Package: chromium Version: 32.0.1700.123-2 Severity: important https://demo.cmrg.net/ is a horribly-configured webserver offering only discrete-log DHE key exchange with a trivially-crackable 16-bit group.
chromium segfaults when visiting it for any reason: 0 dkg@alice:~$ chromium https://demo.cmrg.net Segmentation fault 139 dkg@alice:~$ cat tmp/x.html <html> <head> <title> crasher </title> </head> <body> <h1>crasher</h1> <p>blah blah</p> <img src="https://demo.cmrg.net/"; /> </body> </html> 0 dkg@alice:~$ chromium file://$(pwd)/tmp/x.html Segmentation fault 139 dkg@alice:~$ John Haxby originally reported this on the oss-security list against Chrome, not chromium: http://www.openwall.com/lists/oss-security/2014/03/04/7 So I suspect this is an upstream issue, but the upstream bug tracker wants me to "sign in to all of google", and i'd rather not. feel free to report this upstream, though. Sorry i don't have a backtrace to offer here: I don't have 2.3GiB of space available on this machine to install chromium-dbg. I suspect anyone who wants a backtrace should be able to get one from the above replication steps. --dkg -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages chromium depends on: ii chromium-inspector 32.0.1700.123-1 ii gconf-service 3.2.6-1 ii libasound2 1.0.27.2-3 ii libatk1.0-0 2.10.0-2 ii libc6 2.17-97 ii libcairo2 1.12.16-2 ii libcups2 1.7.1-5 ii libdbus-1-3 1.8.0-1 ii libexpat1 2.1.0-4 ii libfontconfig1 2.11.0-2 ii libfreetype6 2.5.2-1 ii libgcc1 1:4.8.2-16 ii libgconf-2-4 3.2.6-1 ii libgcrypt11 1.5.3-3 ii libgdk-pixbuf2.0-0 2.30.5-1 ii libglib2.0-0 2.38.2-5 ii libgnome-keyring0 3.4.1-1 ii libgtk2.0-0 2.24.22-1 ii libjpeg8 8d-2 ii libnspr4 2:4.10.3-1 ii libnss3 2:3.15.4-2 ii libpango-1.0-0 1.36.0-1+b1 ii libpangocairo-1.0-0 1.36.0-1+b1 ii libspeechd2 0.7.1-6.3 ii libspeex1 1.2~rc1.1-1 ii libstdc++6 4.8.2-16 ii libudev1 204-7 ii libx11-6 2:1.6.2-1 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-1 ii libxext6 2:1.3.2-1 ii libxfixes3 1:5.0.1-1 ii libxi6 2:1.7.2-1 ii libxml2 2.9.1+dfsg1-3 ii libxrender1 1:0.9.8-1 ii libxslt1.1 1.1.28-2 ii libxss1 1:1.2.2-1 ii libxtst6 2:1.2.2-1 ii xdg-utils 1.1.0~rc1+git20111210-7 chromium recommends no packages. Versions of packages chromium suggests: pn chromium-l10n <none> -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
