Debian Bug report logs -
#607848
chromium-browser: CVE-2010-4574 DoS (crash), invalid pointer arithmetic in pickle.cc
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#607848; Package chromium-browser.
(Wed, 22 Dec 2010 23:00:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Wed, 22 Dec 2010 23:00:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: chromium-browser
Version: 6.0.472.63~r59945-3
Severity: important
Tags: upstream patch security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Pickle::Pickle function in base/pickle.cc in Google Chrome before
8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms
does not properly perform pointer arithmetic, which allows remote attackers
to bypass message deserialization validation, and cause a denial of service
or possibly have unspecified other impact, via invalid pickle data.
The attached patch comes from r68033 in the upstream repository and it's
issue 56449 (code review at http://codereview.chromium.org/4716006/).
- -- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages chromium-browser depends on:
ii chromium-browser-ins 6.0.472.63~r59945-3 page inspector for the chromium-br
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libcups2 1.4.5-1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.88-2 simple interprocess messaging syst
ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event notification
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.5-10 GCC support library
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgl1-mesa-glx [lib 7.7.1-4 A free implementation of the OpenG
ii libglewmx1.5 1.5.4-1 The OpenGL Extension Wrangler - ru
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libicu44 4.4.2-2 International Components for Unico
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-1 Network Security Service libraries
ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii libv8-2.2.24 2.2.24-7 V8 JavaScript Engine
ii libvpx0 0.9.1-2 VP8 video codec (shared library)
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxml2 2.7.8.dfsg-1 GNOME XML library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxslt1.1 1.1.26-6 XSLT 1.0 processing library - runt
ii libxss1 1:1.2.1-1 X11 Screen Saver extension library
ii xdg-utils 1.0.2+cvs20100307-3 desktop integration utilities from
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
chromium-browser recommends no packages.
Versions of packages chromium-browser suggests:
ii chromium-browser-l10 6.0.472.63~r59945-3 chromium-browser language packages
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNEoJXAAoJEFOUR53TUkxRtjoP/2SLzyyGGGo//Ttac128nUP6
w8hG2iwv8ZFycL2mbh4dN+WdAH6y3YorN9Ky3OiL0uDgCrTWXcZ/FoLQ09HO2g1K
uj7R94lJDyQFw9ZIZZ4uWpHsC0LZdbDhrEeFCgEan57DXsIOebouz0o/J4W1+z4A
9U2AJfidzohNNNSbJCNqdK2OyxSxnt4cBUL/1C4qM8Bth48KeJo8ZLhLpYIXzlgJ
XmL/McECY9FLoTNjIelpB7BF6xK0T+R0D1dEefjC8Pmf91EdJfL5LtEsys47SavN
H3xO1m0/CgiADjjEZMWGkqe3Ra2i62okHZz/raXhOxPRtS81OFS+MH7yd8aSJ6+0
45k9cNYOIePMC3pAeiELJf3puYpGtXQoICqihxOWCdgUWIAji1q1FowfTwOCxFBA
MPklE+R2Sw3cDrFvyf+/IdIL5ZjWv2kx8RxDr1hgowP+9JnzCvO03ADFvLztxs+F
OHFgCARArUd5i/f1ozAP10VWSvcI/MNMEf2YuQqPi0g5lwByHewL4bl4E3x2O9MM
xr02xVKsB+bsmoS//eaYobXxqPgKNj38aK8SPvQOTEDkeDwjepSzGLLMzZcO/GWc
H+vsOPzRC3iYJJxyzQWg9lFxx1cUQo13a8hey5XJ3V2LyOq/Fn9mmlX8peAB2zDx
HEKIJ40s90VUz2xMQuHL
=eAhW
-----END PGP SIGNATURE-----
[CVE-2010-4574.patch (text/html, attachment)]
Reply sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
You have taken responsibility.
(Thu, 23 Dec 2010 19:36:14 GMT) (full text, mbox, link).
Notification sent
to Jonathan Wiltshire <jmw@debian.org>:
Bug acknowledged by developer.
(Thu, 23 Dec 2010 19:36:14 GMT) (full text, mbox, link).
Message #12 received at 607848-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 6.0.472.63~r59945-4
This was fixed in 6.0.472.63~r59945-4
Cheers,
Giuseppe
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 21 Jan 2011 07:34:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:41:04 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon