FEDORA-EPEL-2016-bf5b9b3332

security update in Fedora EPEL 7 for chromium

Status: obsolete

Update to 53.0.2785.116.

https://chromium.googlesource.com/chromium/src/+log/53.0.2785.113..53.0.2785.116?pretty=fuller&n=10000


Update to 53.0.2785.113

Security fix for CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175


Stable update to 53.0.2785.101.

Security fix for CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160, CVE-2016-5167

Also applies fix for chrome-remote-desktop where HOME env variable was not properly set via systemd service.


Remove fedora only Requires, use bundled harfbuzz because el7 system lib is too old.


Disabled hidpi option in Chromium. Cleanup widevine handling so that third party addon package can exist. Add Requires(post) for selinux deps. Fix provides/requires to not include private libs.

Comments 6

This update has been submitted for testing by spot.

This update has obsoleted chromium-53.0.2785.113-1.el7, and has inherited its bugs and notes.

chromium-53.0.2785.116-1.el7 ejected from the push because u"Cannot find relevant tag for chromium-53.0.2785.116-1.el7. None of ['epel7-testing-pending'] are in [u'f24-updates-candidate', u'f22-updates-candidate', u'f25-updates-candidate', u'epel7-testing-candidate', u'dist-6E-epel-testing-candidate', u'dist-5E-epel-testing-candidate', u'f23-updates-candidate', u'f21-updates-candidate']."

This update has been submitted for testing by puiterwijk.

This update has been pushed to testing.

This update has been obsoleted by chromium-53.0.2785.143-1.el7.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago

Related Bugs 35

00 #1361157 Chromium "Aw, Snap" pages
00 #1362382 Missed capability, of widevine with Netflix
00 #1362513 Chromium crashes on start
00 #1366858 Latest Chromium update breaks HiDPI support
00 #1367099 Weird FG/BG colors make selected text vanish.
00 #1367198 chromium should depend on semanage
00 #1372207 CVE-2016-5147 chromium-browser: universal xss in blink
00 #1372208 CVE-2016-5148 chromium-browser: universal xss in blink
00 #1372209 CVE-2016-5149 chromium-browser: script injection in extensions
00 #1372210 CVE-2016-5150 chromium-browser: use after free in blink
00 #1372212 CVE-2016-5151 chromium-browser: use after free in pdfium
00 #1372213 CVE-2016-5152 chromium-browser: heap overflow in pdfium
00 #1372214 CVE-2016-5153 chromium-browser: use after destruction in blink
00 #1372215 CVE-2016-5154 chromium-browser: heap overflow in pdfium
00 #1372216 CVE-2016-5155 chromium-browser: address bar spoofing
00 #1372217 CVE-2016-5156 chromium-browser: use after free in event bindings
00 #1372218 CVE-2016-5157 chromium-browser: heap overflow in pdfium
00 #1372219 CVE-2016-5158 chromium-browser: heap overflow in pdfium
00 #1372220 CVE-2016-5159 chromium-browser: heap overflow in pdfium
00 #1372221 CVE-2016-5161 chromium-browser: type confusion in blink
00 #1372222 CVE-2016-5162 chromium-browser: extensions web accessible resources bypass
00 #1372223 CVE-2016-5163 chromium-browser: address bar spoofing
00 #1372224 CVE-2016-5164 chromium-browser: universal xss using devtools
00 #1372225 CVE-2016-5165 chromium-browser: script injection in devtools
00 #1372227 CVE-2016-5166 chromium-browser: smb relay attack via save page as
00 #1372228 CVE-2016-5160 chromium-browser: extensions web accessible resources bypass
00 #1372229 CVE-2016-5167 chromium-browser: various fixes from internal audits
00 #1372232 chromium: various flaws [fedora-all]
00 #1375863 CVE-2016-5170 chromium-browser: use after free in blink
00 #1375864 CVE-2016-5171 chromium-browser: use after free in blink
00 #1375865 CVE-2016-5172 chromium-browser: arbitrary memory read in v8
00 #1375866 CVE-2016-5173 chromium-browser: extension resource access
00 #1375867 CVE-2016-5174 chromium-browser: popup not correctly suppressed
00 #1375868 CVE-2016-5175 chromium-browser: various fixes from internal audits
00 #1375871 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 chromium: various flaws [fedora-all]

Automated Test Results