Overview
Request 684662 accepted
- Update to 73.0.3683.75 bsc#1129059:
* CVE-2019-5787: Use after free in Canvas.
* CVE-2019-5788: Use after free in FileAPI.
* CVE-2019-5789: Use after free in WebMIDI.
* CVE-2019-5790: Heap buffer overflow in V8.
* CVE-2019-5791: Type confusion in V8.
* CVE-2019-5792: Integer overflow in PDFium.
* CVE-2019-5793: Excessive permissions for private API in Extensions.
* CVE-2019-5794: Security UI spoofing.
* CVE-2019-5795: Integer overflow in PDFium.
* CVE-2019-5796: Race condition in Extensions.
* CVE-2019-5797: Race condition in DOMStorage.
* CVE-2019-5798: Out of bounds read in Skia.
* CVE-2019-5799: CSP bypass with blob URL.
* CVE-2019-5800: CSP bypass with blob URL.
* CVE-2019-5801: Incorrect Omnibox display on iOS.
* CVE-2019-5802: Security UI spoofing.
* CVE-2019-5803: CSP bypass with Javascript URLs'.
* CVE-2019-5804: Command line command injection on Windows.
- Update patches:
* chromium-buildname.patch
* chromium-non-void-return.patch
* chromium-old-glibc.patch
* chromium-old-libva.patch
* chromium-vaapi.patch
- Removed patches:
* chromium-crashpad-fix_aarch64.patch
* chromium-webrtc-includes.patch
- Added patches:
* chromium-gcc.patch
- Created by scarabeus_iv
- In state accepted
Request History
scarabeus_iv created request
- Update to 73.0.3683.75 bsc#1129059:
* CVE-2019-5787: Use after free in Canvas.
* CVE-2019-5788: Use after free in FileAPI.
* CVE-2019-5789: Use after free in WebMIDI.
* CVE-2019-5790: Heap buffer overflow in V8.
* CVE-2019-5791: Type confusion in V8.
* CVE-2019-5792: Integer overflow in PDFium.
* CVE-2019-5793: Excessive permissions for private API in Extensions.
* CVE-2019-5794: Security UI spoofing.
* CVE-2019-5795: Integer overflow in PDFium.
* CVE-2019-5796: Race condition in Extensions.
* CVE-2019-5797: Race condition in DOMStorage.
* CVE-2019-5798: Out of bounds read in Skia.
* CVE-2019-5799: CSP bypass with blob URL.
* CVE-2019-5800: CSP bypass with blob URL.
* CVE-2019-5801: Incorrect Omnibox display on iOS.
* CVE-2019-5802: Security UI spoofing.
* CVE-2019-5803: CSP bypass with Javascript URLs'.
* CVE-2019-5804: Command line command injection on Windows.
- Update patches:
* chromium-buildname.patch
* chromium-non-void-return.patch
* chromium-old-glibc.patch
* chromium-old-libva.patch
* chromium-vaapi.patch
- Removed patches:
* chromium-crashpad-fix_aarch64.patch
* chromium-webrtc-includes.patch
- Added patches:
* chromium-gcc.patch
licensedigger accepted review
ok
maintbot accepted review
ok
factory-auto accepted review
Check script succeeded
factory-auto approved review
Check script succeeded
atopt moved maintenance target to openSUSE:Maintenance:9812
atopt accepted request
accepted request 684662:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
network:chromium/chromium@33406b55ba5dc27e967beeb49bd0312d -> openSUSE:Leap:42.3:Update/chromium
expected origin is 'openSUSE:Leap:42.2:Update' (changed)