{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"127.0.6533.119-bp156.2.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"gn","purl":"pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.20240730-bp156.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"rust-bindgen","purl":"pkg:rpm/suse/rust-bindgen&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.69.1-bp156.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"127.0.6533.119-bp156.2.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"gn","purl":"pkg:rpm/suse/gn&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.20240730-bp156.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"rust-bindgen","purl":"pkg:rpm/suse/rust-bindgen&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.69.1-bp156.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"127.0.6533.119-bp156.2.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"gn","purl":"pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.20240730-bp156.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"rust-bindgen","purl":"pkg:rpm/opensuse/rust-bindgen&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.69.1-bp156.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"127.0.6533.119-bp156.2.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"gn","purl":"pkg:rpm/opensuse/gn&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.20240730-bp156.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"127.0.6533.119-bp156.2.14.1","chromium":"127.0.6533.119-bp156.2.14.1","gn":"0.20240730-bp156.2.3.1","rust-bindgen":"0.69.1-bp156.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"rust-bindgen","purl":"pkg:rpm/opensuse/rust-bindgen&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.69.1-bp156.2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium, gn, rust-bindgen fixes the following issues:\n\n- Chromium 127.0.6533.119 (boo#1228941)\n\n  * CVE-2024-7532: Out of bounds memory access in ANGLE\n  * CVE-2024-7533: Use after free in Sharing\n  * CVE-2024-7550: Type Confusion in V8\n  * CVE-2024-7534: Heap buffer overflow in Layout\n  * CVE-2024-7535: Inappropriate implementation in V8\n  * CVE-2024-7536: Use after free in WebAudio\n\n- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)\n\n  * CVE-2024-6988: Use after free in Downloads\n  * CVE-2024-6989: Use after free in Loader\n  * CVE-2024-6991: Use after free in Dawn\n  * CVE-2024-6992: Out of bounds memory access in ANGLE\n  * CVE-2024-6993: Inappropriate implementation in Canvas\n  * CVE-2024-6994: Heap buffer overflow in Layout\n  * CVE-2024-6995: Inappropriate implementation in Fullscreen\n  * CVE-2024-6996: Race in Frames\n  * CVE-2024-6997: Use after free in Tabs\n  * CVE-2024-6998: Use after free in User Education\n  * CVE-2024-6999: Inappropriate implementation in FedCM\n  * CVE-2024-7000: Use after free in CSS. Reported by Anonymous\n  * CVE-2024-7001: Inappropriate implementation in HTML\n  * CVE-2024-7003: Inappropriate implementation in FedCM\n  * CVE-2024-7004: Insufficient validation of untrusted input\n    in Safe Browsing\n  * CVE-2024-7005: Insufficient validation of untrusted input\n    in Safe Browsing\n  * CVE-2024-6990: Uninitialized Use in Dawn\n  * CVE-2024-7255: Out of bounds read in WebTransport\n  * CVE-2024-7256: Insufficient data validation in Dawn\n\ngh:\n\n- Update to version 0.20240730:\n  * Rust: link_output, depend_output and runtime_outputs for dylibs\n  * Add missing reference section to function_toolchain.cc\n  * Do not cleanup args.gn imports located in the output directory.\n  * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule\n  * Do not add native dependencies to the library search path\n  * Support linking frameworks and swiftmodules in Rust targets\n  * [desc] Silence print() statements when outputing json\n  * infra: Move CI/try builds to Ubuntu-22.04\n  * [MinGW] Fix mingw building issues\n  * [gn] Fix 'link' in the //examples/simple_build/build/toolchain/BUILD.gn\n  * [template] Fix 'rule alink_thin' in the //build/build_linux.ninja.template\n  * Allow multiple --ide switches\n  * [src] Add '#include <limits>' in the //src/base/files/file_enumerator_win.cc\n  * Get updates to infra/recipes.py from upstream\n  * Revert 'Teach gn to handle systems with > 64 processors'\n  * [apple] Rename the code-signing properties of create_bundle\n  * Fix a typo in 'gn help refs' output\n  * Revert '[bundle] Use 'phony' builtin tool for create_bundle targets'\n  * [bundle] Use 'phony' builtin tool for create_bundle targets\n  * [ios] Simplify handling of assets catalog\n  * [swift] List all outputs as deps of 'source_set' stamp file\n  * [swift] Update `gn check ...` to consider the generated header\n  * [swift] Set `restat = 1` to swift build rules\n  * Fix build with gcc12\n  * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude()\n  * [swift] Remove problematic use of 'stamp' tool\n  * Implement new --ninja-outputs-file option.\n  * Add NinjaOutputsWriter class\n  * Move InvokePython() function to its own source file.\n  * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat\n  * Enable C++ runtime assertions in debug mode.\n  * Fix regression in MakeRelativePath()\n  * fix: Fix Windows MakeRelativePath.\n  * Add long path support for windows\n  * Ensure read_file() files are considered by 'gn analyze'\n  * apply 2to3 to for some Python scripts\n  * Add rustflags to desc and help output\n  * strings: support case insensitive check only in StartsWith/EndsWith\n  * add .git-blame-ignore-revs\n  * use std::{string,string_view}::{starts_with,ends_with}\n  * apply clang-format to all C++ sources\n  * add forward declaration in rust_values.h\n  * Add `root_patterns` list to build configuration.\n  * Use c++20 in GN build\n  * update windows sdk to 2024-01-11\n  * update windows sdk\n  * Add linux-riscv64.\n  * Update OWNERS list.\n  * remove unused function\n  * Ignore build warning -Werror=redundant-move\n  * Fix --as=buildfile `gn desc deps` output.\n  * Update recipe engine to 9dea1246.\n  * treewide: Fix spelling mistakes\n\nAdded rust-bindgen:\n\n- Version 0.69.1\n","id":"openSUSE-SU-2024:0254-2","modified":"2024-08-18T22:20:17Z","published":"2024-08-18T22:20:17Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KC4DDO3O7C7P2VVA7A7WIO5RVISNZ3HV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228628"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228940"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228941"},{"type":"REPORT","url":"https://bugzilla.suse.com/1228942"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6988"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6989"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6990"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6991"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6992"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6993"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6994"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6997"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6998"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7001"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7003"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7004"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7255"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7256"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7534"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7550"}],"related":["CVE-2024-6988","CVE-2024-6989","CVE-2024-6990","CVE-2024-6991","CVE-2024-6992","CVE-2024-6993","CVE-2024-6994","CVE-2024-6995","CVE-2024-6996","CVE-2024-6997","CVE-2024-6998","CVE-2024-6999","CVE-2024-7000","CVE-2024-7001","CVE-2024-7003","CVE-2024-7004","CVE-2024-7005","CVE-2024-7255","CVE-2024-7256","CVE-2024-7532","CVE-2024-7533","CVE-2024-7534","CVE-2024-7535","CVE-2024-7536","CVE-2024-7550"],"summary":"Security update for chromium, gn, rust-bindgen","upstream":["CVE-2024-6988","CVE-2024-6989","CVE-2024-6990","CVE-2024-6991","CVE-2024-6992","CVE-2024-6993","CVE-2024-6994","CVE-2024-6995","CVE-2024-6996","CVE-2024-6997","CVE-2024-6998","CVE-2024-6999","CVE-2024-7000","CVE-2024-7001","CVE-2024-7003","CVE-2024-7004","CVE-2024-7005","CVE-2024-7255","CVE-2024-7256","CVE-2024-7532","CVE-2024-7533","CVE-2024-7534","CVE-2024-7535","CVE-2024-7536","CVE-2024-7550"]}