From red hat bugzilla at $URL: Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2864 to the following vulnerability: Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." References: [1] http://code.google.com/p/chromium/issues/detail?id=141901 (private) [2] http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html Upstream patch: http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg25207.html
CVE-2012-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2864): Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
Fix was committed upstream: http://cgit.freedesktop.org/mesa/mesa/commit/?id=ff996cafce511dd8a6c4e066e409c23e147a670c It is not yet fixed in the 8.0 branch
Arches, please stabilize media-libs/mesa-8.0.4-r1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 Versions before 8.0 are not affected.
(In reply to comment #3) > Arches, please stabilize media-libs/mesa-8.0.4-r1 > > Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 =media-libs/mesa-8.0.4-r1 =app-admin/eselect-opengl-1.2.6.1 =x11-proto/glproto-1.4.16
amd64 stable
Stable for HPPA.
x86 done
arm stable
alpha/ia64/sh/sparc stable
ppc has a major version stable
ppc64 stable
All arches done.
Thanks, everyone. GLSA draft ready for review.
This issue was resolved and addressed in GLSA 201404-06 at http://security.gentoo.org/glsa/glsa-201404-06.xml by GLSA coordinator Mikle Kolyada (Zlogene).