Comment 1 Mike Gilbert 2013-12-05 06:22:59 UTC

Please stabilize on amd64 and x86.

=www-client/chromium-31.0.1650.63

Comment 2 Richard Freeman 2013-12-05 15:14:21 UTC

amd64 stable

Comment 3 Agostino Sarubbo 2013-12-06 20:42:22 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 4 GLSAMaker/CVETool Bot 2013-12-09 05:48:34 UTC

CVE-2013-6640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640):
  The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before
  3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote
  attackers to cause a denial of service (out-of-bounds read) via JavaScript
  code that sets a variable to the value of an array element with a crafted
  index.

CVE-2013-6639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639):
  The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before
  3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote
  attackers to cause a denial of service (out-of-bounds write) or possibly
  have unspecified other impact via JavaScript code that sets the value of an
  array element with a crafted index.

CVE-2013-6638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638):
  Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as
  used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors that
  trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize
  and (2) Runtime_TypedArrayInitializeFromArrayLike functions.

CVE-2013-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637):
  Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-6636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636):
  The FrameLoader::notifyIfInitialDocumentAccessed function in
  core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before
  31.0.1650.63, makes an incorrect check for an empty document during
  presentation of a modal dialog, which allows remote attackers to spoof the
  address bar via vectors involving the document.write method.

CVE-2013-6635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635):
  Use-after-free vulnerability in the editing implementation in Blink, as used
  in Google Chrome before 31.0.1650.63, allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via JavaScript
  code that triggers removal of a node during processing of the DOM tree,
  related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.

CVE-2013-6634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634):
  The OneClickSigninHelper::ShowInfoBarIfPossible function in
  browser/ui/sync/one_click_signin_helper.cc in Google Chrome before
  31.0.1650.63 uses an incorrect URL during realm validation, which allows
  remote attackers to conduct session fixation attacks and hijack web sessions
  by triggering improper sync after a 302 (aka Found) HTTP status code.

Comment 5 Sergey Popov 2013-12-17 07:12:34 UTC

Cleanup was done, adding to existing GLSA request

Comment 6 GLSAMaker/CVETool Bot 2014-03-05 11:23:32 UTC

This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).