Date: Fri, 11 Jan 2013 00:32:48 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310212 - head/security/vuxml Message-ID: <201301110032.r0B0WmPc090690@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Fri Jan 11 00:32:48 2013 New Revision: 310212 URL: http://svnweb.freebsd.org/changeset/ports/310212 Log: Document vulnerabilities in www/chromium < 24.0.1312.52 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 10 23:56:33 2013 (r310211) +++ head/security/vuxml/vuln.xml Fri Jan 11 00:32:48 2013 (r310212) @@ -51,6 +51,106 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="46bd747b-5b84-11e2-b06d-00262d5ed8ee"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>24.0.1312.52</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates"> + <p>[162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit + to Atte Kettunen of OUSPG.</p> + <p>[165622] High CVE-2012-5146: Same origin policy bypass with + malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, + both of Facebook.</p> + <p>[165864] High CVE-2012-5147: Use-after-free in DOM handling. + Credit to José A. Vázquez.</p> + <p>[167122] Medium CVE-2012-5148: Missing filename sanitization in + hyphenation support. Credit to Google Chrome Security Team (Justin + Schuh).</p> + <p>[166795] High CVE-2012-5149: Integer overflow in audio IPC + handling. Credit to Google Chrome Security Team (Chris Evans).</p> + <p>[165601] High CVE-2012-5150: Use-after-free when seeking video. + Credit to Google Chrome Security Team (Inferno).</p> + <p>[165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. + Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, + both of Google Security Team.</p> + <p>[165430] Medium CVE-2012-5152: Out-of-bounds read when seeking + video. Credit to Google Chrome Security Team (Inferno).</p> + <p>[164565] High CVE-2012-5153: Out-of-bounds stack access in v8. + Credit to Andreas Rossberg of the Chromium development + community.</p> + <p>[Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for + worker processes. Credit to Google Chrome Security Team (Julien + Tinnes).</p> + <p>[162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit + to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both + of Google Security Team.</p> + <p>[162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF + image handling. Credit to Mateusz Jurczyk, with contribution from + Gynvael Coldwind, both of Google Security Team.</p> + <p>[162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit + to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both + of Google Security Team.</p> + <p>[162114] High CVE-2013-0829: Corruption of database metadata + leading to incorrect file access. Credit to Google Chrome Security + Team (Jüri Aedla).</p> + <p>[161836] Low CVE-2013-0831: Possible path traversal from extension + process. Credit to Google Chrome Security Team (Tom Sepez).</p> + <p>[160380] Medium CVE-2013-0832: Use-after-free with printing. + Credit to Google Chrome Security Team (Cris Neckar).</p> + <p>[154485] Medium CVE-2013-0833: Out-of-bounds read with printing. + Credit to Google Chrome Security Team (Cris Neckar).</p> + <p>[154283] Medium CVE-2013-0834: Out-of-bounds read with glyph + handling. Credit to Google Chrome Security Team (Cris Neckar).</p> + <p>[152921] Low CVE-2013-0835: Browser crash with geolocation. Credit + to Arthur Gerkis.</p> + <p>[150545] High CVE-2013-0836: Crash in v8 garbage collection. + Credit to Google Chrome Security Team (Cris Neckar).</p> + <p>[145363] Medium CVE-2013-0837: Crash in extension tab handling. + Credit to Tom Nielsen.</p> + <p>[Linux only] [143859] Low CVE-2013-0838: Tighten permissions on + shared memory segments. Credit to Google Chrome Security Team + (Chris Palmer).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-5145</cvename> + <cvename>CVE-2012-5146</cvename> + <cvename>CVE-2012-5147</cvename> + <cvename>CVE-2012-5148</cvename> + <cvename>CVE-2012-5149</cvename> + <cvename>CVE-2012-5150</cvename> + <cvename>CVE-2012-5151</cvename> + <cvename>CVE-2012-5152</cvename> + <cvename>CVE-2012-5153</cvename> + <cvename>CVE-2012-5155</cvename> + <cvename>CVE-2012-5156</cvename> + <cvename>CVE-2012-5157</cvename> + <cvename>CVE-2013-0828</cvename> + <cvename>CVE-2013-0829</cvename> + <cvename>CVE-2013-0831</cvename> + <cvename>CVE-2013-0832</cvename> + <cvename>CVE-2013-0833</cvename> + <cvename>CVE-2013-0834</cvename> + <cvename>CVE-2013-0835</cvename> + <cvename>CVE-2013-0836</cvename> + <cvename>CVE-2013-0837</cvename> + <cvename>CVE-2013-0838</cvename> + <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url> + </references> + <dates> + <discovery>2013-01-10</discovery> + <entry>2013-01-11</entry> + </dates> + </vuln> + <vuln vid="a4ed6632-5aa9-11e2-8fcb-c8600054b392"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301110032.r0B0WmPc090690>