Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 488148 (CVE-2013-2925) - <www-client/chromium-30.0.1599.101 use after free in various modules (CVE-2013-{2925,2926,2927,2928})
Summary: <www-client/chromium-30.0.1599.101 use after free in various modules (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2013-2925
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-16 00:16 UTC by Mike Gilbert
Modified: 2014-03-05 11:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2013-10-16 00:16:57 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-10-16 00:18:27 UTC
Please stabilize on amd64 and x86.

=dev-lang/v8-3.20.17.15
=www-client/chromium-30.0.1599.101
Comment 2 Agostino Sarubbo gentoo-dev 2013-10-16 12:48:10 UTC
amd64 and x86 stable
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-10-18 13:58:48 UTC
Added to existing GLSA draft.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:07:50 UTC
CVE-2013-2928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928):
  Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-2927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927):
  Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission
  function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
  before 30.0.1599.101, allows remote attackers to cause a denial of service
  or possibly have unspecified other impact via vectors related to submission
  for FORM elements.

CVE-2013-2926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926):
  Use-after-free vulnerability in the
  IndentOutdentCommand::tryIndentingAsListItem function in
  core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome
  before 30.0.1599.101, allows user-assisted remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors
  related to list elements.

CVE-2013-2925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925):
  Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as
  used in Google Chrome before 30.0.1599.101, allows remote attackers to cause
  a denial of service or possibly have unspecified other impact via vectors
  that trigger multiple conflicting uses of the same XMLHttpRequest object.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:26 UTC
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).