Bug 1091838 (CVE-2014-1735) - CVE-2014-1735 v8: multiple vulnerabilities fixed in Google Chrome 34.0.1847.131
Summary: CVE-2014-1735 v8: multiple vulnerabilities fixed in Google Chrome 34.0.1847.131
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-1735
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1091840
TreeView+ depends on / blocked
 
Reported: 2014-04-28 07:32 UTC by Murray McAllister
Modified: 2020-05-31 07:30 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 14:06:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Murray McAllister 2014-04-28 07:32:06 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1735 to
the following vulnerability:

Name: CVE-2014-1735
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1735
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Reference: https://code.google.com/p/chromium/issues/detail?id=359130
Reference: https://code.google.com/p/chromium/issues/detail?id=359525
Reference: https://code.google.com/p/chromium/issues/detail?id=360429
Reference: https://code.google.com/p/v8/source/detail?r=20501
Reference: https://code.google.com/p/v8/source/detail?r=20622
Reference: https://code.google.com/p/v8/source/detail?r=20624
Reference: https://src.chromium.org/viewvc/blink?revision=171077&view=revision
Reference: https://src.chromium.org/viewvc/blink?revision=171127&view=revision

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X and
before 34.0.1847.132 on Linux, allow attackers to cause a denial of
service or possibly have other impact via unknown vectors.

It appears as though the Fedora packages may not be affected.
Comment 1 Tomas Hoger 2014-06-16 19:58:38 UTC 
https://code.google.com/p/chromium/issues/detail?id=359525
https://code.google.com/p/v8/source/detail?r=20501

This fix is not applicable to v8 3.14.

https://code.google.com/p/chromium/issues/detail?id=359130
https://src.chromium.org/viewvc/blink?revision=171077&view=revision

https://code.google.com/p/chromium/issues/detail?id=360429
https://src.chromium.org/viewvc/blink?revision=171127&view=revision

These bugs are still non-public.  There does not seem to be any v8 commit referring to those bug ids.  They are only referenced by the linked blink commits, which are not applicable to v8.  We're currently unable to determine if there may be any fix applicable to v8 in Fedora and Red Hat products.
Comment 2 Tomas Hoger 2014-08-06 14:06:19 UTC 
(In reply to Tomas Hoger from comment #1)
> https://code.google.com/p/chromium/issues/detail?id=359130
> https://src.chromium.org/viewvc/blink?revision=171077&view=revision
> 
> https://code.google.com/p/chromium/issues/detail?id=360429
> https://src.chromium.org/viewvc/blink?revision=171127&view=revision
> 
> These bugs are still non-public.  There does not seem to be any v8 commit
> referring to those bug ids.  They are only referenced by the linked blink
> commits, which are not applicable to v8. 

Bugs are public now.  They only refer to Blink and hence are not applicable to v8.
Note You need to log in before you can comment on or make changes to this bug.