Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chromium: 57.0.2987.110 -> 57.0.2987.133 [security] #24887

Merged
merged 1 commit into from Apr 14, 2017
Merged

chromium: 57.0.2987.110 -> 57.0.2987.133 [security] #24887

merged 1 commit into from Apr 14, 2017

Conversation

benley
Copy link
Member

@benley benley commented Apr 13, 2017

Motivation for this change

CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
CVE-2017-5056: Use after free in Blink. Credit to anonymous
CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@benley
chromium: 57.0.2987.110 -> 57.0.2987.133 [security]
552efad 
CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
CVE-2017-5056: Use after free in Blink. Credit to anonymous
CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
@mention-bot
Copy link

@benley, thanks for your PR! By analyzing the history of the files in this pull request, we identified @bendlas and @aszlig to be potential reviewers.

@benley benley merged commit 81589bf into NixOS:master Apr 14, 2017
@benley benley deleted the chromium branch April 14, 2017 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 8.has: package (update)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@benley @mention-bot