On 01/01/2012 23:50, Thijs Kinkhorst wrote: > Package: libv8 > Severity: serious > Tags: security > > Hi, > > It was reported that V8 is affected by the predictable hash collisions attack > that made its rounds around the net this week. This is tracked at > http://security-tracker.debian.org/tracker/CVE-2011-5037 > Can you ensure that fixed packages are uploaded to sid as soon as possible, > and assert whether a fix for squeeze would be necessary?
Thank you for your concern, a fixed version for sid will be uploaded very soon. > Also please note that the security tracker has a number of other open issues > for libv8. Do you have any more information on the status of those? > http://security-tracker.debian.org/tracker/source-package/libv8 Status : in squeeze, chromium-browser is using its bundled copy of libv8, so there are currently no packages depending on it. I have currently no motivation to fix it (as i don't see the point), but help is welcome. Jérémy. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
