Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 390779 (CVE-2011-3900) - <www-client/{chromium-15.0.874.121,google-chrome-15.0.874.121_p109964}, <dev-lang/v8-3.5.10.24: Out-of-bounds write in v8 (CVE-2011-3900)
Summary: <www-client/{chromium-15.0.874.121,google-chrome-15.0.874.121_p109964}, <dev-...
Status: RESOLVED FIXED
Alias: CVE-2011-3900
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-17 03:07 UTC by Mike Gilbert
Modified: 2011-11-19 16:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2011-11-17 03:07:19 UTC
See URL for release notes.
Comment 1 Mike Gilbert gentoo-dev 2011-11-17 03:08:52 UTC
google-chrome and v8 have been bumped. Compiling chromium now.
Comment 2 Mike Gilbert gentoo-dev 2011-11-17 03:19:36 UTC
Ago, Paweł: Please stabilize on amd64 and x86.

=dev-lang/v8-3.5.10.24
=www-client/chromium-15.0.874.12
Comment 3 Mike Gilbert gentoo-dev 2011-11-17 03:20:13 UTC
Err, that should be:

=www-client/chromium-15.0.874.121
Comment 4 Agostino Sarubbo gentoo-dev 2011-11-17 11:25:00 UTC
both ok
Comment 5 Tony Vroon gentoo-dev 2011-11-17 11:38:10 UTC
+  17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> v8-3.5.10.24.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #390779. I am told that Mike Gilbert feels 1 AT report is
+  sufficient.

+  17 Nov 2011; Tony Vroon <chainsaw@gentoo.org> chromium-15.0.874.121.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in
+  security bug #390779. I am told that Mike Gilbert feels 1 AT report is
+  sufficient.
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-18 10:32:52 UTC
x86 stable, GLSA draft ready
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-18 19:12:51 UTC
CVE-2011-3900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3900):
  Google V8, as used in Google Chrome before 15.0.874.121, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors that trigger an out-of-bounds write operation.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2011-11-19 16:43:03 UTC
This issue was resolved and addressed in
 GLSA 201111-05 at http://security.gentoo.org/glsa/glsa-201111-05.xml
by GLSA coordinator Tim Sammut (underling).