|Description||Multiple unspecified vulnerabilities in Google V8 before 18.104.22.168, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||high (attack range: remote)|
|Debian/oldstable||packages chromium-browser, libv8 are vulnerable. |
|Debian/stable||package libv8 is vulnerable. |
|Debian/testing||package libv8-3.14 is vulnerable; however, the security impact is unimportant.|
|Debian/unstable||package libv8-3.14 is vulnerable; however, the security impact is unimportant.|
Vulnerable and fixed packages
The table below lists information on source packages.
|chromium-browser (PTS)||squeeze (security), squeeze||6.0.472.63~r59945-5+squeeze6||vulnerable|
|wheezy, wheezy (security)||37.0.2062.120-1~deb7u1||fixed|
|libv8-3.14 (PTS)||jessie, sid||22.214.171.124-8.1||vulnerable|
The information below is based on the following data on fixed versions.
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
libv8 not covered by security support