[Pkg-javascript-devel] Bug#653962: libv8 predictable hash collisions
Jérémy Lal
jerry at edagames.com
Tue Jan 3 23:45:39 UTC 2012
On 01/01/2012 23:50, Thijs Kinkhorst wrote:
> Package: libv8
> Severity: serious
> Tags: security
>
> Hi,
>
> It was reported that V8 is affected by the predictable hash collisions attack
> that made its rounds around the net this week. This is tracked at
> http://security-tracker.debian.org/tracker/CVE-2011-5037
> Can you ensure that fixed packages are uploaded to sid as soon as possible,
> and assert whether a fix for squeeze would be necessary?
Thank you for your concern,
a fixed version for sid will be uploaded very soon.
> Also please note that the security tracker has a number of other open issues
> for libv8. Do you have any more information on the status of those?
> http://security-tracker.debian.org/tracker/source-package/libv8
Status : in squeeze,
chromium-browser is using its bundled copy of libv8, so there are currently
no packages depending on it.
I have currently no motivation to fix it (as i don't see the point),
but help is welcome.
Jérémy.
More information about the Pkg-javascript-devel
mailing list