Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 462690 (CVE-2013-2632) - <dev-lang/v8-3.17.15.3: remote DoS via crafted javascript (CVE-2013-2632)
Summary: <dev-lang/v8-3.17.15.3: remote DoS via crafted javascript (CVE-2013-2632)
Status: RESOLVED FIXED
Alias: CVE-2013-2632
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-22 14:48 UTC by Agostino Sarubbo
Modified: 2013-09-11 03:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-22 14:48:50 UTC
From ${URL} :

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2632 to
the following vulnerability:

Name: CVE-2013-2632
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2632
Assigned: 20130321
Reference: http://code.google.com/p/v8/source/browse/trunk/ChangeLog
Reference: http://googlechromereleases.blogspot.com/2013/03/dev-channel-update_18.html
Reference: https://code.google.com/p/chromium/issues/detail?id=194749

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted
JavaScript code, as demonstrated by the Bejeweled game.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2013-03-22 16:57:30 UTC
This is a hard masked v8 versions, and old versions of v8 seem unaffected.

My recommendation for the Security Team is to close this bug.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-10 00:10:53 UTC
(In reply to comment #1)
> This is a hard masked v8 versions, and old versions of v8 seem unaffected.
> 
> My recommendation for the Security Team is to close this bug.

According to the CVE description, this affects <dev-lang/v8-3.17.15.3 which does not appear to be hard masked. Can this be stabilized?
Comment 3 Mike Gilbert gentoo-dev 2013-04-10 01:59:40 UTC
(In reply to comment #2)
> According to the CVE description, this affects <dev-lang/v8-3.17.15.3 which
> does not appear to be hard masked. Can this be stabilized?

Per comment 1, versions of v8 before the 3.17 series are not affected.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-04-11 16:37:50 UTC
CVE-2013-2632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2632):
  Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
  allows remote attackers to cause a denial of service (application crash) or
  possibly have unspecified other impact via crafted JavaScript code, as
  demonstrated by the Bejeweled game.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-11 03:56:35 UTC
If this only affected hardmasked versions, then nothing left. Closing noglsa.