New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 766990 link

Starred by 1 user
Status: Duplicate
Merged: issue 110277
Owner:
mnissler@chromium.org
Closed: Sep 2017
Cc:
kerrnel@chromium.org
dominicc@chromium.org
scottmg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

Chromium: Vulnerability reported in libxslt

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 20 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: libxslt
Package Version: [cpe:/a:xmlsoft:libxslt:1.1.26]

Advisory: CVE-2011-3970
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2011-3970
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Comment 1 by palmer@chromium.org, Sep 20 2017

Cc: kerrnel@chromium.org dominicc@chromium.org scottmg@chromium.org
Components: Blink>XML
Labels: -Pri-2 M-62 OS-Chrome Pri-1
Owner: mnissler@chromium.org
Status: Assigned (was: Unconfirmed)
Same as before: Hopefully we're much more up-to-date than 2011, right?

Comment 2 by mnissler@chromium.org, Sep 21 2017

Mergedinto: 110277
Status: Duplicate (was: Assigned)
Project Member

Comment 3 by sheriffbot@chromium.org, Dec 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment