On 13/09/2012 23:27, Moritz Muehlenhoff wrote: > Package: libv8 > Severity: grave > Tags: security > > Hi, > please check the status of these security issues in libv8. > They were all fixed in Chrome, but it's not clearly from > which Chrome release the libv8 package in Wheezy was cut: > > http://security-tracker.debian.org/tracker/CVE-2011-3111 > http://security-tracker.debian.org/tracker/CVE-2011-3057 > http://security-tracker.debian.org/tracker/CVE-2011-2881 > http://security-tracker.debian.org/tracker/CVE-2011-3115 > http://security-tracker.debian.org/tracker/CVE-2011-3103 > http://security-tracker.debian.org/tracker/CVE-2011-3092 > http://security-tracker.debian.org/tracker/CVE-2011-2875 Hi, the current status of these CVE in libv8 3.8.9.20-2 is : CVE-2011-3111 Fixed in upstream version libv8 3.8.9.23. Applied in libv8 3.8.9.20-2. Those CVE are already fixed or not applicable in libv8 3.8.9.20 : CVE-2011-3057 fixed CVE-2011-2881 fixed CVE-2011-3115 affects libv8 >= 3.9 CVE-2011-3103 affects libv8 >= 3.9 CVE-2011-3092 affects libv8 >= 3.9 CVE-2011-2875 fixed This informations were checked by me on v8 issues tracker (but they are not publicly accessible). Feel free to tell me if more info is needed. Regards, Jérémy
Attachment:
signature.asc
Description: OpenPGP digital signature