Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 358581 (CVE-2011-1290) - <www-client/chromium-10.0.648.133: Memory corruption in style handling (CVE-2011-1290)
Summary: <www-client/chromium-10.0.648.133: Memory corruption in style handling (CVE-2...
Alias: CVE-2011-1290
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Depends on:
Reported: 2011-03-12 14:53 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-09-11 00:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-12 14:53:46 UTC
Release notes:


A vulnerability has been reported in Chromium, that may
allow user-assisted execution of arbitrary code.


A remote attacker could entice a user to visit a specially-crafted web page
that would trigger the vulnerability, leading to execution of
arbitrary code, or a Denial of Service.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-12 14:56:20 UTC
Arches, please test and mark stable =www-client/chromium-10.0.648.133

I apologize for one stabilization very shortly after another. There might be even more security updates for the 10.x branch soon, the .133 one is surprisingly small.
Comment 2 Agostino Sarubbo gentoo-dev 2011-03-12 16:38:19 UTC
amd64 ok
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2011-03-13 14:38:39 UTC
x86 stable.  Frequent updates are not your fault, Paweł.
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2011-03-13 15:48:22 UTC
amd64 done. Thanks Agostino
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-03-14 02:59:39 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:01:54 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:59 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:26:38 UTC
CVE-2011-1290 (
  Integer overflow in WebKit, as used on the Research In Motion (RIM)
  BlackBerry Torch 9800 with firmware, in Google Chrome before
  10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to
  execute arbitrary code via unknown vectors related to CSS "style handling,"
  nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem
  Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at
  CanSecWest 2011.