From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce+bounces-1763-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D8B47138A1A
	for <garchives@archives.gentoo.org>; Tue, 17 Feb 2015 22:31:07 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BD865E087A;
	Tue, 17 Feb 2015 22:29:56 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E1646E083D
	for <gentoo-announce@lists.gentoo.org>; Tue, 17 Feb 2015 22:03:45 +0000 (UTC)
Received: from [10.144.0.5] (host-37-191-220-247.lynet.no [37.191.220.247])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: k_f)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 83C2434088E
	for <gentoo-announce@gentoo.org>; Tue, 17 Feb 2015 22:03:44 +0000 (UTC)
Message-ID: <54E3BAB8.8080101@gentoo.org>
Date: Tue, 17 Feb 2015 23:03:36 +0100
From: Kristian Fiskerstrand <k_f@gentoo.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
Precedence: bulk
List-Post: <mailto:gentoo-announce@lists.gentoo.org>
List-Help: <mailto:gentoo-announce+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-announce+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-announce@gentoo.org
Subject: [gentoo-announce] [ GLSA 201502-13 ] Chromium: Multiple vulnerabilities
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="C2qNCIj8DCiHIILP596vj2EQEFFNTPMe1"
X-Archives-Salt: 7b85dd0c-0524-4e08-be28-80b2fe2d017b
X-Archives-Hash: e716e61cb925c969c44a834ffac1ee8f

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--C2qNCIj8DCiHIILP596vj2EQEFFNTPMe1
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: February 17, 2015
     Bugs: #537366, #539094
       ID: 201502-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to cause Denial of Service or gain
escalated privileges.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Chromium is an open-source web browser project.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium      < 40.0.2214.111        >=3D 40.0.2214.111

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=3Dwww-client/chromium-40.0.2214.111"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[  1 ] CVE-2014-7923
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7923
[  2 ] CVE-2014-7924
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7924
[  3 ] CVE-2014-7925
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7925
[  4 ] CVE-2014-7926
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7926
[  5 ] CVE-2014-7927
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7927
[  6 ] CVE-2014-7928
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7928
[  7 ] CVE-2014-7929
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7929
[  8 ] CVE-2014-7930
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7930
[  9 ] CVE-2014-7931
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7931
[ 10 ] CVE-2014-7932
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7932
[ 11 ] CVE-2014-7933
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7933
[ 12 ] CVE-2014-7934
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7934
[ 13 ] CVE-2014-7935
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7935
[ 14 ] CVE-2014-7936
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7936
[ 15 ] CVE-2014-7937
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7937
[ 16 ] CVE-2014-7938
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7938
[ 17 ] CVE-2014-7939
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7939
[ 18 ] CVE-2014-7940
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7940
[ 19 ] CVE-2014-7941
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7941
[ 20 ] CVE-2014-7942
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7942
[ 21 ] CVE-2014-7943
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7943
[ 22 ] CVE-2014-7944
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7944
[ 23 ] CVE-2014-7945
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7945
[ 24 ] CVE-2014-7946
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7946
[ 25 ] CVE-2014-7947
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7947
[ 26 ] CVE-2014-7948
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-7948
[ 27 ] CVE-2014-9646
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-9646
[ 28 ] CVE-2014-9647
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-9647
[ 29 ] CVE-2014-9648
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2014-9648
[ 30 ] CVE-2015-1205
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1205
[ 31 ] CVE-2015-1209
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1209
[ 32 ] CVE-2015-1210
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1210
[ 33 ] CVE-2015-1211
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1211
[ 34 ] CVE-2015-1212
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1212
[ 35 ] CVE-2015-1346
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1346
[ 36 ] CVE-2015-1359
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1359
[ 37 ] CVE-2015-1360
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1360
[ 38 ] CVE-2015-1361
       http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2015-1361

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201502-13.xml

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



--C2qNCIj8DCiHIILP596vj2EQEFFNTPMe1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJU47q4AAoJEP7VAChXwav6aL4IALtHX9N9mN8gGddmMdQrmQL1
DQz/wPxdRHnTuNMKsF0KbxGHM1vzGkYJqUBVzg649wKdZcJ/2wLsgjBUpcY6ooyE
OQCrXVJrm2Z3tySpz7p2uner6ajo4A7/nNH1jOQAvpL53cHXGuSBV8KRDMGPUyfK
7rfHocBANGmr0dwPP1FwhcjHYqwJJMznoOFqwsDPa+/KSVRf/u5zEfF1R/Xc1YFA
E08Y7kh+T8LvgAlP8vMIZVfox0DA6hgyHl5HtnXtpEms4Q3v7wbqrvO9J+BEUnI1
tNigWUGubZOiztOTkrj6zo9FQqAapM94dE8bamRMlSGBz3adg+xqOYGFZqBmhwA=
=6HDY
-----END PGP SIGNATURE-----

--C2qNCIj8DCiHIILP596vj2EQEFFNTPMe1--