Bug 1150850 (CVE-2014-7967)

Summary: CVE-2014-7967 v8: multiple unspecified issues fixed in Google Chrome 38.0.2125.101
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bdunne, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, dajohnso, dallan, dclarizi, dmcphers, gkotton, gmccullo, jdetiber, jfrey, jialiu, jkeck, joelsmith, jokerman, jorton, jprause, jrafanie, jvlcek, katello-bugs, kseifried, lhh, lmeyer, lpeer, markmc, mburns, mmaslano, mmccomas, mmccune, mmcgrath, obarenbo, rbryant, rhos-maint, sclewis, tcallawa, tchollingsworth, thrcka, tjay, tomckay, tomspur, xlecauch, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: v8 3.28.71.15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-21 16:24:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1150851    

Description Murray McAllister 2014-10-09 04:27:27 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-7967 to
the following vulnerability:

Name: CVE-2014-7967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7967
Assigned: 20141008
Reference: http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15,
as used in Google Chrome before 38.0.2125.101, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.

It is not clear if the Fedora v8 packages are affected or not.
Comment 4 Yadnyawalk Tale 2020-08-04 10:36:53 UTC 
manifest.txt:36260:rhn_satellite:6.5/v8-3.14.5.10-19.el7sat

At this time, we have no additional z-streams planned for sat-6.5.z. Based upon that and that this is a low severity issue, closing this one as wontfix. 
Ref: https://access.redhat.com/support/policy/updates/satellite
Comment 5 Yadnyawalk Tale 2020-08-11 14:44:12 UTC 
Statement:

Red Hat Satellite 6.5 ship v8 however has been rated as a security impact of Moderate, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.