| Summary: | <www-client/chromium-10.0.648.204: multiple vulnerabilities (CVE-2011-{1291,1292,1293,1294,1295,1296}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Paweł Hajdan, Jr. (RETIRED)
2011-03-25 09:53:54 UTC
Arches, please stabilize =www-client/chromium-10.0.648.204 amd64 ok ( anyway if you want check, there are some part that compiling without respecting user cflags ) amd64 done, thanks Agostino x86 stable, last arch, whiteboard updated Thanks, folks. Added to existing GLSA request. @fauli: please never set a whiteboard of "[glsa]", we set it after having filed a glsa only. By setting it yourself, security might think that this bug was already handled or could at least get confused. ;) This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-1296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1296): Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1295): WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. CVE-2011-1294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1294): Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1293): Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1292): Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1291): Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error." |
