Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="7428">
  <issue id="1064066" tracker="bnc">VUL-0: chromium: tacker bug Oct/2017</issue>
  <issue id="2017-15386" tracker="cve" />
  <issue id="2017-5128" tracker="cve" />
  <issue id="2017-5129" tracker="cve" />
  <issue id="2017-5131" tracker="cve" />
  <issue id="2017-5130" tracker="cve" />
  <issue id="2017-5133" tracker="cve" />
  <issue id="2017-5132" tracker="cve" />
  <issue id="2017-5126" tracker="cve" />
  <issue id="2017-5127" tracker="cve" />
  <issue id="2017-5125" tracker="cve" />
  <issue id="2017-15387" tracker="cve" />
  <issue id="2017-15388" tracker="cve" />
  <issue id="2017-15389" tracker="cve" />
  <issue id="2017-5124" tracker="cve" />
  <issue id="2017-15391" tracker="cve" />
  <issue id="2017-15390" tracker="cve" />
  <issue id="2017-15393" tracker="cve" />
  <issue id="2017-15392" tracker="cve" />
  <issue id="2017-15395" tracker="cve" />
  <issue id="2017-15394" tracker="cve" />
  <issue tracker="bnc" id="1065405" />
  <issue id="2017-15396" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>AndreasStieger</packager>
  <description>This update to Chromium 62.0.3202.75 fixes the following security issues:

- CVE-2017-5124: UXSS with MHTML
- CVE-2017-5125: Heap overflow in Skia
- CVE-2017-5126: Use after free in PDFium 
- CVE-2017-5127: Use after free in PDFium
- CVE-2017-5128: Heap overflow in WebGL
- CVE-2017-5129: Use after free in WebAudio  
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2
- CVE-2017-5131: Out of bounds write in Skia 
- CVE-2017-5133: Out of bounds write in Skia  
- CVE-2017-15386: UI spoofing in Blink
- CVE-2017-15387: Content security bypass
- CVE-2017-15388: Out of bounds read in Skia
- CVE-2017-15389: URL spoofing in OmniBox
- CVE-2017-15390: URL spoofing in OmniBox 
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration
- CVE-2017-15393: Referrer leak in Devtools
- CVE-2017-15394: URL spoofing in extensions UI
- CVE-2017-15395: Null pointer dereference in ImageCapture
- CVE-2017-15396: Stack overflow in V8
</description>
  <summary>Security update for chromium</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places