Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
On 02/01/2013 19:00, Moritz Muehlenhoff wrote: On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote: On 16/12/2012 23:00, Allison Randal wrote: The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 So presumably they're still embargoed and only accessible to certain members of pkg-javascript. Yes, they are. I asked Chris (cc-ed to Giuseppe) access to those. Did you get a reply? Unfortunately i still don't get an access. Fortunately it's possible to find which upstream v8 commits are fixing those CVE. CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 is tested by http://code.google.com/p/v8/source/browse/trunk/test/mjsunit/regress/regress-crbug-150729.js and ./d8 --allow-natives-syntax regress-crbug-150729.js doesn't crash in any way when run against libv8 3.8.9.20-2 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 is fixed by http://code.google.com/p/v8/source/detail?r=12785 and the cctest within runs fine on libv8 3.8.9.20-2 test suite. Conclusion : those two CVE do not hit libv8 that is in debian. Jérémy signature.asc Description: OpenPGP digital signature
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
On 02/01/2013 19:00, Moritz Muehlenhoff wrote: On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote: On 16/12/2012 23:00, Allison Randal wrote: The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 So presumably they're still embargoed and only accessible to certain members of pkg-javascript. Yes, they are. I asked Chris (cc-ed to Giuseppe) access to those. Did you get a reply? No reply. I've just retried. Jérémy. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote: On 16/12/2012 23:00, Allison Randal wrote: The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 So presumably they're still embargoed and only accessible to certain members of pkg-javascript. Yes, they are. I asked Chris (cc-ed to Giuseppe) access to those. Did you get a reply? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 So presumably they're still embargoed and only accessible to certain members of pkg-javascript. Allison -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
On 16/12/2012 23:00, Allison Randal wrote: The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128 https://code.google.com/p/chromium/issues/detail?id=157124 So presumably they're still embargoed and only accessible to certain members of pkg-javascript. Yes, they are. I asked Chris (cc-ed to Giuseppe) access to those. Jérémy. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
On Fri, Nov 30, 2012 at 03:56:49PM +0100, Moritz Muehlenhoff wrote: Package: libv8 Severity: grave Tags: security Justification: user security hole Please see http://googlechromereleases.blogspot.de/2012/11/stable-channel-release-and-beta-channel.html What's the status? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128
Package: libv8 Severity: grave Tags: security Justification: user security hole Please see http://googlechromereleases.blogspot.de/2012/11/stable-channel-release-and-beta-channel.html Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org