On Sun, Jun 2, 2013 at 9:32 AM, Nick Boyce wrote: > On Wednesday 29 May 2013 15:23:54 Michael Gilbert wrote: > >> or possibly have unspecified other impact via unknown vectors. > > I'm just wondering ... is that Google language for "or possibly allow remote > code execution" ? > > The phrase occurs for many of the vulnerabilities listed in the advisory, and > most browser release notices cure some bugs that may allow remote code > execution ... but not one of the vulnerabilities listed in this one refers to > rce. > > I'm wondering whether the phrasing of the descriptions of the CVEs listed in > this advisory is Google's choice .....
That is the intentionally vague language of CVE (e.g. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2837). The do that because there are an incredibly large number of issues per year (getting close to 10,000/year now), and it is unfeasible to have someone accurately study and write-up every one of them. In terms of chromium, your best bet is simply to wait for the bugs to become unembargoed (e.g. https://code.google.com/p/chromium/issues/detail?id=235638). Best wishes, Mike -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MNhkwyQW0=ssvdnotrecwr2y+qbn-591ofqnuensv7...@mail.gmail.com
