Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

17-04 ChakraCore servicing release #2834

Merged
merged 2 commits into from Apr 14, 2017
Merged

17-04 ChakraCore servicing release #2834

merged 2 commits into from Apr 14, 2017

Conversation

rajatd
Copy link
Contributor

@rajatd rajatd commented Apr 13, 2017

Fixes the following CVEs impacting ChakraCore
CVE-2017-0093
CVE-2017-0208

satheeshravi and others added 2 commits April 13, 2017 12:49
@satheeshravi @rajatd
[CVE-2017-0208] Fix integer overflow in string.repeat
54d6d08 
When using repeat API on javascript strings, we aren't checking for the upper cap of the length property.
Fix:
Instead of directly setting the length property in the constructor - We are now calling SetLength() - which also checks for the upper cap and throws OOM.
	       i
@Cellule @rajatd
[CVE-2017-0093] Type confusion in asm.js arguments
303d997 
When calling eval we pass an additional argument to the function. If we've assigned an asm.js function to eval, then we need to remove that additional argument before getting the arguments
@rajatd rajatd changed the title 17-03 ChakraCore servicing release 17-04 ChakraCore servicing release Apr 13, 2017
@akroshg
Copy link
Contributor

akroshg commented Apr 13, 2017

LGTM

@chakrabot chakrabot merged commit 303d997 into chakra-core:release/1.4 Apr 14, 2017
chakrabot pushed a commit that referenced this pull request Apr 14, 2017
@rajatd
[MERGE #2834 @rajatd] 17-04 ChakraCore servicing release
c3fd2a9 
Merge pull request #2834 from rajatd:release/1704

Fixes the following CVEs impacting ChakraCore
CVE-2017-0093
CVE-2017-0208
chakrabot pushed a commit that referenced this pull request Apr 14, 2017
@rajatd
[1.4>2.0] [MERGE #2834 @rajatd] 17-04 ChakraCore servicing release
1bdedfa 
Merge pull request #2834 from rajatd:release/1704

Fixes the following CVEs impacting ChakraCore
CVE-2017-0093
CVE-2017-0208
chakrabot pushed a commit that referenced this pull request Apr 14, 2017
@rajatd
[2.0>master] [1.4>2.0] [MERGE #2834 @rajatd] 17-04 ChakraCore servici…
973bffb 
…ng release

Merge pull request #2834 from rajatd:release/1704

Fixes the following CVEs impacting ChakraCore
CVE-2017-0093
CVE-2017-0208
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikeHolman MikeHolman MikeHolman approved these changes

@Cellule Cellule Awaiting requested review from Cellule

@akroshg akroshg Awaiting requested review from akroshg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@rajatd @akroshg @MikeHolman @msftclas @chakrabot @satheeshravi @Cellule