Bug#597856: marked as done (CVE-2010-3412: memory overrun issue in CPU profiler)

[Debian Bug Tracking System]

Your message dated Fri, 24 Sep 2010 14:32:46 +0000
with message-id <e1oz9kq-0006vg...@franck.debian.org>
and subject line Bug#597856: fixed in libv8 2.2.24-6
has caused the Debian Bug report #597856,
regarding CVE-2010-3412: memory overrun issue in CPU profiler
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
597856: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597856
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libv8
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libv8.

CVE-2010-3412[0]:
| Race condition in the console implementation in Google Chrome before
| 6.0.472.59 has unspecified impact and attack vectors.

Patch: http://code.google.com/p/v8/source/detail?r=5393

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3412
    http://security-tracker.debian.org/tracker/CVE-2010-3412


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkybfD0ACgkQNxpp46476arGqACfcGq98JaVWh6zMTxQG2Uqt8Rc
PjsAn3qbWZlOVz/QwESYUpD/fUd2/RWX
=Bgvv
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: libv8
Source-Version: 2.2.24-6

We believe that the bug you reported is fixed in the latest version of
libv8, which is due to be installed in the Debian FTP archive:

libv8-2.2.24_2.2.24-6_i386.deb
  to main/libv/libv8/libv8-2.2.24_2.2.24-6_i386.deb
libv8-dbg_2.2.24-6_i386.deb
  to main/libv/libv8/libv8-dbg_2.2.24-6_i386.deb
libv8-dev_2.2.24-6_i386.deb
  to main/libv/libv8/libv8-dev_2.2.24-6_i386.deb
libv8_2.2.24-6.debian.tar.gz
  to main/libv/libv8/libv8_2.2.24-6.debian.tar.gz
libv8_2.2.24-6.dsc
  to main/libv/libv8/libv8_2.2.24-6.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 597...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated libv8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 24 Sep 2010 11:44:57 +0200
Source: libv8
Binary: libv8-dev libv8-2.2.24 libv8-dbg
Architecture: source i386
Version: 2.2.24-6
Distribution: unstable
Urgency: low
Maintainer: Antonio Radici <anto...@dyne.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description: 
 libv8-2.2.24 - V8 JavaScript Engine
 libv8-dbg  - Development symbols for the V8 JavaScript Engine
 libv8-dev  - Development files for the V8 JavaScript Engine
Closes: 597856
Changes: 
 libv8 (2.2.24-6) unstable; urgency=low
 .
   * CVE-2010-3412 (Closes: #597856)
     Race condition in the console implementation in Google Chrome before
     6.0.472.59 has unspecified impact and attack vectors.
Checksums-Sha1: 
 7cc1d8a418817edcc5d751b8786d9d61c58b3d97 1272 libv8_2.2.24-6.dsc
 3ac3cf2d39c90991bc5f5857470a9c81509825cc 9681 libv8_2.2.24-6.debian.tar.gz
 6146a611c39bf5b5bd654784b9835dca691082f5 56132 libv8-dev_2.2.24-6_i386.deb
 1885c48b576c23d48ad8dd152387328d39c999f6 1013990 libv8-2.2.24_2.2.24-6_i386.deb
 03f4cd57af446aed4a0972c5a8ed93d0e9b5b94e 10951480 libv8-dbg_2.2.24-6_i386.deb
Checksums-Sha256: 
 c9ecadeb371339a69f092db994be10d9b31d624b56fa5cba048cf8cf292ca75f 1272 
libv8_2.2.24-6.dsc
 bf2b0ed96446211d34ce7e0e4859c1aeca38402182afe6de533168175851da2f 9681 
libv8_2.2.24-6.debian.tar.gz
 2c5c8f7ecaf8c8bbb24c784db5b927ee0ad436ce4ca25a2f913760085255b4a2 56132 
libv8-dev_2.2.24-6_i386.deb
 b542e58ca75eec1729a0bd61143a26d732c46f7e45f6863e73fece43f16fc441 1013990 
libv8-2.2.24_2.2.24-6_i386.deb
 2175369bdea35da2e84da9d8bd419808a7fbcbef15340a5dabfa572ee44ca2de 10951480 
libv8-dbg_2.2.24-6_i386.deb
Files: 
 c38286d6c3374fb064322332a9090537 1272 libs optional libv8_2.2.24-6.dsc
 2080aa02ad8a3f9097d45a25aad7dd27 9681 libs optional 
libv8_2.2.24-6.debian.tar.gz
 9523e467ad3498f19fd2df8683f48b13 56132 libdevel optional 
libv8-dev_2.2.24-6_i386.deb
 a479a424a9750b955cdcd03bd5bd09d5 1013990 libs optional 
libv8-2.2.24_2.2.24-6_i386.deb
 3f96f0de7f84767d84d7850bd4ff4d16 10951480 debug extra 
libv8-dbg_2.2.24-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkycorwACgkQDMRIEQdBQdwFZQCgjtXhCJfoaW6fvNTNVjLietQn
lMgAnRepTf0slhTgAEW4AZmeFZc9/S7j
=L7LI
-----END PGP SIGNATURE-----

--- End Message ---