Release notes in URL.
Which v8 version we need to stabilize?
Lets do v8-3.17.16.2.
Actually, phajdan says he is bumping v8, so use what he says.
(In reply to comment #3) > Actually, phajdan says he is bumping v8, so use what he says. Thanks for asking and waiting. Please do v8-3.17.6.14 . It's deliberately lower version number than existing ~arch ebuilds, and that's what omahaproxy.appspot.com says Google used for Chrome 27.0.1453.93 .
(In reply to comment #4) > (In reply to comment #3) > > Actually, phajdan says he is bumping v8, so use what he says. > > Thanks for asking and waiting. Please do v8-3.17.6.14 . > > It's deliberately lower version number than existing ~arch ebuilds, and > that's what omahaproxy.appspot.com says Google used for Chrome 27.0.1453.93 . It needs =media-video/ffmpeg-1.0.7 what we should do?
(In reply to comment #5) > It needs =media-video/ffmpeg-1.0.7 what we should do? Hmm... I wonder why repoman doesn't catch that.
Oh, the www-cliennt/chromium[system-ffmpeg] use flag is stable-masked. So no, ffmpeg-1.0.7 is NOT required.
(In reply to Mike Gilbert from comment #2) > Lets do v8-3.17.16.2. That version is no longer in portage.
(In reply to Richard Freeman from comment #8) > That version is no longer in portage. Please see comment 3 and comment 4. :)
I didn't see any comment here, but this is stabilized on all platforms. The security team can wrap this up.
Thanks for your work Added to existing GLSA request
CVE-2013-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849): Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. CVE-2013-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847): Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2013-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846): Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840. CVE-2013-2845 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845): The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844): Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. CVE-2013-2843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843): Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data. CVE-2013-2842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842): Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. CVE-2013-2841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841): Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources. CVE-2013-2840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840): Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846. CVE-2013-2839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839): Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-2838 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838): Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837): Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836): Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle).