[SECURITY] Fedora 18 Update: v8-3.14.5.8-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Fri Apr 5 23:03:21 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-20578
2012-12-18 21:17:35
--------------------------------------------------------------------------------
Name : v8
Product : Fedora 18
Version : 3.14.5.8
Release : 1.fc18
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.
--------------------------------------------------------------------------------
Update Information:
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.8-1
- new upstream release 3.14.5.8
- backport security fix for remote DoS via crafted javascript (RHBZ#924495; CVE-2013-2632)
* Mon Mar 11 2013 Stephen Gallagher <sgallagh at redhat.com> - 1:3.14.5.7-3
- Update to v8 3.14.5.7 for Node.js 0.10.0
* Sat Jan 26 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.13.7.5-2
- rebuild for icu-50
- ignore new GCC 4.8 warning
* Tue Dec 4 2012 Tom Callaway <spot at fedoraproject.org> - 1:3.13.7.5-1
- update to 3.13.7.5 (needed for chromium 23)
- Resolves multiple security issues (CVE-2012-5120, CVE-2012-5128)
- d8 is now using a static libv8, resolves bz 881973)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #896266 - CVE-2012-5153 v8: DoS due to crafted JavaScript code that causes out-of-bounds access to stack memory
https://bugzilla.redhat.com/show_bug.cgi?id=896266
[ 2 ] Bug #896272 - CVE-2013-0836 v8: DoS due to improperly implemented garbage collection
https://bugzilla.redhat.com/show_bug.cgi?id=896272
[ 3 ] Bug #924495 - CVE-2013-2632 v8: remote DoS via crafted javascript
https://bugzilla.redhat.com/show_bug.cgi?id=924495
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list