CVE-2013-0900

NameCVE-2013-0900
DescriptionRace condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2786-1
NVD severitymedium (attack range: remote)
Debian Bugs702346
Debian/oldoldstablepackage chromium-browser is vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)squeeze, squeeze (security)6.0.472.63~r59945-5+squeeze6vulnerable
wheezy, wheezy (security)37.0.2062.120-1~deb7u1fixed
jessie41.0.2272.118-1fixed
jessie (security)43.0.2357.65-1~deb8u1fixed
stretch42.0.2311.135-2fixed
sid43.0.2357.65-1fixed
icu (PTS)squeeze, squeeze (security)4.4.1-8+squeeze2fixed
squeeze (lts)4.4.1-8+squeeze3fixed
wheezy4.8.1.1-12+deb7u1fixed
wheezy (security)4.8.1.1-12+deb7u2fixed
jessie52.1-8fixed
stretch, sid52.1-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)25.0.1364.97-1medium
chromium-browsersourcesqueeze(unfixed)end-of-life
icusource(unstable)4.8.1.1-12low702346
icusourcesqueeze4.4.1-8+squeeze2mediumDSA-2786-1
icusourcewheezy4.8.1.1-12+deb7u1mediumDSA-2786-1

Notes

[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)

Search for package or bug name: Reporting problems