1 |
> On 23 Jun 2020, at 21:57, Samuel Bernardo <samuelbernardo.mail@×××××.com> wrote: |
2 |
> |
3 |
> Hi, |
4 |
> |
5 |
> Sorry if I miss any detail about glsa-check context, but I think that it |
6 |
> misses the CVE[1] id review I left in subject. |
7 |
> |
8 |
|
9 |
A GLSA (see https://security.gentoo.org/glsa <https://security.gentoo.org/glsa>) has not yet been filed |
10 |
for this issue. Once the fixed version (83.0.4103.116) is stabilised, |
11 |
we will release one ASAP. |
12 |
|
13 |
> About chromium stability, what would you advice me, install latest |
14 |
> keyword masked version or wait for next stable version? |
15 |
|
16 |
The new one should be stabled shortly. It’s up to you if you want to |
17 |
install it ahead of time or not. |
18 |
|
19 |
> |
20 |
> The current chromium stable version have also runtime errors using |
21 |
> ffmeg-4.3. [2][3] |
22 |
|
23 |
The new version was added in [1] and you can track the progress |
24 |
of the security bug (search Bugzilla for the CVE(s)) in [2]. |
25 |
|
26 |
There is also a bug [3] for the ffmpeg issue, and the commit [1] |
27 |
adds a dep on an older ffmpeg for now. |
28 |
|
29 |
[1] https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=a21f83685eda6f895c0a6819172172f63395a157 <https://gitweb.gentoo.org/repo/gentoo.git/commit/www-client/chromium?id=a21f83685eda6f895c0a6819172172f63395a157> |
30 |
[2] https://bugs.gentoo.org/729310 <https://bugs.gentoo.org/729310> |
31 |
[3] https://bugs.gentoo.org/728624 |
32 |
|
33 |
|
34 |
Hope this helps. |
35 |
|
36 |
If you ever have any queries about security matters in Gentoo, please |
37 |
feel free to ask this list (or gentoo-security, but it’s less active), or |
38 |
on IRC in the #gentoo-security channel. |
39 |
|
40 |
TL;DR: We’re aware of it, the bug is in progress, will be stabled on amd64 |
41 |
shortly, and a GLSA will follow. No need to worry. :) |
42 |
|
43 |
> |
44 |
> Thanks for your enlightenment |