Mailing List Archive

glsa-check: missing CVE-2020-6509 for current stable chromium version
Hi,

Sorry if I miss any detail about glsa-check context, but I think that it
misses the CVE[1] id review I left in subject.

About chromium stability, what would you advice me, install latest
keyword masked version or wait for next stable version?

The current chromium stable version have also runtime errors using
ffmeg-4.3. [2][3]

Thanks for your enlightenment

[1] https://www.cybersecurity-help.cz/vdb/SB2020062308

[2] https://bugs.gentoo.org/729182

[3] https://bugs.gentoo.org/729310
Re: glsa-check: missing CVE-2020-6509 for current stable chromium version [ In reply to ]
> On 23 Jun 2020, at 21:57, Samuel Bernardo <samuelbernardo.mail@gmail.com> wrote:
>
> Hi,
>
> Sorry if I miss any detail about glsa-check context, but I think that it
> misses the CVE[1] id review I left in subject.
>

A GLSA (see https://security.gentoo.org/glsa <https://security.gentoo.org/glsa>) has not yet been filed
for this issue. Once the fixed version (83.0.4103.116) is stabilised,
we will release one ASAP.

> About chromium stability, what would you advice me, install latest
> keyword masked version or wait for next stable version?

The new one should be stabled shortly. It’s up to you if you want to
install it ahead of time or not.

>
> The current chromium stable version have also runtime errors using
> ffmeg-4.3. [2][3]

The new version was added in [1] and you can track the progress
of the security bug (search Bugzilla for the CVE(s)) in [2].

There is also a bug [3] for the ffmpeg issue, and the commit [1]
adds a dep on an older ffmpeg for now.

[1] https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=a21f83685eda6f895c0a6819172172f63395a157 <https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=a21f83685eda6f895c0a6819172172f63395a157>
[2] https://bugs.gentoo.org/729310 <https://bugs.gentoo.org/729310>
[3] https://bugs.gentoo.org/728624


Hope this helps.

If you ever have any queries about security matters in Gentoo, please
feel free to ask this list (or gentoo-security, but it’s less active), or
on IRC in the #gentoo-security channel.

TL;DR: We’re aware of it, the bug is in progress, will be stabled on amd64
shortly, and a GLSA will follow. No need to worry. :)

>
> Thanks for your enlightenment