[v8/el6: 1/2] backport fix for out-of-bounds read DoS
T.C. Hollingsworth
patches at fedoraproject.org
Fri Dec 13 18:44:19 UTC 2013
commit 0177f64edda76802516c0bd6dba356a216191207
Author: T.C. Hollingsworth <tchollingsworth at gmail.com>
Date: Fri Aug 2 13:04:50 2013 -0700
backport fix for out-of-bounds read DoS
(RHBZ#1039889; CVE-2013-6640)
v8.spec | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/v8.spec b/v8.spec
index 4b66451..9a304d2 100644
--- a/v8.spec
+++ b/v8.spec
@@ -23,7 +23,7 @@
Name: v8
Version: %{somajor}.%{sominor}.%{sobuild}.%{sotiny}
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 1
Summary: JavaScript Engine
Group: System Environment/Libraries
@@ -40,6 +40,9 @@ Patch1: v8-3.14.5.8-CVE-2013-2634.patch
#backport fix for CVE-2013-2882 (RHBZ#991116)
Patch2: v8-3.14.5.10-CVE-2013-2882.patch
+#backport fix for CVE-2013-6640 (RHBZ#1039889)
+Patch3: v8-3.14.5.10-CVE-2013-6640.patch
+
%description
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
@@ -57,6 +60,7 @@ Development headers and libraries for v8.
%setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
+%patch3 -p1
# -fno-strict-aliasing is needed with gcc 4.4 to get past some ugly code
PARSED_OPT_FLAGS=`echo \'$RPM_OPT_FLAGS -fPIC -fno-strict-aliasing -Wno-unused-parameter -Wno-error=strict-overflow -Wno-error=unused-local-typedefs -Wno-unused-but-set-variable\'| sed "s/ /',/g" | sed "s/',/', '/g"`
@@ -214,6 +218,9 @@ rm -rf %{buildroot}
%{python_sitelib}/j*.py*
%changelog
+* Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-3
+- backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)
+
* Fri Aug 02 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-2
- backport fix for remote DoS or unspecified other impact via type confusion
(RHBZ#991116; CVE-2013-2882)
More information about the scm-commits
mailing list