Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 380311 - <www-client/chromium-13.0.782.215: multiple vulnerabilities (CVE-2011-{2823,2824,2825,2826,2827,2828,2829})
Summary: <www-client/chromium-13.0.782.215: multiple vulnerabilities (CVE-2011-{2823,2...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-23 02:46 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-09-11 00:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-23 02:46:45 UTC
Gentoo is _not_ affected by CVE-2011-2839 (we don't ship binary PDF plugin).

CVE-2011-2821 is vulnerability in libxml, we use the system one (it should be checked).
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-23 02:47:45 UTC
Arches, please stabilize =www-client/chromium-13.0.782.215
Comment 2 Agostino Sarubbo gentoo-dev 2011-08-23 09:56:15 UTC
amd64 ok as usual
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2011-08-23 17:10:45 UTC
amd64 done. Thanks Agostino
Comment 4 Thomas Kahle (RETIRED) gentoo-dev 2011-08-24 11:16:36 UTC
x86 done. Thanks
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-08-24 15:00:15 UTC
Thanks, folks. Added to existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:59 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:03:57 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:40:30 UTC
CVE-2011-2829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2829):
  Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors involving uniform arrays.

CVE-2011-2828 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2828):
  Google V8, as used in Google Chrome before 13.0.782.215, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors that trigger an out-of-bounds write.

CVE-2011-2827 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2827):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to text searching.

CVE-2011-2826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2826):
  Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same
  Origin Policy via vectors related to empty origins.

CVE-2011-2825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2825):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving custom fonts.

CVE-2011-2824 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2824):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving counter nodes.

CVE-2011-2823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2823):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving a line box.