Comment 1 Mike Gilbert 2013-08-21 16:03:41 UTC

Please stabilize on amd64 and x86.

=dev-lang/v8-3.19.18.19
=www-client/chromium-29.0.1547.57

Comment 2 Agostino Sarubbo 2013-08-21 21:39:54 UTC

x86 stable

Comment 3 Sergey Popov 2013-08-22 08:21:20 UTC

Thanks for your work.

New GLSA request filed.

Comment 4 GLSAMaker/CVETool Bot 2013-08-27 02:13:08 UTC

CVE-2013-2905 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905):
  The SharedMemory::Create function in memory/shared_memory_posix.cc in Google
  Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which
  allows attackers to obtain sensitive information via direct access to a
  POSIX shared-memory file.

CVE-2013-2904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904):
  Use-after-free vulnerability in the Document::finishedParsing function in
  core/dom/Document.cpp in Blink, as used in Google Chrome before
  29.0.1547.57, allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via an onload event that changes an
  IFRAME element so that its src attribute is no longer an XML document,
  leading to unintended garbage collection of this document.

CVE-2013-2903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903):
  Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument
  function in core/html/HTMLMediaElement.cpp in Blink, as used in Google
  Chrome before 29.0.1547.57, allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via vectors involving
  moving a (1) AUDIO or (2) VIDEO element between documents.

CVE-2013-2902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902):
  Use-after-free vulnerability in the XSLT ProcessingInstruction
  implementation in Blink, as used in Google Chrome before 29.0.1547.57,
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to an applyXSLTransform call
  involving (1) an HTML document or (2) an xsl:processing-instruction element
  that is still in the process of loading.

CVE-2013-2901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901):
  Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2)
  libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine
  (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors.

CVE-2013-2900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900):
  The FilePath::ReferencesParent function in files/file_path.cc in Google
  Chrome before 29.0.1547.57 on Windows does not properly handle pathname
  components composed entirely of . (dot) and whitespace characters, which
  allows remote attackers to conduct directory traversal attacks via a crafted
  directory name.

CVE-2013-2887 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887):
  Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

Comment 5 GLSAMaker/CVETool Bot 2013-09-25 00:10:55 UTC

This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).