Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 437984 (CVE-2012-5112) - <www-client/chromium-22.0.1229.94 SVG use-after-free and IPC arbitrary file write (CVE-2012-{5112,5376})
Summary: <www-client/chromium-22.0.1229.94 SVG use-after-free and IPC arbitrary file w...
Alias: CVE-2012-5112
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Depends on:
Reported: 2012-10-11 14:30 UTC by Mike Gilbert
Modified: 2012-10-21 15:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2012-10-11 14:30:35 UTC
See release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2012-10-11 14:33:42 UTC
Please stabilize.

Comment 2 Agostino Sarubbo gentoo-dev 2012-10-11 17:22:08 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2012-10-11 21:11:19 UTC
x86 done, please proceed with the glsa.
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-10-12 22:49:21 UTC
(In reply to comment #3)
> x86 done, please proceed with the glsa.

Thanks, GLSA draft updated and *ping* security, the draft is sitting there since Sep 6th.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 21:17:11 UTC
CVE-2012-5376 (
  The Inter-process Communication (IPC) implementation in Google Chrome before
  22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions
  and write to arbitrary files by leveraging access to a renderer process, a
  different vulnerability than CVE-2012-5112.

CVE-2012-5112 (
  Use-after-free vulnerability in the SVG implementation in WebKit, as used in
  Google Chrome before 22.0.1229.94, allows remote attackers to execute
  arbitrary code via unspecified vectors.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-10-21 15:43:37 UTC
This issue was resolved and addressed in
 GLSA 201210-07 at
by GLSA coordinator Sean Amoss (ackle).