Candidate: CVE-2017-5088
PublicDate: 2017-10-27 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5088
 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
Description:
 Insufficient validation of untrusted input in V8 in Google Chrome prior to
 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android,
 allowed a remote attacker to perform out of bounds memory access via a
 crafted HTML page.
Ubuntu-Description:
Notes:
 mikesalvatore> The Ubuntu Security Team does not support libv8
Bugs:
Priority: medium
Discovered-by: Xiling Gong
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_chromium-browser:
upstream_chromium-browser: released (59.0.3071.104)
precise/esm_chromium-browser: DNE
trusty_chromium-browser: released (59.0.3071.109-0ubuntu0.14.04.1186)
trusty/esm_chromium-browser: DNE (trusty was released [59.0.3071.109-0ubuntu0.14.04.1186])
vivid/ubuntu-core_chromium-browser: DNE
xenial_chromium-browser: released (59.0.3071.109-0ubuntu0.16.04.1289)
yakkety_chromium-browser: released (59.0.3071.109-0ubuntu0.16.10.1357)
zesty_chromium-browser: released (59.0.3071.109-0ubuntu0.17.04.1360)
artful_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
bionic_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
cosmic_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)
devel_chromium-browser: released (59.0.3071.109-0ubuntu1.1360)

Patches_oxide-qt:
upstream_oxide-qt: needed
precise/esm_oxide-qt: DNE
trusty_oxide-qt: ignored (Ubuntu touch end-of-life)
trusty/esm_oxide-qt: DNE (trusty was ignored [Ubuntu touch end-of-life])
vivid/ubuntu-core_oxide-qt: DNE
xenial_oxide-qt: ignored (Ubuntu touch end-of-life)
esm-infra/xenial_oxide-qt: ignored (Ubuntu touch end-of-life)
yakkety_oxide-qt: ignored (reached end-of-life)
zesty_oxide-qt: ignored (reached end-of-life)
artful_oxide-qt: ignored (reached end-of-life)
bionic_oxide-qt: DNE
cosmic_oxide-qt: DNE
devel_oxide-qt: DNE

Patches_libv8-3.14:
upstream_libv8-3.14: needed
precise/esm_libv8-3.14: DNE
trusty_libv8-3.14: ignored (libv8 not supported)
trusty/esm_libv8-3.14: DNE (trusty was ignored [libv8 not supported])
vivid/ubuntu-core_libv8-3.14: DNE
xenial_libv8-3.14: ignored (libv8 not supported)
yakkety_libv8-3.14: ignored (reached end-of-life)
zesty_libv8-3.14: ignored (reached end-of-life)
artful_libv8-3.14: ignored (reached end-of-life)
bionic_libv8-3.14: ignored (libv8 not supported)
cosmic_libv8-3.14: ignored (libv8 not supported)
devel_libv8-3.14: ignored (libv8 not supported)