Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2838 to the following vulnerability: Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. References: [1] http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html [2] https://code.google.com/p/chromium/issues/detail?id=235311 Upstream patch (covering multiple issues besides #235311): [3] http://code.google.com/p/v8/source/detail?r=14498
This issue affects the versions of the v8 package, as shipped with Fedora release of 17 and 18. Please schedule an update. -- This issue affects the version of the v8 package, as shipped with Fedora EPEL-6. Please schedule an update.
Created v8 tracking bugs for this issue Affects: fedora-all [bug 966127] Affects: epel-6 [bug 966128]
Node.js upstream notified in issue 5535: https://github.com/joyent/node/issues/5535 Any indication whether this affects the 3.16 stable branch of V8 used in Fedora? The upstream bug is still embargoed and there haven't been any pushes to this branch upstream since April. That patch contains a lot of unrelated changes so can't be backported, so I cannot take any action in Fedora or EPEL at this time. I'll have to wait for feedback here or from Node.js upstream (who is in much better contact with V8 upstream than myself).
The actual patch is: https://code.google.com/p/v8/source/detail?r=14481 This bug never affected the stable 3.16 series in Fedora, so no action is needed. Closing NEXTRELEASE because when we update v8 we'll definitely update to a version that already has this fixed.
(In reply to T.C. Hollingsworth from comment #4) > This bug never affected the stable 3.16 series in Fedora Was this rather meant to say 3.14? It does not seem 3.16 was ever in Fedora. Any details on why 3.14/.16 was unaffected? The fix seems applicable.
Yeah, I meant 3.14, sorry. The determination was made by the lead Node.js upstream developer: https://github.com/joyent/node/issues/5535#issuecomment-18316882 To double-check, I ran the relevant regression test [1] and it passes with our current v8. [1] https://github.com/v8/v8/blob/a295634/test/mjsunit/regress/regress-235311.js
Thank you! I did see node upstream ticket comment, and check with reproducer with the same results. I could not see where the difference lies.