Bug 1185282 (CVE-2015-1205)
Summary: | CVE-2015-1205 chromium-browser: multiple unspecified vulnerabilities | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | caolanm, denis.arnaud_fedora, erack, erik-fedora, tpopela, tuxator |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Chrome 40.0.2214.91 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-17 05:25:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1185232 |
Description
Vasyl Kaigorodov
2015-01-23 11:48:32 UTC
Upstream bug linked in comment 0 contains long list of other upstream bugs for random fixes applied in this Chrome update. One of the issues is: https://code.google.com/p/chromium/issues/detail?id=432209 This bug is currently non-public, but it can be tracked to the following ICU change using the bug id: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 Chrome commit identifies ICU upstream bug, which is also non-public. ICU upstream bug and commit links: http://bugs.icu-project.org/trac/ticket/11371 http://bugs.icu-project.org/trac/changeset/36801 "Improved checking of regular expression pattern size limits." Removing ICU affects. The ICU issue mentioned in comment 1 got separate CVE assignment - CVE-2014-9654, see bug 1190129. In reply to comment #1: > Chrome commit identifies ICU upstream bug, which is also non-public. ICU > upstream bug and commit links: > > http://bugs.icu-project.org/trac/ticket/11371 > http://bugs.icu-project.org/trac/changeset/36801 > "Improved checking of regular expression pattern size limits." ICU upstream migrated to Jira for bug tracking and git for source code. Matching links are: https://unicode-org.atlassian.net/browse/ICU-11371 https://github.com/unicode-org/icu/commit/63758dca88e784a69467158a99f8903f8c30fa6d |