Bug 1086120 (CVE-2014-1729) - CVE-2014-1729 v8: multiple unspecified vulnerabilities fixed in Google Chrome 34.0.1847.116
Summary: CVE-2014-1729 v8: multiple unspecified vulnerabilities fixed in Google Chrome...
Alias: CVE-2014-1729
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1086123 1086124
Blocks: 1086126
TreeView+ depends on / blocked
Reported: 2014-04-10 07:20 UTC by Murray McAllister
Modified: 2020-11-05 10:33 UTC (History)
53 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-09-04 13:12:05 UTC

Attachments (Terms of Use)

Description Murray McAllister 2014-04-10 07:20:02 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1729 to
the following vulnerability:

Name: CVE-2014-1729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1729
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=345820
Reference: https://code.google.com/p/chromium/issues/detail?id=347262
Reference: https://code.google.com/p/chromium/issues/detail?id=348319
Reference: https://code.google.com/p/chromium/issues/detail?id=350863
Reference: https://code.google.com/p/chromium/issues/detail?id=352982
Reference: https://code.google.com/p/chromium/issues/detail?id=355586
Reference: https://code.google.com/p/chromium/issues/detail?id=358059
Reference: https://code.google.com/p/v8/source/detail?r=19572
Reference: https://code.google.com/p/v8/source/detail?r=19584
Reference: https://code.google.com/p/v8/source/detail?r=19923
Reference: https://code.google.com/p/v8/source/detail?r=20033
Reference: https://code.google.com/p/v8/source/detail?r=20345
Reference: https://code.google.com/p/v8/source/detail?r=20409

Multiple unspecified vulnerabilities in Google V8 before,
as used in Google Chrome before 34.0.1847.116, allow attackers to
cause a denial of service or possibly have other impact via unknown

This is possibly impact moderate or low with the way v8 is used in Red Hat products and Fedora. Investigation ongoing.

Comment 1 Murray McAllister 2014-04-10 07:23:38 UTC
Created v8 tracking bugs for this issue:

Affects: fedora-all [bug 1086123]
Affects: epel-6 [bug 1086124]

Comment 3 Tomas Hoger 2014-09-04 13:12:05 UTC
(In reply to Tomas Hoger from comment #2)
> https://code.google.com/p/chromium/issues/detail?id=350863
> https://code.google.com/p/v8/source/detail?r=19923
> Private bug report.  This is a follow-up fix for one of the issues under
> CVE-2013-6668 / bug 1074737.

This issue is not reproducible with v8 3.14.  The Hydrogen CFG generated by 3.24/3.25 where this issue was corrected is significantly different form the 3.14 output.  3.14 does not seem affected by this issue.

Note You need to log in before you can comment on or make changes to this bug.