Re: libv8 testing - update security tracker status
On Sat, Dec 01, 2012 at 10:32:30AM +0100, Jérémy Lal wrote:
> On 13/09/2012 23:27, Moritz Muehlenhoff wrote:
> > Package: libv8
> > Severity: grave
> > Tags: security
> >
> > Hi,
> > please check the status of these security issues in libv8.
> > They were all fixed in Chrome, but it's not clearly from
> > which Chrome release the libv8 package in Wheezy was cut:
> >
> > http://security-tracker.debian.org/tracker/CVE-2011-3111
> > http://security-tracker.debian.org/tracker/CVE-2011-3057
> > http://security-tracker.debian.org/tracker/CVE-2011-2881
> > http://security-tracker.debian.org/tracker/CVE-2011-3115
> > http://security-tracker.debian.org/tracker/CVE-2011-3103
> > http://security-tracker.debian.org/tracker/CVE-2011-3092
> > http://security-tracker.debian.org/tracker/CVE-2011-2875
>
> Hi, the current status of these CVE in libv8 3.8.9.20-2 is :
>
> CVE-2011-3111
> Fixed in upstream version libv8 3.8.9.23.
> Applied in libv8 3.8.9.20-2.
>
> Those CVE are already fixed or not applicable in libv8 3.8.9.20 :
> CVE-2011-3057 fixed
> CVE-2011-2881 fixed
> CVE-2011-3115 affects libv8 >= 3.9
> CVE-2011-3103 affects libv8 >= 3.9
> CVE-2011-3092 affects libv8 >= 3.9
> CVE-2011-2875 fixed
>
> This informations were checked by me on v8 issues tracker (but
> they are not publicly accessible).
> Feel free to tell me if more info is needed.
This info has all been incorporated into the Security Tracker in
the mean time.
Cheers,
Moritz
Reply to: