Overview
Request 744738 accepted
- Update to 78.0.3904.87 bsc#1155643:
* CVE-2019-13721: Use-after-free in PDFium
* CVE-2019-13720: Use-after-free in audio
- Enable LTO again with disabled parallel LTO WPA streaming.
- Disable LTO for now as it consumes ~20GB of RAM, we will reenable
the feature later when some memory consumption fixes land in
GCC
- Adjust LDFLAGS settings for LTO to take memory-constraints into
consideration
- Update to 78.0.3904.70 bsc#1154806:
* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
- Created by scarabeus_iv
- In state accepted
Request History
scarabeus_iv created request
- Update to 78.0.3904.87 bsc#1155643:
* CVE-2019-13721: Use-after-free in PDFium
* CVE-2019-13720: Use-after-free in audio
- Enable LTO again with disabled parallel LTO WPA streaming.
- Disable LTO for now as it consumes ~20GB of RAM, we will reenable
the feature later when some memory consumption fixes land in
GCC
- Adjust LDFLAGS settings for LTO to take memory-constraints into
consideration
- Update to 78.0.3904.70 bsc#1154806:
* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
licensedigger accepted review
ok
licensedigger approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:11395
msmeissn accepted request
accepted request 744738:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
network:chromium/chromium@8ef8c501be20a2b5d68f07ccb6fc03e3 -> openSUSE:Leap:15.0:Update/chromium
expected origin is 'openSUSE:Factory' (changed)
sr#744734 review by openSUSE:Factory:Staging:adi:40 ok
found pending submission against origin (openSUSE:Factory)