444826 – (CVE-2012-5130) <www-client/chromium-23.0.1271.91 multiple vulnerabilites (CVE-2012-{5130,5132,5133,5135,5136})

Bug 444826 (CVE-2012-5130) - <www-client/chromium-23.0.1271.91 multiple vulnerabilites (CVE-2012-{5130,5132,5133,5135,5136})

Summary: <www-client/chromium-23.0.1271.91 multiple vulnerabilites (CVE-2012-{5130,513...

Status:	RESOLVED FIXED

Alias:	CVE-2012-5130

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	http://googlechromereleases.blogspot....
Whiteboard:	A2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-11-26 18:37 UTC by Mike Gilbert
Modified:	2013-09-25 00:10 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2012-5134
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Gilbert gentoo-dev

2012-11-26 18:37:55 UTC

Release notes in URL.

Comment 1 Mike Gilbert gentoo-dev

2012-11-26 18:41:31 UTC

CVE-2012-5131 is Mac-specific
CVS-2012-5134 appears to be a libxml bug; we use the system library

I should have a version bump committed this evening.

Comment 2 Mike Gilbert gentoo-dev

2012-11-27 03:01:14 UTC

Please stabilize.

=www-client/chromium-23.0.1271.91

Comment 3 Agostino Sarubbo gentoo-dev

2012-11-27 12:19:30 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2012-11-27 12:19:40 UTC

x86 stable

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2012-11-28 22:41:56 UTC

CVE-2012-5136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136):
  Google Chrome before 23.0.1271.91 does not properly perform a cast of an
  unspecified variable during handling of the INPUT element, which allows
  remote attackers to cause a denial of service or possibly have unknown other
  impact via a crafted HTML document.

CVE-2012-5135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135):
  Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to printing.

CVE-2012-5133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133):
  Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to SVG filters.

CVE-2012-5132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132):
  Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial
  of service (application crash) via a response with chunked transfer coding.

CVE-2012-5130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130):
  Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers
  to cause a denial of service (out-of-bounds read) via unspecified vectors.

Comment 6 Sean Amoss (RETIRED) gentoo-dev

2012-11-29 16:43:30 UTC

Added to existing GLSA draft.

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2013-09-25 00:10:29 UTC

This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).