Bug 896106

Summary: VUL-0: CVE-2014-3179: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allowattackers to cause ...
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Raymond Wooninck <tittiatcoke>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 12.3   
URL: https://smash.suse.de/issue/106024/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2014-09-10 19:44:35 UTC
CVE-2014-3179

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow
attackers to cause a denial of service or possibly have other impact via unknown
vectors.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3179
https://code.google.com/p/chromium/issues/detail?id=396447
https://code.google.com/p/chromium/issues/detail?id=402255
https://code.google.com/p/chromium/issues/detail?id=403596
https://crbug.com/411014
Comment 1 Swamp Workflow Management 2014-09-10 22:00:45 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2014-11-10 12:06:38 UTC
openSUSE-SU-2014:1378-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 896106
CVE References: CVE-2014-3178,CVE-2014-3188,CVE-2014-3189,CVE-2014-3190,CVE-2014-3191,CVE-2014-3192,CVE-2014-3193,CVE-2014-3194,CVE-2014-3195,CVE-2014-3196,CVE-2014-3197,CVE-2014-3198,CVE-2014-3199,CVE-2014-3200
Sources used:
openSUSE 13.1 (src):    chromium-38.0.2125.104-54.4
Comment 3 Johannes Segitz 2014-11-12 11:15:49 UTC
I see that network:chromium/chromium doesn't build for 12.3. Is it possible to provide a submit for 12.3 nonetheless?
Comment 4 Raymond Wooninck 2014-11-12 11:30:28 UTC
I can submit the current version to 12.3, but I do not see the logic behind such submit.  I have tried to resolve the build errors for 12.3, but they seem to be caused by an too old version of c++11. 

If you want to volunteer to resolve these issues and to create a patch for Chromium so that it builds on 12.3, then I would rather see that you would submit such patch to the network:chromium repo, so that it can be incorporated in further submissions as well.
Comment 5 Johannes Segitz 2014-11-12 16:19:49 UTC
Sadly I don't have time to create a patch like this. Then 12.3 will remain unpatched and we can close this bug.
Comment 6 Raymond Wooninck 2014-11-26 14:01:14 UTC
as agreed, closing bug with the indication that openSUSE 12.3 will no longer receive Chromium updates due to general build issues with later Chromium versions.