On 01/01/2012 23:50, Thijs Kinkhorst wrote:
> Package: libv8
> Severity: serious
> Tags: security
> Hi,
> It was reported that V8 is affected by the predictable hash collisions attack 
> that made its rounds around the net this week. This is tracked at
> http://security-tracker.debian.org/tracker/CVE-2011-5037
> Can you ensure that fixed packages are uploaded to sid as soon as possible, 
> and assert whether a fix for squeeze would be necessary?

Thank you for your concern,
a fixed version for sid will be uploaded very soon.

> Also please note that the security tracker has a number of other open issues 
> for libv8. Do you have any more information on the status of those?
> http://security-tracker.debian.org/tracker/source-package/libv8

Status : in squeeze,
chromium-browser is using its bundled copy of libv8, so there are currently
no packages depending on it.
I have currently no motivation to fix it (as i don't see the point),
but help is welcome.


Pkg-javascript-devel mailing list

Reply via email to