Re: Is chromium updated?

To: l0f4r0@tuta.io
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: Is chromium updated?
From: Georgi Guninski <gguninski@gmail.com>
Date: Thu, 12 Nov 2020 09:55:46 +0200
Message-id: <[🔎] CAGUWgD9c_=wGbfeM-qjLBvd63DwLEPRdhsmbafvO39srWoSsXQ@mail.gmail.com>
In-reply-to: <[🔎] MLsq3Rn--B-2@tuta.io>
References: <CAGUWgD_t4rQkVFgzWbQJshZFskMjibMy9hAhGunHPP2f-CmLeg@mail.gmail.com> <MJrpCD7--3-2@tuta.io> <[🔎] CAGUWgD9swGqjAnLFFU1=XLxVu11Xd4VM=WbPNrtQyvqHW_v8kg@mail.gmail.com> <[🔎] MLsq3Rn--B-2@tuta.io>

On Wed, Nov 11, 2020 at 9:46 PM <l0f4r0@tuta.io> wrote:
>

> Regarding CVE-2020-16009 <https://security.archlinux.org/CVE-2020-16009>, it seems that some distros like Arch [1] have already updated their chromium packages but no Debian yet. Right?
>

Right.

> Is it just a matter of extracting the security fix from 86.0.4240.183, packaging it accordingly and pushing in a new version in Debian repositories?
>

There are more than one vulnerabilities to fix.

I have about 10 years experience consulting Mozilla for
their browsers and I recommend Debian to update to
the closest to Chromium stable. Definitely not all security
bugs get CVE and some CVEs are "multiple vulnerabilities in X".

Reply to:

References:
- Re: Is chromium updated?
  - From: Georgi Guninski <gguninski@gmail.com>
- Re: Is chromium updated?
  - From: l0f4r0@tuta.io

Prev by Date: Re: Is chromium updated?
Next by Date: Re: /home/loser is with permissions 755, default umask 0022
Previous by thread: Re: Is chromium updated?
Next by thread: Re: Is chromium updated?
Index(es):
- Date
- Thread