Summary: | <www-client/chromium-37.0.2062.120: Multiple vulnerabilities (CVE-2014-{3178,3179}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.it/2014/09/stable-channel-update_9.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-09-10 07:22:19 UTC
www-client/chromium-37.0.2062.120 is in the tree. It compiles, but I have not been able to do runtime testing. Nonetheless, I assume it is safe to stabilize on amd64 and x86. Please proceed. CVE-2014-3179 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3179): Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-3178 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3178): Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies. Arches, please test and mark stable: =www-client/chromium-37.0.2062.120 Target Keywords : "amd64 x86" Thank you! amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. New GLSA request filed. cleanup done. This issue was resolved and addressed in GLSA 201409-06 at http://security.gentoo.org/glsa/glsa-201409-06.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |