[SECURITY] Fedora 18 Update: v8-3.14.5.10-2.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Thu Aug 15 03:02:47 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-14205
2013-08-03 22:45:53
--------------------------------------------------------------------------------
Name : v8
Product : Fedora 18
Version : 3.14.5.10
Release : 2.fc18
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."
Please note that this issue's impact on Node.js is somewhat lessened since it
does not typically execute JavaScript from foreign sources.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 2 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-2
- backport fix for remote DoS or unspecified other impact via type confusion
(RHBZ#991116; CVE-2013-2882)
* Wed May 29 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-1
- new upstream release 3.14.5.10
* Mon May 6 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 1:3.14.5.8-2
- Fix ownership of include directory (#958729)
* Fri Mar 22 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.8-1
- new upstream release 3.14.5.8
- backport security fix for remote DoS via crafted javascript (RHBZ#924495; CVE-2013-2632)
* Mon Mar 11 2013 Stephen Gallagher <sgallagh at redhat.com> - 1:3.14.5.7-3
- Update to v8 3.14.5.7 for Node.js 0.10.0
* Sat Jan 26 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.13.7.5-2
- rebuild for icu-50
- ignore new GCC 4.8 warning
* Tue Dec 4 2012 Tom Callaway <spot at fedoraproject.org> - 1:3.13.7.5-1
- update to 3.13.7.5 (needed for chromium 23)
- Resolves multiple security issues (CVE-2012-5120, CVE-2012-5128)
- d8 is now using a static libv8, resolves bz 881973)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #991116 - CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion
https://bugzilla.redhat.com/show_bug.cgi?id=991116
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list