Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 397907 - <www-client/chromium-16.0.912.75: Multiple vulnerabilities (CVE-2011-{3921,3922})
Summary: <www-client/chromium-16.0.912.75: Multiple vulnerabilities (CVE-2011-{3921,39...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-06 15:53 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-02-21 04:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-06 15:53:56 UTC
Release notes http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

We're stabilizing www-client/chromium-16.0.912.75
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-06 16:01:17 UTC
x86 stable
Comment 2 Richard Freeman gentoo-dev 2012-01-06 18:35:15 UTC
amd64 stable
Comment 3 Sean Amoss gentoo-dev Security 2012-01-06 18:44:23 UTC
Thanks, everyone. Already added to a GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-01-08 05:19:59 UTC
This issue was resolved and addressed in
 GLSA 201201-03 at http://security.gentoo.org/glsa/glsa-201201-03.xml
by GLSA coordinator Tim Sammut (underling).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-02-21 04:01:05 UTC
CVE-2011-3922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3922):
  Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to glyph handling.

CVE-2011-3921 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3921):
  Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving animation frames.