Chromium on Stretch

New to Debian (Or Linux in general)? Ask your questions here!

Chromium on Stretch

Postby debiantu » 2017-07-20 16:22

Been running Debian 9 as a desktop machine and been very happy with it.

I do realize that by using the stable version of Debian, software won't be updated (generally) and only patched for security/usability issues.

I've read the release notes for Stretch and found the following:
https://www.debian.org/releases/stable/ ... r-security

Chromium and Firefox are the only two browsers recommended for Stretch. What does it mean that Chromium is a leaf package? My take on it - it means that Stretch will get the new version of Chromium when it becomes available.

So for Debian 9 - the current version of Chromium is 59.0.3071.86-1.

From the Debian page on source packages for Chromium:
https://security-tracker.debian.org/tra ... um-browser

I see that there's still some vulnerabilities for Chromium in Stretch but there's a newer version of Chromium that do not have known vulnerabilities in Buster.

I do realize that Buster is the next release of Debian - but Chromium is a leaf package - so why isn't Stretch getting the newer version? Or are the Debian Devs trying to backport the new fixes from the newer version into 59.0.3071.86-1?

thanks!
debiantu
 
Posts: 16
Joined: 2017-03-18 22:41

Re: Chromium on Stretch

Postby wizard10000 » 2017-07-20 16:40

If you look at the three CVE that haven't been updated for Stretch you'll see that the CVE numbers are reserved but there's no vulnerability listed in CVE, NVD or CERT for any of the three CVE numbers.

https://cve.mitre.org/cgi-bin/cvename.c ... -2017-5089

https://cve.mitre.org/cgi-bin/cvename.c ... -2017-5088

https://cve.mitre.org/cgi-bin/cvename.c ... -2017-5087

Can't patch a vulnerability that doesn't exist yet :D

BTW, I've seen stable get chromium security updates faster than Sid.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1143
Joined: 2011-05-09 20:02
Location: midwestern us

Re: Chromium on Stretch

Postby debiantu » 2017-07-31 11:45

Now Chromium has more issues as you can see in the link I provided.

Chromium is a leaf package which would mean it should be updated to the latest version - right? What does it mean when a piece of software is a "leaf package" in Debian?

From what I read.. it appears to me that version 60.0.3112.78-1 is the latest one now for Chromium so why don't we have that in Stretch?

I do see that the CVEs are "reserved" until they publish the issues - but elsewhere I see that the issues are resolved in version 60.0.3112.78-1.

So on one hand.. it make sense until we wait for the issues to be published.. but on the other hand.. my understanding of what leaf packages are in Debian - the latest version of Chromium isn't available yet.
debiantu
 
Posts: 16
Joined: 2017-03-18 22:41

Re: Chromium on Stretch

Postby Lysander » 2017-07-31 14:18

Not a composite answer to the OP but I will say that having used Chromium, Firefox, Opera and Vivaldi, Chromium performs the best out of those mentioned in Stretch. In spite of that I use Opera as my default, mostly out of long-term habit.
User avatar
Lysander
 
Posts: 278
Joined: 2017-02-23 10:07
Location: London

Re: Chromium on Stretch

Postby Kryten » 2017-08-01 20:13

Leaf package in a debian system is one where no other package in that system depends on it.
Need backports to get newer version.Should get security updates for it though.
Kryten
 
Posts: 24
Joined: 2015-11-05 01:32

Re: Chromium on Stretch

Postby debiantu » 2017-08-05 11:53

Kryten wrote:Leaf package in a debian system is one where no other package in that system depends on it.
Need backports to get newer version.Should get security updates for it though.


Thanks for telling me what a Leaf package is.

Chromium was just updated to the version I mentioned back in July - so at this point in time.. no known vulnerabilities for Chromium! I'm guessing the reason why it took time to show up in Stretch repos is that it has to go through testing - is that right?

thanks!
debiantu
 
Posts: 16
Joined: 2017-03-18 22:41

Re: Chromium on Stretch

Postby wizard10000 » 2017-08-05 12:47

debiantu wrote:...I'm guessing the reason why it took time to show up in Stretch repos is that it has to go through testing - is that right?


Can't say for sure but the fact that the CVE numbers were reserved and not immediately published kinda leads me to believe the vulnerabilities were discovered by Google. I might be way wrong but I don't think Debian's security team is going to take action until there's an actual vulnerability identified and remediated.
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1143
Joined: 2011-05-09 20:02
Location: midwestern us

Re: Chromium on Stretch

Postby None1975 » 2017-08-07 14:56

Today 2017-08-07, chromium in debian 9 was updated to version 60.0.3112.78
Image
OS: Debian 9.1 / WM: I3, branch "gaps-next"
Debian Wiki | DontBreakDebian
User avatar
None1975
 
Posts: 129
Joined: 2015-11-29 18:23
Location: Lithuania

Re: Chromium on Stretch

Postby RU55EL » 2017-08-07 17:26

Yep, here too...

Version 60.0.3112.78 (Developer Build) built on Debian 9.1, running on Debian 9.1 (64-bit)
User avatar
RU55EL
 
Posts: 229
Joined: 2014-04-07 03:42
Location: /home/russel


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable