Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 390779 (CVE-2011-3900)

Summary: <www-client/{chromium-15.0.874.121,google-chrome-15.0.874.121_p109964}, <dev-lang/v8-3.5.10.24: Out-of-bounds write in v8 (CVE-2011-3900)
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2011-11-17 03:07:19 UTC
See URL for release notes.
Comment 1 Mike Gilbert gentoo-dev 2011-11-17 03:08:52 UTC
google-chrome and v8 have been bumped. Compiling chromium now.
Comment 2 Mike Gilbert gentoo-dev 2011-11-17 03:19:36 UTC
Ago, Paweł: Please stabilize on amd64 and x86.

=dev-lang/v8-3.5.10.24
=www-client/chromium-15.0.874.12
Comment 3 Mike Gilbert gentoo-dev 2011-11-17 03:20:13 UTC
Err, that should be:

=www-client/chromium-15.0.874.121
Comment 4 Agostino Sarubbo gentoo-dev 2011-11-17 11:25:00 UTC
both ok
Comment 5 Tony Vroon (RETIRED) gentoo-dev 2011-11-17 11:38:10 UTC
+  17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> v8-3.5.10.24.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #390779. I am told that Mike Gilbert feels 1 AT report is
+  sufficient.

+  17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> chromium-15.0.874.121.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #390779. I am told that Mike Gilbert feels 1 AT report is
+  sufficient.
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-18 10:32:52 UTC
x86 stable, GLSA draft ready
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-18 19:12:51 UTC
CVE-2011-3900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3900):
  Google V8, as used in Google Chrome before 15.0.874.121, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors that trigger an out-of-bounds write operation.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2011-11-19 16:43:03 UTC
This issue was resolved and addressed in
 GLSA 201111-05 at http://security.gentoo.org/glsa/glsa-201111-05.xml
by GLSA coordinator Tim Sammut (underling).