Re: Is chromium updated?
On Wed, Nov 11, 2020 at 9:46 PM <l0f4r0@tuta.io> wrote:
>
> Regarding CVE-2020-16009 <https://security.archlinux.org/CVE-2020-16009>, it seems that some distros like Arch [1] have already updated their chromium packages but no Debian yet. Right?
>
Right.
> Is it just a matter of extracting the security fix from 86.0.4240.183, packaging it accordingly and pushing in a new version in Debian repositories?
>
There are more than one vulnerabilities to fix.
I have about 10 years experience consulting Mozilla for
their browsers and I recommend Debian to update to
the closest to Chromium stable. Definitely not all security
bugs get CVE and some CVEs are "multiple vulnerabilities in X".
Reply to: