Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636800 (CVE-2017-15398, CVE-2017-15399) - <www-client/chromium-62.0.3202.89 <www-client/google-chrome-62.0.3202.89 Stack buffer overflow in QUIC and Use after free in V8
Summary: <www-client/chromium-62.0.3202.89 <www-client/google-chrome-62.0.3202.89 Stac...
Status: RESOLVED FIXED
Alias: CVE-2017-15398, CVE-2017-15399
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-07 15:56 UTC by Mike Gilbert
Modified: 2017-11-10 17:34 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-62.0.3202.89
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2017-11-07 15:56:44 UTC 
This update includes 2 security fix contributed by an external researcher, detailed below. Please see the Chrome Security Page for more information.

[$TBD][777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson on 2017-10-24

[$7500][776677] High CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-10-20
Comment 1 Agostino Sarubbo gentoo-dev 2017-11-08 19:37:09 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-09 16:26:25 UTC 
Added to an existing GLSA.

Thank you
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-11-10 16:05:01 UTC 
This issue was resolved and addressed in
 GLSA 201711-02 at https://security.gentoo.org/glsa/201711-02
by GLSA coordinator Aaron Bauman (b-man).
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-11-10 16:07:12 UTC 
re-opened for cleanup.