[Pkg-javascript-devel] Bug#653962: libv8 predictable hash collisions
Thijs Kinkhorst
thijs at debian.org
Sun Jan 1 22:50:48 UTC 2012
Package: libv8
Severity: serious
Tags: security
Hi,
It was reported that V8 is affected by the predictable hash collisions attack
that made its rounds around the net this week. This is tracked at
http://security-tracker.debian.org/tracker/CVE-2011-5037
Can you ensure that fixed packages are uploaded to sid as soon as possible,
and assert whether a fix for squeeze would be necessary?
Also please note that the security tracker has a number of other open issues
for libv8. Do you have any more information on the status of those?
http://security-tracker.debian.org/tracker/source-package/libv8
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20120101/1a649e40/attachment.pgp>
More information about the Pkg-javascript-devel
mailing list