jerry at edagames.com
Tue Jan 3 23:45:39 UTC 2012
On 01/01/2012 23:50, Thijs Kinkhorst wrote:
> Package: libv8
> Severity: serious
> Tags: security
> It was reported that V8 is affected by the predictable hash collisions attack
> that made its rounds around the net this week. This is tracked at
> Can you ensure that fixed packages are uploaded to sid as soon as possible,
> and assert whether a fix for squeeze would be necessary?
Thank you for your concern,
a fixed version for sid will be uploaded very soon.
> Also please note that the security tracker has a number of other open issues
> for libv8. Do you have any more information on the status of those?
Status : in squeeze,
chromium-browser is using its bundled copy of libv8, so there are currently
no packages depending on it.
I have currently no motivation to fix it (as i don't see the point),
but help is welcome.