-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 security@xxxxxxxxxx http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing commands. CVE-2013-6636 Bas Venis discovered an address bar spoofing issue. CVE-2013-6637 The chrome 31 development team discovered and fixed multiple issues with potential security impact. CVE-2013-6638 Jakob Kummerow of the Chromium project discoved a buffer overflow in the v8 javascript library. CVE-2013-6639 Jakob Kummerow of the Chromium project discoved an out-of-bounds write in the v8 javascript library. CVE-2013-6640 Jakob Kummerow of the Chromium project discoved an out-of-bounds read in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 31.0.1650.63-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.0.1650.63-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSo+2XAAoJELjWss0C1vRzcIcf/0IeLihtqzUhizWyxZEDPlEq ZWfz1Vjo42ZqDJDacvh5HqdLARgVXsiRhJFqmcuThOxJGWR961zJEBCVa0uXbqpN TuRI+YY7viTyrBXCa29RX9cB/EADmkqeFswMb1RpcgbmxJaSoOUU0bdqX2fOrN8E yDTwSe//XQRinGuajNiBO1sWyGmRzquZnZwgmWL37raqg8eLKhHvYeuL+TQvVQwi 9/orPVoMELNDKrlupWFXChZSvc8kUuXAuBk0UI4OlTupsscsiaEWOdcPRssTwIO+ Zk9j7XS1OxZAcHD4iO8BeiGJjjymUvcqB7w8dv/S/2ehAYlptab0QNzsG//FTKGa UuNgzD2d8ntMcXSXdcs2BqmWYFF2CI1hQYgCdSUGAp5nRjp8Y3TV+VykmgzjzMHN nOIEXOHSsagMbn1pfmEn8mYv/Hkz38f04LStchD62Mvb9QHXQNtr9TOiJ3wbz3UI wNN1faGePKz6bO3X2tSQboWmKjOfDL5XBJC27Jovpbyqk8zDA5ConHshkxSL7SPX 2MjMjbSUO1rpjehA1PLuruOwVQd1uRL/IgEhAqMWlXcwFI3Lo8C3pZfRHuuTQpJx zUbVq6Kr88EoXfF7P6KnYd10C8mOwMu6Hj5iB/go7gOEiXrqGVa2KlVTVhVege9P WDFweF5dYYhZ1kAB5nxzza5KZJtXX9aFkAK1fmyEc7CwyRB19r+Sm3TQwstgoF0t 0CPCwqQJNG2kLsir4nnB6mcJX9pkwX469qSeWul+3pp5026KmVGXhGtk7pcdIN7j Qyav6UD2bywqt+5RaIIp+hygo1ZOkJ0bhni4PUK1IdCwC3aZqf1pukguBDy7zZb7 UqEzRyoaLgH0S0tmGnvFj/gRWMzkyxXLS/U84d/rBLVV61Irig/4G+gNlAaF2t1p aSluBs5OOuGmyYNzQgs8jNmGdUR4Rx4l7a0Nol9jw8nwMMTjp7VQRUB4uMEWVOQ1 4ooAJ2ne3vqupJ1E21zk71d24+4MYrr/B2mXYQ0GsaDU+0bnODiEbKsliGwoRQGq 2ZXDzL+0SDLossIPYLWTx1s+DChrzoEVdp6n/3z6uul9/AzNc6U2FsCU1XAh3G/+ 7LDqBIcnRX/fQ9p1yxPwo16kko5mJQlKkqgI9IDpNM/Lg7FCVl4+yE7uqR1B1fsc WJN+t0M9uEO6EMO4pK/c91Xna2JP7xVcqsaCf1QI3WhNQnHoGzSX7E/BZYDkUmlR kdkBp6F4izLt3hrz0qaVgIrslrPNwHphMOIlX/TzPMhY6etqQLQ8GXIS7SbqgG53 yWLQbsqo+1/d5QtTox5JfPFFTRCLKJGP8UrHjN7ZMmlBnTuZ5jR0oO+ITube2pM= =5Qyo -----END PGP SIGNATURE-----
