857492 – Multiple security flaws in v8 version in EPEL6

Bug 857492 - Multiple security flaws in v8 version in EPEL6

Summary: Multiple security flaws in v8 version in EPEL6

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	v8
Sub Component:
Version:	el6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	T.C. Hollingsworth
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-14 15:26 UTC by Vincent Danen
Modified:	2014-08-15 05:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-08-15 05:17:53 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2012-09-14 15:26:09 UTC

v8 has suffered from various security flaws that get fixed with new Chrome releases.  The version of v8 in EPEL6 is a year old, and there's been quite a few Chrome releases since then.

Updating to 3.10.8 (what is currently in Fedora) would be ideal as it fixes a number of security flaws.

If keeping v8 on EPEL6 up-to-date (via rebasing) isn't possible, we may want to consider not providing it (the patch burden is probably quite high, and rebasing is the logical way to keep it free from security defects, but I'm not sure how that aligns with policy).

Comment 1 Tomas Hoger 2014-08-12 09:32:44 UTC

Re-assigning to the current maintainer of v8 packages in EPEL + adding default CC.

Packages in EPEL 6 and 7 now seems to be in sync with Fedora, so this bug is probably no longer relevant.

Comment 2 T.C. Hollingsworth 2014-08-15 05:17:53 UTC

Indeed, EPEL now has v8 3.14 so presumably these have been all addressed.

Note You need to log in before you can comment on or make changes to this bug.