See URL.
Please stabilize: =dev-lang/v8-3.11.10.20 =www-client/chromium-21.0.1180.89
CVE-2012-{2870,2871} are bugs in system libxslt, handled in bug #433603
amd64 stable
x86 stable since 2 Sep, GLSA draft ready.
CVE-2012-2872 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872): Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2012-2869 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869): Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." CVE-2012-2868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868): Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. CVE-2012-2867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867): The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2012-2866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866): Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. CVE-2012-2865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865): Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
This issue was resolved and addressed in GLSA 201210-07 at http://security.gentoo.org/glsa/glsa-201210-07.xml by GLSA coordinator Sean Amoss (ackle).