[Pkg-javascript-devel] Bug#687574: Multiple security issues
Jérémy Lal
kapouer at melix.org
Fri Sep 28 22:01:46 UTC 2012
On 13/09/2012 23:27, Moritz Muehlenhoff wrote:
> Package: libv8
> Severity: grave
> Tags: security
>
> Hi,
> please check the status of these security issues in libv8.
> They were all fixed in Chrome, but it's not clearly from
> which Chrome release the libv8 package in Wheezy was cut:
>
> http://security-tracker.debian.org/tracker/CVE-2011-3111
> http://security-tracker.debian.org/tracker/CVE-2011-3057
> http://security-tracker.debian.org/tracker/CVE-2011-2881
> http://security-tracker.debian.org/tracker/CVE-2011-3115
> http://security-tracker.debian.org/tracker/CVE-2011-3103
> http://security-tracker.debian.org/tracker/CVE-2011-3092
> http://security-tracker.debian.org/tracker/CVE-2011-2875
Hi, the current status of these CVE in libv8 3.8.9.20-1 is :
CVE-2011-3111
Fixed in upstream version libv8 3.8.9.23.
Those CVE are fixed or not applicable in libv8 3.8.9.20 :
CVE-2011-3057 fixed
CVE-2011-2881 fixed
CVE-2011-3115 affects libv8 >= 3.9
CVE-2011-3103 affects libv8 >= 3.9
CVE-2011-3092 affects libv8 >= 3.9
CVE-2011-2875 fixed
I'm preparing a libv8 3.8.9.20-2 package fixing CVE-2011-3111 (and few
other bugs).
Regards,
Jérémy
More information about the Pkg-javascript-devel
mailing list