Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1091838 - (CVE-2014-1735) CVE-2014-1735 v8: multiple vulnerabilities fixed in Google Chrome 34.0.1847.131
CVE-2014-1735 v8: multiple vulnerabilities fixed in Google Chrome 34.0.1847.131
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140404,repor...
: Security
Depends On:
Blocks: 1091840
  Show dependency treegraph
 
Reported: 2014-04-28 03:32 EDT by Murray McAllister
Modified: 2016-04-26 13:39 EDT (History)
51 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-06 10:06:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Murray McAllister 2014-04-28 03:32:06 EDT 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1735 to
the following vulnerability:

Name: CVE-2014-1735
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1735
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Reference: https://code.google.com/p/chromium/issues/detail?id=359130
Reference: https://code.google.com/p/chromium/issues/detail?id=359525
Reference: https://code.google.com/p/chromium/issues/detail?id=360429
Reference: https://code.google.com/p/v8/source/detail?r=20501
Reference: https://code.google.com/p/v8/source/detail?r=20622
Reference: https://code.google.com/p/v8/source/detail?r=20624
Reference: https://src.chromium.org/viewvc/blink?revision=171077&view=revision
Reference: https://src.chromium.org/viewvc/blink?revision=171127&view=revision

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X and
before 34.0.1847.132 on Linux, allow attackers to cause a denial of
service or possibly have other impact via unknown vectors.

It appears as though the Fedora packages may not be affected.
Comment 1 Tomas Hoger 2014-06-16 15:58:38 EDT 
https://code.google.com/p/chromium/issues/detail?id=359525
https://code.google.com/p/v8/source/detail?r=20501

This fix is not applicable to v8 3.14.

https://code.google.com/p/chromium/issues/detail?id=359130
https://src.chromium.org/viewvc/blink?revision=171077&view=revision

https://code.google.com/p/chromium/issues/detail?id=360429
https://src.chromium.org/viewvc/blink?revision=171127&view=revision

These bugs are still non-public.  There does not seem to be any v8 commit referring to those bug ids.  They are only referenced by the linked blink commits, which are not applicable to v8.  We're currently unable to determine if there may be any fix applicable to v8 in Fedora and Red Hat products.
Comment 2 Tomas Hoger 2014-08-06 10:06:19 EDT 
(In reply to Tomas Hoger from comment #1)
> https://code.google.com/p/chromium/issues/detail?id=359130
> https://src.chromium.org/viewvc/blink?revision=171077&view=revision
> 
> https://code.google.com/p/chromium/issues/detail?id=360429
> https://src.chromium.org/viewvc/blink?revision=171127&view=revision
> 
> These bugs are still non-public.  There does not seem to be any v8 commit
> referring to those bug ids.  They are only referenced by the linked blink
> commits, which are not applicable to v8. 

Bugs are public now.  They only refer to Blink and hence are not applicable to v8.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.