This bug was fixed in the package libv8 - 3.8.9.20-2
Sponsored for Logan Rosen (logan)
---------------
libv8 (3.8.9.20-2) unstable; urgency=low
* Cherry-picked four upstream patches from 3.8.9.29:
+ r11654.patch: fix CVE-2011-3111, closes:bug#687574.
+ r12161.patch: Fix ICs for slow objects with native accessor.
+ r12336.patch: Fix bug in compare IC.
+ r12460.patch: Fix some corner cases in skipping native methods
using caller. Fix binding in new Function().
-- Jérémy Lal <[email protected]> Sat, 29 Sep 2012 01:04:06 +0200
** Changed in: libv8 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1004795
Title:
(CVE-2011-3083) <chromium-browser-19.0.1084.52, <libv8-3.9.24.28:
multiple vulnerabilities
(CVE-2011-{3103,3104,3105,3106,3107,3108,3109,3111,3115})
Status in “chromium-browser” package in Ubuntu:
Fix Released
Status in “libv8” package in Ubuntu:
Fix Released
Bug description:
The Chrome Stable channel has been updated to 19.0.1084.52 on Windows,
Mac, Linux and Chrome Frame.
Security fixes and rewards:
[117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the
Chromium development community (Brett Wilson).
[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google
Chrome Security Team (Inferno).
[$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling.
Credit to miaubiz.
[122654] Critical CVE-2011-3106: Browser memory corruption with websockets
over SSL. Credit to the Chromium development community (Dharani Govindan).
[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings.
Credit to the Chromium development community (Dharani Govindan).
[$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache.
Credit to “efbiaiinzinz”.
[Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit
to Micha Bartholomé.
[126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out
of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team,
with contributions by Gynvael Coldwind of the Google Security Team.
[$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian
Holler.
[127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions by
Gynvael Coldwind of the Google Security Team.
[127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions by
Gynvael Coldwind of the Google Security Team.
[128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to
Google Chrome Security Team (scarybeasts).
[$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to
Christian Holler.
http://googlechromereleases.blogspot.com/2012/05/stable-channel-
update_23.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1004795/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
