Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 631784 (CVE-2017-5121, CVE-2017-5122) - <www-client/chromium-61.0.3163.100: multiple vulnerabilities
Summary: <www-client/chromium-61.0.3163.100: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-5121, CVE-2017-5122
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-23 01:25 UTC by Thomas Deutschmann (RETIRED)
Modified: 2017-09-25 22:01 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-61.0.3163.100
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-09-23 01:25:47 UTC
This update includes 3 security fixes. Below, we highlight fixes that were
contributed by external researchers:

- [$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8.
                  Reported by Jordan Rabet, Microsoft Offensive Security
                  Research and Microsoft ChakraCore team on 2017-09-14

- [$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported
                  by Choongwoo Han of Naver Corporation on 2017-08-04
                  
- [767508] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Agostino Sarubbo gentoo-dev 2017-09-25 12:52:39 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-25 13:01:10 UTC
New GLSA Request filed.

Gentoo Security Padawan
ChrisADR
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-09-25 22:01:49 UTC
This issue was resolved and addressed in
 GLSA 201709-25 at https://security.gentoo.org/glsa/201709-25
by GLSA coordinator Aaron Bauman (b-man).