUSE:Factory:Update now, which is our bypass project. Ciao, Marcus
On 28.03.22 16:56, Marcus Meissner wrote:
I also submitted it to openSUSE:Factory:Update now, which is our bypass project.
This would also be good for the zlib update (...and probably all other packages that have zlib code compiled in statically ;-( ) Have fun, seife
On Thu, Mar 31, 2022 at 09:01:19AM +0200, Stefan Seyfried wrote:
On 28.03.22 16:56, Marcus Meissner wrote:
I also submitted it to openSUSE:Factory:Update now, which is our bypass project.
This would also be good for the zlib update
(...and probably all other packages that have zlib code compiled in statically ;-( )
I dont see it that as critical right now, it can wait the single digit amount of days to pass the regular integration. Ciao, Marcus
participants (3)
-
Ben Greiner -
Marcus Meissner -
Stefan Seyfried