Summary: | <www-client/chromium-12.0.742.91-r1: multiple vulnerabilities (CVE-2011-{1808,1809,1810,1811,1812,1813,1814,1815,1816,1817,1818,1819,2332,2342}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexanderyt, chromium, graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-06-07 16:20:42 UTC
Arches, please stabilize =www-client/chromium-12.0.742.91 I think you'll also need =media-libs/libwebp-1.2 both done on amd64 Sorry, reverted keywords because of this www-client/chromium/chromium-12.0.742.91.ebuild: amd64(default/linux/amd64/10 .0) ['>=virtual/ffmpeg-0.6.90[threads]', 'dev-python/pyftpdlib' amd64: To emerge, required following deps: >=media-libs/vo-aacenc-0.1.0 =dev-lang/erlang-14.2.2-r1 >=media-video/ffmpeg-0.6.90_rc0-r2 >=virtual/ffmpeg-0.6.90 dev-python/pyftpdlib >=media-libs/libwebp-0.1.2 emerged straight up. all working Because of bug #371931 we're now back to bundled ffmpeg. Arches, please stabilize =www-client/chromium-12.0.742.91-r1 I think you also need to stabilize: =dev-python/pyftpdlib-0.6.0 (I'm the maintainer, OK to stabilize) =media-libs/libwebp-1.2 ON AMD64: =www-client/chromium-12.0.742.91-r1 OK =media-libs/libwebp-1.2 OK =dev-python/pyftpdlib-0.6.0 Is not pulled in, check if it should pulled in and correct the deps if is necessary, otherwise probably open a new bug? Anyway is ok for me. (In reply to comment #6) > =dev-python/pyftpdlib-0.6.0 Is not pulled in, check if it should pulled in and > correct the deps if is necessary, otherwise probably open a new bug? Are you sure you're running with FEATURES="test"? Thanks for testing. I skip it because requires a different locales, I see is pulled in now. x86 stable. Thanks for the xtra work Pawel amd64 done. Thanks Agostino Thanks, folks. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-2342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2342): The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2011-2332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2332): Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2011-1819 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1819): Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions. CVE-2011-1818 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1818): Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1817): Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2011-1816 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1816): Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1815): Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions. CVE-2011-1814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1814): Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1813): Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1812 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1812): Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions. CVE-2011-1811 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1811): Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-1810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1810): The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2011-1809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1809): Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1808 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1808): Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling. |