Mailinglist Archive: opensuse-bugs (4655 mails)

< Previous Next >
[Bug 1042833] New: VUL-0: Chromium 59.0.3071.86 stable security bump
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 06 Jun 2017 07:46:47 +0000
  • Message-id: <bug-1042833-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1042833


Bug ID: 1042833
Summary: VUL-0: Chromium 59.0.3071.86 stable security bump
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: tchvatal@xxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

As per
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
there is new stable release:

[$7500][722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao
Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
[$3000][715582] High CVE-2017-5071: Out of bounds read in V8. Reported by
Choongwoo Han on 2017-04-26
[$3000][709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by
Rayyan Bijoora on 2017-04-07
[$2000][716474] High CVE-2017-5073: Use after free in print preview. Reported
by Khalil Zhani on 2017-04-28
[$1000][700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported
by anonymous on 2017-03-09
[$2000][678776] Medium CVE-2017-5075: Information leak in CSP reporting.
Reported by Emmanuel Gil Peyrot on 2017-01-05
[$1000][722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by
Rayyan Bijoora on 2017-05-16
[$1000][719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by
Samuel Erb on 2017-05-06
[$1000][716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by
Sweetchip on 2017-04-28
[$1000][711020] Medium CVE-2017-5078: Possible command injection in mailto
handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
[$500][713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil
Zhani on 2017-04-20
[$500][708819] Medium CVE-2017-5080: Use after free in credit card autofill.
Reported by Khalil Zhani on 2017-04-05
[$N/A][672008] Medium CVE-2017-5081: Extension verification bypass. Reported by
Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
[$N/A][721579] Low CVE-2017-5082: Insufficient hardening in credit card editor.
Reported by Nightwatch Cybersecurity Research on 2017-05-11
[$N/A][714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil
Zhani on 2017-04-24
[$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI
pages. Reported by Zhiyang Zeng of Tencent security platform department on
2017-02-15

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >