Summary: | <www-client/chromium-20.0.1132.57 : use-after-free vulnerability (CVE-2012-{2842,2843}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2012-07-11 21:14:02 UTC
Let's stabilize it. =dev-lang/v8-3.10.8.20 =www-client/chromium/20.0.1132.57 amd64 stable x86 stable CVE-2012-2843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843): Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking. CVE-2012-2842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842): Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling. Thanks, everyone. GLSA draft is ready and needs 1 more approval. This issue was resolved and addressed in GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml by GLSA coordinator Sean Amoss (ackle). |