Debian Bug report logs -
#617418
v8 security issues fixed in chromium 10.0.648.127
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Tue, 8 Mar 2011 19:24:08 UTC
Severity: serious
Tags: security
Found in version libv8/2.2.24-6
Fixed in version 3.1.8.10-1
Done: Michael Gilbert <michael.s.gilbert@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
:
Bug#617418
; Package libv8
.
(Tue, 08 Mar 2011 19:24:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
.
(Tue, 08 Mar 2011 19:24:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libv8
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
chromium 10.0.648.127 fixed the following security issues in libv8:
# [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1146
Patch: http://code.google.com/p/v8/source/detail?r=6773
# [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
http://code.google.com/p/v8/issues/detail?id=1108
Patch: http://code.google.com/p/v8/source/detail?r=6794
http://code.google.com/p/v8/source/detail?r=6805
http://code.google.com/p/v8/source/detail?r=6837
# [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
I have no info at this moment, could you ask upstream more info?
#[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
http://code.google.com/p/v8/source/detail?r=6435
These need to be backported for squeeze.
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk12geEACgkQNxpp46476arHAwCdERD5hFencMybvi3op77F44hB
TcsAnRz4NuVIvKfbJDJSyllux4OExL7y
=0+Lf
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
:
Bug#617418
; Package libv8
.
(Thu, 10 Mar 2011 19:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>
:
Extra info received and forwarded to list. Copy sent to Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
.
(Thu, 10 Mar 2011 19:21:03 GMT) (full text, mbox, link).
Message #10 received at 617418@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> # [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1146
> Patch: http://code.google.com/p/v8/source/detail?r=6773
This is CVE-2011-1286
>
> # [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1108
> Patch: http://code.google.com/p/v8/source/detail?r=6794
> http://code.google.com/p/v8/source/detail?r=6805
> http://code.google.com/p/v8/source/detail?r=6837
This is CVE-2011-1285
>
> # [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
> I have no info at this moment, could you ask upstream more info?
This is CVE-2011-1193
> #[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
> http://code.google.com/p/v8/source/detail?r=6435
This is CVE-2011-1187
Cheers,
Giuseppe.
[signature.asc (application/pgp-signature, attachment)]
Bug Marked as fixed in versions 3.1.8.10-1.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org
.
(Sun, 29 May 2011 12:15:20 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
You have taken responsibility.
(Tue, 25 Oct 2011 00:39:08 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Tue, 25 Oct 2011 00:39:08 GMT) (full text, mbox, link).
Message #17 received at 617418-close@bugs.debian.org (full text, mbox, reply):
version: 3.1.8.10-1
Bug Marked as found in versions libv8/2.2.24-6.
Request was from Jonathan Nieder <jrnieder@gmail.com>
to control@bugs.debian.org
.
(Mon, 09 Jan 2012 06:36:11 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 02 Jun 2013 07:39:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:08:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.