From 0ccb10a2c6c96055c7603726fd6e9139fd9c806e Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 28 Sep 2023 14:11:46 +0200 Subject: [PATCH] - update to 117.0.5938.132 - CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx. - CVE-2023-5186, use after free in Passwords. - CVE-2023-5187, use after free in Extensions. --- chromium.spec | 10 ++++++++-- sources | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/chromium.spec b/chromium.spec index d62c435e..973b092c 100644 --- a/chromium.spec +++ b/chromium.spec @@ -238,8 +238,8 @@ %endif Name: chromium%{chromium_channel} -Version: 117.0.5938.92 -Release: 2%{?dist} +Version: 117.0.5938.132 +Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -1687,6 +1687,12 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Thu Sep 28 2023 Than Ngo - 117.0.5938.132-1 +- update to 117.0.5938.132 +- CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx. +- CVE-2023-5186, use after free in Passwords. +- CVE-2023-5187, use after free in Extensions. + * Sat Sep 23 2023 Than Ngo - 117.0.5938.92-2 - backport upstream patch to fix memory leak diff --git a/sources b/sources index eb6ae45b..adf35823 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d -SHA512 (chromium-117.0.5938.92-clean.tar.xz) = 920ff4ddb09deb4268f996289d631ac8b61318d1bca47f900d1300b5f0f373749efd3c76b6f99e5ee3eb3a4032e7f6133a0df7898372db0428b41193041e640e +SHA512 (chromium-117.0.5938.132-clean.tar.xz) = 5d394329a3d8829062409784b90779c6d73fd90dd95d73d20d180114aecd3ba36f02dea09bb13e8e9fe19dfd334593d203dece5e377a3ca057c3382f2075b992