From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce+bounces-2450-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CC355138334
	for <garchives@archives.gentoo.org>; Thu, 28 Mar 2019 02:55:44 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A3F6EE0AC5;
	Thu, 28 Mar 2019 02:42:47 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 833CAE086B
	for <gentoo-announce@lists.gentoo.org>; Thu, 28 Mar 2019 02:23:06 +0000 (UTC)
Received: from localhost (pool-96-231-100-113.washdc.fios.verizon.net [96.231.100.113])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: bman)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 28159335C5D
	for <gentoo-announce@lists.gentoo.org>; Thu, 28 Mar 2019 02:23:05 +0000 (UTC)
Date: Wed, 27 Mar 2019 22:23:01 -0400
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Subject: [gentoo-announce] [ GLSA 201903-23 ] Chromium: Multiple vulnerabilities
Message-ID: <20190328022301.GH14496@monkey>
Reply-To: security@gentoo.org
Precedence: bulk
List-Post: <mailto:gentoo-announce@lists.gentoo.org>
List-Help: <mailto:gentoo-announce+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-announce+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="VbfcI4OLZ4XW0yH2"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Archives-Salt: 749e3440-faca-4d59-a5de-d13f029038d7
X-Archives-Hash: 50229689b302240df44c4b93d6359f87


--VbfcI4OLZ4XW0yH2
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201903-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium: Multiple vulnerabilities
     Date: March 28, 2019
     Bugs: #671550, #677066, #679530, #680242
       ID: 201903-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium, the worst of
which could result in the remote execution of code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 73.0.3683.75         >= 73.0.3683.75

Description
===========

Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.

Impact
======

Please review the referenced CVE identifiers and Google Chrome Releases
for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-73.0.3683.75"

References
==========

[  1 ] CVE-2018-17479
       https://nvd.nist.gov/vuln/detail/CVE-2018-17479
[  2 ] CVE-2019-5786
       https://nvd.nist.gov/vuln/detail/CVE-2019-5786
[  3 ] CVE-2019-5786
       https://nvd.nist.gov/vuln/detail/CVE-2019-5786
[  4 ] CVE-2019-5787
       https://nvd.nist.gov/vuln/detail/CVE-2019-5787
[  5 ] CVE-2019-5788
       https://nvd.nist.gov/vuln/detail/CVE-2019-5788
[  6 ] CVE-2019-5789
       https://nvd.nist.gov/vuln/detail/CVE-2019-5789
[  7 ] CVE-2019-5790
       https://nvd.nist.gov/vuln/detail/CVE-2019-5790
[  8 ] CVE-2019-5791
       https://nvd.nist.gov/vuln/detail/CVE-2019-5791
[  9 ] CVE-2019-5792
       https://nvd.nist.gov/vuln/detail/CVE-2019-5792
[ 10 ] CVE-2019-5793
       https://nvd.nist.gov/vuln/detail/CVE-2019-5793
[ 11 ] CVE-2019-5794
       https://nvd.nist.gov/vuln/detail/CVE-2019-5794
[ 12 ] CVE-2019-5795
       https://nvd.nist.gov/vuln/detail/CVE-2019-5795
[ 13 ] CVE-2019-5796
       https://nvd.nist.gov/vuln/detail/CVE-2019-5796
[ 14 ] CVE-2019-5797
       https://nvd.nist.gov/vuln/detail/CVE-2019-5797
[ 15 ] CVE-2019-5798
       https://nvd.nist.gov/vuln/detail/CVE-2019-5798
[ 16 ] CVE-2019-5799
       https://nvd.nist.gov/vuln/detail/CVE-2019-5799
[ 17 ] CVE-2019-5800
       https://nvd.nist.gov/vuln/detail/CVE-2019-5800
[ 18 ] CVE-2019-5801
       https://nvd.nist.gov/vuln/detail/CVE-2019-5801
[ 19 ] CVE-2019-5802
       https://nvd.nist.gov/vuln/detail/CVE-2019-5802
[ 20 ] CVE-2019-5803
       https://nvd.nist.gov/vuln/detail/CVE-2019-5803
[ 21 ] CVE-2019-5804
       https://nvd.nist.gov/vuln/detail/CVE-2019-5804

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201903-23

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2019 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

--VbfcI4OLZ4XW0yH2
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlycMAQACgkQpRQw84X1
dt3PCQgAlnRFsYh2N9qU62ERO7VD5j097kAEv67tkp7t2H5bh3EWAVqqu5dUjrWR
ZJD7xJP4PVVsg9LMOsboDOXr04GxlxlRswDkAayUKiFRYJbOu7MY/AFFriOyxMRa
pljh6wFsiuUf3GoiPJ7fSUNIvxmpfutVb+/qKiDYsmP0JE/PFOJVJTnn0oDVt8J9
FAZx4MmP4r1+7WlN6wk6ICcw2LylaS3cmZZgzZtzu87NvILEsopL/FR4UunvU4uJ
KEPuUEWV7D0xCnBn9Szknpcf0cX0Uz6g2DPAnPlpij+cVNe78pxqpCTr0ZFxVF4Y
IM3OEJk5H4yNBzXIGrNuSk55H1g+xA==
=YMRS
-----END PGP SIGNATURE-----

--VbfcI4OLZ4XW0yH2--