Summary: | <www-client/chromium-5.0.375.86: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2010-06-25 05:39:21 UTC
> Emanuele Gentili for regression discovery.
Luckily he is not with us anymore. x86 stable
amd64 stable Also http://secunia.com/advisories/40351/ . Impact mostly unspecified, so I'm rating this as B3. As such, I vote NO. Also see http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines None of these is rated critical. I'm going to get more info on Monday. [45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar). The above seems to be the most severe vulnerability, allowing a sandbox escape. Combined with another bug in the renderer it might allow remote code execution after enticing the user to visit a malicious website. That might make you consider bumping the severity to B2. [43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team. Issue 43322 (see above) does not affect Gentoo, because we build with -Denable-gpu=0. Thanks for the information, Paweł. Chromium Herd has nothing to do here. The vulnerable versions are no longer in the tree. GLSA 201012-01, thanks everyone. |