[Pkg-javascript-devel] Bug#617418: v8 security issues fixed in chromium 10.0.648.127
Giuseppe Iuculano
iuculano at debian.org
Tue Mar 8 19:22:11 UTC 2011
Package: libv8
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
chromium 10.0.648.127 fixed the following security issues in libv8:
# [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1146
Patch: http://code.google.com/p/v8/source/detail?r=6773
# [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1108
Patch: http://code.google.com/p/v8/source/detail?r=6794
http://code.google.com/p/v8/source/detail?r=6805
http://code.google.com/p/v8/source/detail?r=6837
# [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
I have no info at this moment, could you ask upstream more info?
#[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
http://code.google.com/p/v8/source/detail?r=6435
These need to be backported for squeeze.
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk12geEACgkQNxpp46476arHAwCdERD5hFencMybvi3op77F44hB
TcsAnRz4NuVIvKfbJDJSyllux4OExL7y
=0+Lf
-----END PGP SIGNATURE-----
More information about the Pkg-javascript-devel
mailing list