Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 631784 (CVE-2017-5121, CVE-2017-5122)

Summary: <www-client/chromium-61.0.3163.100: multiple vulnerabilities
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
Whiteboard: A2 [glsa cve cleanup]
Package list:
www-client/chromium-61.0.3163.100
Runtime testing required: ---

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-09-23 01:25:47 UTC
This update includes 3 security fixes. Below, we highlight fixes that were
contributed by external researchers:

- [$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8.
                  Reported by Jordan Rabet, Microsoft Offensive Security
                  Research and Microsoft ChakraCore team on 2017-09-14

- [$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported
                  by Choongwoo Han of Naver Corporation on 2017-08-04
                  
- [767508] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Agostino Sarubbo gentoo-dev 2017-09-25 12:52:39 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-25 13:01:10 UTC
New GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-09-25 22:01:49 UTC
This issue was resolved and addressed in
 GLSA 201709-25 at https://security.gentoo.org/glsa/201709-25
by GLSA coordinator Aaron Bauman (b-man).