ASA-201911-7 log generated external raw

[ASA-201911-7] electron: arbitrary code execution
Arch Linux Security Advisory ASA-201911-7 ========================================= Severity: Critical Date : 2019-11-04 CVE-ID : CVE-2019-13720 Package : electron Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1061 Summary ======= The package electron before version 7.0.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 7.0.1-1. # pacman -Syu "electron>=7.0.1-1" The problem has been fixed upstream in version 7.0.1. Workaround ========== None. Description =========== A use-after-free vulnerability has been found in the audio component of the chromium browser before 78.0.3904.87. Google is aware of reports that an exploit for this vulnerability exists in the wild. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://github.com/electron/electron/commit/25b3ee29cf9a8e3f59dcbabf7345b5b1360cd056 https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html https://crbug.com/1019226 https://security.archlinux.org/CVE-2019-13720