| Summary: | <www-client/{chromium-15.0.874.121,google-chrome-15.0.874.121_p109964}, <dev-lang/v8-3.5.10.24: Out-of-bounds write in v8 (CVE-2011-3900) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ago, chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Mike Gilbert
2011-11-17 03:07:19 UTC
google-chrome and v8 have been bumped. Compiling chromium now. Ago, Paweł: Please stabilize on amd64 and x86. =dev-lang/v8-3.5.10.24 =www-client/chromium-15.0.874.12 Err, that should be: =www-client/chromium-15.0.874.121 both ok + 17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> v8-3.5.10.24.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in + security bug #390779. I am told that Mike Gilbert feels 1 AT report is + sufficient. + 17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> chromium-15.0.874.121.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in + security bug #390779. I am told that Mike Gilbert feels 1 AT report is + sufficient. x86 stable, GLSA draft ready CVE-2011-3900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3900): Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation. This issue was resolved and addressed in GLSA 201111-05 at http://security.gentoo.org/glsa/glsa-201111-05.xml by GLSA coordinator Tim Sammut (underling). |