-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2732-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
July 31, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884
CVE-2013-2885 CVE-2013-2886
Several vulnerabilities have been discovered in the Chromium web browser.
CVE-2013-2881
Karthik Bhargavan discovered a way to bypass the Same Origin Policy
in frame handling.
CVE-2013-2882
Cloudfuzzer discovered a type confusion issue in the V8 javascript
library.
CVE-2013-2883
Cloudfuzzer discovered a use-after-free issue in MutationObserver.
CVE-2013-2884
Ivan Fratric of the Google Security Team discovered a use-after-free
issue in the DOM implementation.
CVE-2013-2885
Ivan Fratric of the Google Security Team discovered a use-after-free
issue in input handling.
CVE-2013-2886
The chrome 28 development team found various issues from internal
fuzzing, audits, and other studies.
For the stable distribution (wheezy), these problems have been fixed in
version 28.0.1500.95-1~deb7u1.
For the testing distribution (jessie), these problems wil be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 28.0.1500.95-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQQcBAEBCgAGBQJR+dsQAAoJELjWss0C1vRzPl0gAJnnwlUpiQLN/n7cg4YNUvfS
iFVnVRfOu4ELbBwdHNFi4gZ5pzfDR10E4YmSLechqTW/0pRySYQGKhcXDTq+zHt/
3V1t9Y+xRQKS1auZqDMqZEdyVMFKsrfd6i1uH+7A+76Xa3wnG3nmyut670VihbXt
w5feqXeo6KI/mbFT5XtrLj6nBV+bBRl+VhkXnlQbOKGXGHLpOY5VzmytaU5ZIqFW
7IYmtrMBUbIIwdKG3NfHa+bz9342p9j0f54AKHmMEcCkITzyTaO+k27oZTZd8hS8
u9BlyCNl0Ps4/oiolttTnIFaRl7pmVtycXpqlTWFw/VtYmyQllGLAFA+z57OGC6o
C0fhJYTjDAraVqZX0izJrdANeS5VyD+rbYAIfrg1gO60fQopcoTXTJ1qbi+TSwYm
PAAkjCPAbsB1yJvLT+ecBqC9cT4os/+GafpUl/griHrGlt9pFgY7aQ6Tqkc5VhVV
c+PVPRPJf+LJQBEGgZWgeI89t4IzKN/3ba8vdEgB5gqx28+p91yPLV0HIqEfUkvu
WiP9Lky832UpNl3bNZGh32Xjw9wpPszp2N5Imwyt21NU07zL1bLePrkS6e0Nw30M
zwu7yN6r5ZnU+kpR/kwi9LmsVzcIrWUH8KSQ5F3rXqiODR2n/Xn6ZbYvw6hMzzOk
2uP8SGESvCfi/lHXqof2dj4TXnHDx/2aufCiRA3Y+qxpj1byt5qnhjx6NDaoMR/0
R0onKGGqv07IcPWxogNe3kQQ+fSNu2YgBLodu96aSgFYeMMnhOkESPsPGLnSy2B6
7vEqF2WH/34mGITfhl8luZ0hyeVDtWwhY34SJHnuHackXa970843w0vPJ3zq2m6x
do5QaYwL+3skGwDgn/nRxveqoLPprJH0ToRqhdwvuELZ7uSS4l8jXblc/H/0bLco
ZNrQU4T7rE1+bW23wafka75MjVkzNA7eJRFmqR1ds9Y6QwmlrZcE4i5FabF8rZZI
V5Bxp+kzxDiYlv+z4vZpDj8ZHBO9OK3Az37mnwAthIjWstjFBNvLhgIAaXFFJ5p1
TwHMvGQyZledPL2mV7vwx6f2gpWPaIlZFm0aCFG0Dr/rzYMKf9V7KZuiVFfAjJUI
pQWfO6wbkZU5vmIwudfdgH0C28tDawKy8tYd+7mFBvJZYh4lj+0Wceu37F1oN9Aq
asyjyw/ubrqaVgKHeQw3VKxZWr836vrzIrZhUPP/aadejx+ABuBqvIsNRZA8Ei6g
AE8FchyWiXFviiWTJmMILNlf6IsvysZbqkDAocUjfqy2QwfnL1CoM5fTcK+8koaA
nZmdh50Da2Q9xmsWnJbbk4ANbJP7kkEnbreeifcO1Z97pN4EkwZ16SL4BK0jRAk=
=AyVH
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/51fc4361.ZV0jqT/omLoOTmW2%mgilbert@debian.org
No comments:
Post a Comment