v8 security issues fixed in chromium 10.0.648.127

Debian Bug report logs - #617418
v8 security issues fixed in chromium 10.0.648.127

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: v8 security issues fixed in chromium 10.0.648.127

Date: Tue, 08 Mar 2011 20:22:11 +0100

Package: libv8
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

chromium 10.0.648.127 fixed the following security issues in libv8:

# [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1146
Patch: http://code.google.com/p/v8/source/detail?r=6773

# [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1108
Patch: http://code.google.com/p/v8/source/detail?r=6794
       http://code.google.com/p/v8/source/detail?r=6805
       http://code.google.com/p/v8/source/detail?r=6837

# [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
I have no info at this moment, could you ask upstream more info? 


#[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
http://code.google.com/p/v8/source/detail?r=6435


These need to be backported for squeeze.

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk12geEACgkQNxpp46476arHAwCdERD5hFencMybvi3op77F44hB
TcsAnRz4NuVIvKfbJDJSyllux4OExL7y
=0+Lf
-----END PGP SIGNATURE-----

Message #10 received at 617418@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: 617418@bugs.debian.org

Subject: CVE

Date: Thu, 10 Mar 2011 20:18:05 +0100

[Message part 1 (text/plain, inline)]

> # [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1146
> Patch: http://code.google.com/p/v8/source/detail?r=6773

This is CVE-2011-1286

> 
> # [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1108
> Patch: http://code.google.com/p/v8/source/detail?r=6794
>        http://code.google.com/p/v8/source/detail?r=6805
>        http://code.google.com/p/v8/source/detail?r=6837

This is CVE-2011-1285

> 
> # [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
> I have no info at this moment, could you ask upstream more info? 

This is CVE-2011-1193

> #[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
> http://code.google.com/p/v8/source/detail?r=6435

This is CVE-2011-1187

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #17 received at 617418-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 617418-close@bugs.debian.org

Subject: fixed

Date: Mon, 24 Oct 2011 20:37:32 -0400

version: 3.1.8.10-1

Send a report that this bug log contains spam.