[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VpVUb-0008Ic-4D@alpha.psidef.org>
Date: Sat, 07 Dec 2013 22:57:17 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2811-1] chromium-browser security
update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2811-1 security@...ian.org
http://www.debian.org/security/ Michael Gilbert
December 07, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637
CVE-2013-6638 CVE-2013-6639 CVE-2013-6640
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6634
Andrey Labunets discovered that the wrong URL was used during
validation in the one-click sign on helper.
CVE-2013-6635
cloudfuzzer discovered use-after-free issues in the InsertHTML and
Indent DOM editing commands.
CVE-2013-6636
Bas Venis discovered an address bar spoofing issue.
CVE-2013-6637
The chrome 31 development team discovered and fixed multiple issues
with potential security impact.
CVE-2013-6638
Jakob Kummerow of the Chromium project discoved a buffer overflow in
the v8 javascript library.
CVE-2013-6639
Jakob Kummerow of the Chromium project discoved an out-of-bounds
write in the v8 javascript library.
CVE-2013-6640
Jakob Kummerow of the Chromium project discoved an out-of-bounds
read in the v8 javascript library.
For the stable distribution (wheezy), these problems have been fixed in
version 31.0.1650.63-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 31.0.1650.63-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQQcBAEBCgAGBQJSo+2XAAoJELjWss0C1vRzcIcf/0IeLihtqzUhizWyxZEDPlEq
ZWfz1Vjo42ZqDJDacvh5HqdLARgVXsiRhJFqmcuThOxJGWR961zJEBCVa0uXbqpN
TuRI+YY7viTyrBXCa29RX9cB/EADmkqeFswMb1RpcgbmxJaSoOUU0bdqX2fOrN8E
yDTwSe//XQRinGuajNiBO1sWyGmRzquZnZwgmWL37raqg8eLKhHvYeuL+TQvVQwi
9/orPVoMELNDKrlupWFXChZSvc8kUuXAuBk0UI4OlTupsscsiaEWOdcPRssTwIO+
Zk9j7XS1OxZAcHD4iO8BeiGJjjymUvcqB7w8dv/S/2ehAYlptab0QNzsG//FTKGa
UuNgzD2d8ntMcXSXdcs2BqmWYFF2CI1hQYgCdSUGAp5nRjp8Y3TV+VykmgzjzMHN
nOIEXOHSsagMbn1pfmEn8mYv/Hkz38f04LStchD62Mvb9QHXQNtr9TOiJ3wbz3UI
wNN1faGePKz6bO3X2tSQboWmKjOfDL5XBJC27Jovpbyqk8zDA5ConHshkxSL7SPX
2MjMjbSUO1rpjehA1PLuruOwVQd1uRL/IgEhAqMWlXcwFI3Lo8C3pZfRHuuTQpJx
zUbVq6Kr88EoXfF7P6KnYd10C8mOwMu6Hj5iB/go7gOEiXrqGVa2KlVTVhVege9P
WDFweF5dYYhZ1kAB5nxzza5KZJtXX9aFkAK1fmyEc7CwyRB19r+Sm3TQwstgoF0t
0CPCwqQJNG2kLsir4nnB6mcJX9pkwX469qSeWul+3pp5026KmVGXhGtk7pcdIN7j
Qyav6UD2bywqt+5RaIIp+hygo1ZOkJ0bhni4PUK1IdCwC3aZqf1pukguBDy7zZb7
UqEzRyoaLgH0S0tmGnvFj/gRWMzkyxXLS/U84d/rBLVV61Irig/4G+gNlAaF2t1p
aSluBs5OOuGmyYNzQgs8jNmGdUR4Rx4l7a0Nol9jw8nwMMTjp7VQRUB4uMEWVOQ1
4ooAJ2ne3vqupJ1E21zk71d24+4MYrr/B2mXYQ0GsaDU+0bnODiEbKsliGwoRQGq
2ZXDzL+0SDLossIPYLWTx1s+DChrzoEVdp6n/3z6uul9/AzNc6U2FsCU1XAh3G/+
7LDqBIcnRX/fQ9p1yxPwo16kko5mJQlKkqgI9IDpNM/Lg7FCVl4+yE7uqR1B1fsc
WJN+t0M9uEO6EMO4pK/c91Xna2JP7xVcqsaCf1QI3WhNQnHoGzSX7E/BZYDkUmlR
kdkBp6F4izLt3hrz0qaVgIrslrPNwHphMOIlX/TzPMhY6etqQLQ8GXIS7SbqgG53
yWLQbsqo+1/d5QtTox5JfPFFTRCLKJGP8UrHjN7ZMmlBnTuZ5jR0oO+ITube2pM=
=5Qyo
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists