Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 397907

Summary: <www-client/chromium-16.0.912.75: Multiple vulnerabilities (CVE-2011-{3921,3922})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-06 15:53:56 UTC 
Release notes http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

We're stabilizing www-client/chromium-16.0.912.75
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-06 16:01:17 UTC 
x86 stable
Comment 2 Richard Freeman gentoo-dev 2012-01-06 18:35:15 UTC 
amd64 stable
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-06 18:44:23 UTC 
Thanks, everyone. Already added to a GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-01-08 05:19:59 UTC 
This issue was resolved and addressed in
 GLSA 201201-03 at http://security.gentoo.org/glsa/glsa-201201-03.xml
by GLSA coordinator Tim Sammut (underling).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-02-21 04:01:05 UTC 
CVE-2011-3922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3922):
  Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to glyph handling.

CVE-2011-3921 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3921):
  Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving animation frames.