Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 479048 (CVE-2013-2881) - <www-client/chromium-28.0.1500.95 multiple vulnerabilities (CVE-2013-{2881,2882,2883,2884,2885,2886})
Summary: <www-client/chromium-28.0.1500.95 multiple vulnerabilities (CVE-2013-{2881,28...
Status: RESOLVED FIXED
Alias: CVE-2013-2881
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-31 00:22 UTC by Mike Gilbert
Modified: 2013-09-25 00:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2013-07-31 00:22:53 UTC 
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-07-31 00:25:04 UTC 
Please stabilize on amd64 and x86.

=dev-lang/v8-3.18.5.14
=www-client/chromium-28.0.1500.95
Comment 2 Agostino Sarubbo gentoo-dev 2013-07-31 08:47:21 UTC 
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-07-31 10:02:54 UTC 
amd64 stable
Comment 4 Sergey Popov gentoo-dev 2013-08-22 08:46:11 UTC 
Thanks for your work

Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 02:50:20 UTC 
CVE-2013-2886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886):
  Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-2885 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885):
  Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to not properly considering focus during
  the processing of JavaScript events in the presence of a multiple-fields
  input type.

CVE-2013-2884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884):
  Use-after-free vulnerability in the DOM implementation in Google Chrome
  before 28.0.1500.95 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via vectors related to improper
  tracking of which document owns an Attr object.

CVE-2013-2883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883):
  Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to deleting the registration of a
  MutationObserver object.

CVE-2013-2882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882):
  Google V8, as used in Google Chrome before 28.0.1500.95, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors that leverage "type confusion."

CVE-2013-2881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881):
  Google Chrome before 28.0.1500.95 does not properly handle frames, which
  allows remote attackers to bypass the Same Origin Policy via a crafted web
  site.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-09-25 00:10:53 UTC 
This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).