Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6650 to the following vulnerability: Name: CVE-2013-6650 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650 Assigned: 20131105 Reference: http://crbug.com/331444 Reference: http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html Reference: https://code.google.com/p/v8/source/detail?r=18483 The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." Upstream fix: https://code.google.com/p/v8/source/diff?spec=svn18483&old=16662&r=18483&format=unidiff&path=%2Fbranches%2Fbleeding_edge%2Fsrc%2Fstore-buffer.cc
Created v8 tracking bugs for this issue: Affects: fedora-all [bug 1059074] Affects: epel-6 [bug 1059075]
This is possibly impact moderate or low with the way v8 is used in Red Hat products and Fedora. Investigation ongoing.
Created attachment 866900 [details] Backport fix with test Hi, I don't have commit rights to v8 package, so here is a patch against fedora master branch with back-ported fix,test and bumped release.
v8-3.14.5.10-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
v8-3.14.5.10-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
v8-3.14.5.10-6.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1744 https://rhn.redhat.com/errata/RHSA-2014-1744.html