Marc Deslauriers <marc.deslauri...@canonical.com> writes: > On Sat, 2009-10-31 at 09:12 +0100, Reinhard Tartler wrote: >> How to proceed now? In any case, I'll prepare an upload for lucid once >> it opens. Will you prepare uploads for stable ubuntu security pockets? > > The next step, IMO, is to get CVE numbers assigned. Since CVE numbers > aren't usually given to client application crashes, someone needs to > analyze each issue to see if it is exploitable or not.
I'm not familiar with the process to get CVE numbers assigned, but this bug is identified by secunia: http://secunia.com/advisories/36805/ Debian currently tracks this as: http://security-tracker.debian.org/tracker/TEMP-0550442-000946 as for reproducability, the chrome guys presented for each issue an example file demonstrating the crash. I'm not aware of concrete exploits for these crashes. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org