Bug 857492 - Multiple security flaws in v8 version in EPEL6
Multiple security flaws in v8 version in EPEL6
Status: CLOSED CURRENTRELEASE
Product: Fedora EPEL
Classification: Fedora
Component: v8 (Show other bugs)
el6
All Linux
high Severity high
: ---
: ---
Assigned To: T.C. Hollingsworth
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-14 11:26 EDT by Vincent Danen
Modified: 2014-08-15 01:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-15 01:17:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-09-14 11:26:09 EDT
v8 has suffered from various security flaws that get fixed with new Chrome releases.  The version of v8 in EPEL6 is a year old, and there's been quite a few Chrome releases since then.

Updating to 3.10.8 (what is currently in Fedora) would be ideal as it fixes a number of security flaws.

If keeping v8 on EPEL6 up-to-date (via rebasing) isn't possible, we may want to consider not providing it (the patch burden is probably quite high, and rebasing is the logical way to keep it free from security defects, but I'm not sure how that aligns with policy).
Comment 1 Tomas Hoger 2014-08-12 05:32:44 EDT
Re-assigning to the current maintainer of v8 packages in EPEL + adding default CC.

Packages in EPEL 6 and 7 now seems to be in sync with Fedora, so this bug is probably no longer relevant.
Comment 2 T.C. Hollingsworth 2014-08-15 01:17:53 EDT
Indeed, EPEL now has v8 3.14 so presumably these have been all addressed.

Note You need to log in before you can comment on or make changes to this bug.