CVE-2013-0900

NameCVE-2013-0900
DescriptionRace condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2786-1
NVD severitymedium (attack range: remote)
Debian Bugs702346
Debian/oldstablepackage chromium-browser is vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)squeeze (security), squeeze6.0.472.63~r59945-5+squeeze6vulnerable
wheezy, wheezy (security)37.0.2062.120-1~deb7u1fixed
jessie, sid41.0.2272.76-2fixed
icu (PTS)squeeze (security), squeeze4.4.1-8+squeeze2fixed
wheezy4.8.1.1-12+deb7u1fixed
wheezy (security)4.8.1.1-12+deb7u2fixed
jessie, sid52.1-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)25.0.1364.97-1medium
chromium-browsersourcesqueeze(unfixed)end-of-life
icusource(unstable)4.8.1.1-12low702346
icusourcesqueeze4.4.1-8+squeeze2mediumDSA-2786-1
icusourcewheezy4.8.1.1-12+deb7u1mediumDSA-2786-1

Notes

[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)

Search for package or bug name: Reporting problems