Red Hat Bugzilla – Bug 857492
Multiple security flaws in v8 version in EPEL6
Last modified: 2014-08-15 01:17:53 EDT
v8 has suffered from various security flaws that get fixed with new Chrome releases. The version of v8 in EPEL6 is a year old, and there's been quite a few Chrome releases since then.
Updating to 3.10.8 (what is currently in Fedora) would be ideal as it fixes a number of security flaws.
If keeping v8 on EPEL6 up-to-date (via rebasing) isn't possible, we may want to consider not providing it (the patch burden is probably quite high, and rebasing is the logical way to keep it free from security defects, but I'm not sure how that aligns with policy).
Re-assigning to the current maintainer of v8 packages in EPEL + adding default CC.
Packages in EPEL 6 and 7 now seems to be in sync with Fedora, so this bug is probably no longer relevant.
Indeed, EPEL now has v8 3.14 so presumably these have been all addressed.