[Pkg-javascript-devel] Bug#617418: CVE
Giuseppe Iuculano
giuseppe at iuculano.it
Thu Mar 10 19:18:05 UTC 2011
> # [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1146
> Patch: http://code.google.com/p/v8/source/detail?r=6773
This is CVE-2011-1286
>
> # [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
> http://code.google.com/p/v8/issues/detail?id=1108
> Patch: http://code.google.com/p/v8/source/detail?r=6794
> http://code.google.com/p/v8/source/detail?r=6805
> http://code.google.com/p/v8/source/detail?r=6837
This is CVE-2011-1285
>
> # [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
> I have no info at this moment, could you ask upstream more info?
This is CVE-2011-1193
> #[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
> http://code.google.com/p/v8/source/detail?r=6435
This is CVE-2011-1187
Cheers,
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20110310/c85dada8/attachment.pgp>
More information about the Pkg-javascript-devel
mailing list