Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chromium: 86.0.4240.75 -> 86.0.4240.111 (CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003) #101306

Merged
merged 1 commit into from Oct 22, 2020
Merged

chromium: 86.0.4240.75 -> 86.0.4240.111 (CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003) #101306

merged 1 commit into from Oct 22, 2020

Conversation

TredwellGit
Copy link
Member

Motivation for this change

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003

Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@TredwellGit
Copy link
Member Author

TredwellGit commented Oct 22, 2020
edited

platform attribute status tester
x86_64 chromium @danielfullmer
x86_64 nixosTests.chromium @danielfullmer
x86_64 google-chrome @primeos
aarch64 chromium @thefloweringash

@TredwellGit
Copy link
Member Author

I know that @primeos usually does these, but this is a critical security release and the fix has been out for almost two days.

@danielfullmer
Copy link
Contributor

Built and tested chromium and nixosTests.chromium on x86_64-linux.

primeos
primeos approved these changes Oct 22, 2020
View reviewed changes
Copy link
Member

@primeos primeos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know that @primeos usually does these, but this is a critical security release and the fix has been out for almost two days.

Thanks! The timing of the update was unfortunate for me (wasn't even aware of it until now :o).
Btw. in case you'd be interested in becoming the primary Chromium maintainer that would be welcome (just let me know in advance). But only if you want of course ;)

Anyway, I'll backport this right away.

@primeos primeos added 1.severity: security 9.needs: port to stable A PR needs a backport to the stable release. labels Oct 22, 2020
@primeos primeos merged commit 10b4fe1 into NixOS:master Oct 22, 2020
primeos pushed a commit that referenced this pull request Oct 22, 2020
@TredwellGit @primeos
chromium: 86.0.4240.75 -> 86.0.4240.111
35e7dd3 
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003

(cherry picked from commit 7dc2d9f)
Backport of #101306.
primeos pushed a commit that referenced this pull request Oct 22, 2020
@TredwellGit @primeos
chromium: 86.0.4240.75 -> 86.0.4240.111
b560967 
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-15999 CVE-2020-16003

(cherry picked from commit 7dc2d9f)
Backport of #101306.
@TredwellGit TredwellGit deleted the chromium branch October 22, 2020 10:10
@TredwellGit TredwellGit added 8.has: port to stable A PR already has a backport to the stable release. and removed 9.needs: port to stable A PR needs a backport to the stable release. labels Jan 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@primeos primeos primeos approved these changes

Assignees
No one assigned
Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@TredwellGit @danielfullmer @primeos