Release notes in URL.
Bug 456874 is a dependency. Please stabilize: =dev-lang/v8-3.15.11.15 =www-client/chromium-25.0.1364.97
CVE-2013-0886 is Mac-only. CVE-2013-0900 may affect dev-libs/icu.
(In reply to comment #2) > CVE-2013-0886 is Mac-only. > CVE-2013-0900 may affect dev-libs/icu. @Mike: do you happen to have some sensible link for the cve description? My googling seems not to be sufficient
amd64 stable
x86 stable
(In reply to comment #3) > @Mike: do you happen to have some sensible link for the cve description? My > googling seems not to be sufficient I suspect the CVE database has not been updated yet. Once it has, the link below should return something useful. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900
Thanks, Mike! Added to existing GLSA draft.
@openoffice: I did a little digging, and found the changeset addressing CVE-2013-0900. http://src.chromium.org/viewvc/chrome?view=rev&revision=172827 It refers the this ICU ticket, which appears to be locked. http://bugs.icu-project.org/trac/ticket/9737
CVE-2013-0899 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899): Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. CVE-2013-0898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898): Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. CVE-2013-0897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897): Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. CVE-2013-0896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-0895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895): Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. CVE-2013-0894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894): Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. CVE-2013-0893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893): Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. CVE-2013-0892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892): Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-0891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891): Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob. CVE-2013-0890 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890): Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. CVE-2013-0889 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. CVE-2013-0888 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888): Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-0887 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887): The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. CVE-2013-0885 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. CVE-2013-0884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. CVE-2013-0883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883): Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. CVE-2013-0882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. CVE-2013-0881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. CVE-2013-0880 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880): Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. CVE-2013-0879 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879): Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
We have separate bug as of now.
This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle).