From owner-freebsd-chromium@freebsd.org  Wed Sep  2 10:22:03 2015
Return-Path: <owner-freebsd-chromium@freebsd.org>
Delivered-To: freebsd-chromium@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10B5B9C8338
 for <freebsd-chromium@mailman.ysv.freebsd.org>;
 Wed,  2 Sep 2015 10:22:03 +0000 (UTC) (envelope-from cpm@fbsd.es)
Received: from imap2-2.ox.privateemail.com (imap2-2.ox.privateemail.com
 [192.64.116.207])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "privateemail.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DB9B1258;
 Wed,  2 Sep 2015 10:22:02 +0000 (UTC) (envelope-from cpm@fbsd.es)
Received: from localhost (localhost [127.0.0.1])
 by imap2.ox.privateemail.com (Postfix) with ESMTP id B0B7C8C00BF;
 Wed,  2 Sep 2015 06:22:00 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at imap2.ox.privateemail.com
Received: from imap2.ox.privateemail.com ([127.0.0.1])
 by localhost (imap2.ox.privateemail.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id ZKLvBzpiX1_g; Wed,  2 Sep 2015 06:22:00 -0400 (EDT)
Received: from [192.168.1.33] (138.Red-83-33-58.dynamicIP.rima-tde.net
 [83.33.58.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by imap2.ox.privateemail.com (Postfix) with ESMTPSA id E44ED8C0096;
 Wed,  2 Sep 2015 06:21:59 -0400 (EDT)
Message-ID: <1441189302.97726.2.camel@fbsd.es>
Subject: Document new vulnerabilities in www/chromium < 45.0.2454.85
From: Carlos J Puga Medina <cpm@fbsd.es>
To: rene <rene@freebsd.org>
Cc: freebsd-chromium@freebsd.org
Date: Wed, 02 Sep 2015 12:21:42 +0200
Content-Type: multipart/signed; micalg="pgp-sha1";
 protocol="application/pgp-signature"; 
 boundary="=-seMc7Zsveb397/BmKMcu"
X-Mailer: Evolution 3.16.4 FreeBSD GNOME Team Port 
Mime-Version: 1.0
X-BeenThere: freebsd-chromium@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FreeBSD-specific Chromium issues <freebsd-chromium.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chromium/>
List-Post: <mailto:freebsd-chromium@freebsd.org>
List-Help: <mailto:freebsd-chromium-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 10:22:03 -0000


--=-seMc7Zsveb397/BmKMcu
Content-Type: multipart/mixed; boundary="=-xJdjVc3JYrfDpHZdNT9S"


--=-xJdjVc3JYrfDpHZdNT9S
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Current www/chromium is marked as vulnerable on Google Chrome
website[0].

--- vuln.xml.orig	2015-09-02 02:30:55.000000000 +0200
+++ vuln.xml	2015-09-02 12:18:45.643172000 +0200
@@ -58,6 +58,66 @@
=20
 -->
 <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid=3D"a9350df8-5157-11e5-b5c1-e8e0b747a45a">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>45.0.2454.85</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns=3D"http://www.w3.org/1999/xhtml">;
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite=3D"http://googlechromereleases.blogspot.nl">;
+	  <p>29 security fixes in this release, including:</p>
+	  <ul>
+	    <li>[516377] High CVE-2015-1291: Cross-origin bypass in
DOM. Credit
+	      to anonymous.</li>
+	    <li>[522791] High CVE-2015-1292: Cross-origin bypass in
ServiceWorker. Credit
+	      to Mariusz Mlynski.</li>
+	    <li>[524074] High CVE-2015-1293: Cross-origin bypass in
DOM. Credit
+	      to Mariusz Mlynski.</li>
+	    <li>[492263] High CVE-2015-1294: Use-after-free in Skia.
Credit
+	      to cloudfuzzer.</li>
+	    <li>[502562] High CVE-2015-1295: Use-after-free in
Printing. Credit
+	      to anonymous.</li>
+	    <li>[421332] High CVE-2015-1296: Character spoofing in
omnibox. Credit
+	      to zcorpan.</li>
+	    <li>[510802] Medium CVE-2015-1297: Permission scoping
error in Webrequest. Credit
+	      to Alexander Kashev.</li>
+	    <li>[518827] Medium CVE-2015-1298: URL validation error in
extensions. Credit
+	      to Rob Wu.</li>
+	    <li>[416362] Medium CVE-2015-1299: Use-after-free in
Blink. Credit
+	      to taro.suzuki.dev.</li>
+	    <li>[511616] Medium CVE-2015-1300: Information leak in
Blink. Credit
+	      to cgvwzq.</li>
+	    <li>[526825] CVE-2015-1301: Various fixes from internal
audits, fuzzing and
+	      other initiatives.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2015-1291</cvename>
+      <cvename>CVE-2015-1292</cvename>
+      <cvename>CVE-2015-1293</cvename>
+      <cvename>CVE-2015-1294</cvename>
+      <cvename>CVE-2015-1295</cvename>
+      <cvename>CVE-2015-1296</cvename>
+      <cvename>CVE-2015-1297</cvename>
+      <cvename>CVE-2015-1298</cvename>
+      <cvename>CVE-2015-1299</cvename>
+      <cvename>CVE-2015-1300</cvename>
+      <cvename>CVE-2015-1301</cvename>
+      <url>http://googlechromereleases.blogspot.nl</url>;
+    </references>
+    <dates>
+      <discovery>2015-09-01</discovery>
+      <entry>2015-09-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid=3D"fc1f6658-4f53-11e5-934b-002590263bf5">
     <topic>ghostscript -- denial of service (crash) via crafted
Postscript files</topic>
     <affects>

[0] http://googlechromereleases.blogspot.nl/2015/09/stable-channel-upda
te.html
--=20
Carlos Jacobo Puga Medina <cpm@fbsd.es>
PGP fingerprint =3D C60E 9497 5302 793B CC2D  BB89 A1F3 5D66 E6D0 5453
--=-xJdjVc3JYrfDpHZdNT9S
Content-Disposition: attachment; filename="vuln.diff"
Content-Transfer-Encoding: base64
Content-Type: text/x-patch; name="vuln.diff"; charset="UTF-8"

LS0tIHZ1bG4ueG1sLm9yaWcJMjAxNS0wOS0wMiAwMjozMDo1NS4wMDAwMDAwMDAgKzAyMDAKKysr
IHZ1bG4ueG1sCTIwMTUtMDktMDIgMTI6MTg6NDUuNjQzMTcyMDAwICswMjAwCkBAIC01OCw2ICs1
OCw2NiBAQAogCiAtLT4KIDx2dXhtbCB4bWxucz0iaHR0cDovL3d3dy52dXhtbC5vcmcvYXBwcy92
dXhtbC0xIj4KKyAgPHZ1bG4gdmlkPSJhOTM1MGRmOC01MTU3LTExZTUtYjVjMS1lOGUwYjc0N2E0
NWEiPgorICAgIDx0b3BpYz5jaHJvbWl1bSAtLSBtdWx0aXBsZSB2dWxuZXJhYmlsaXRpZXM8L3Rv
cGljPgorICAgIDxhZmZlY3RzPgorICAgICAgPHBhY2thZ2U+CisJPG5hbWU+Y2hyb21pdW08L25h
bWU+CisJPHJhbmdlPjxsdD40NS4wLjI0NTQuODU8L2x0PjwvcmFuZ2U+CisgICAgICA8L3BhY2th
Z2U+CisgICAgPC9hZmZlY3RzPgorICAgIDxkZXNjcmlwdGlvbj4KKyAgICAgIDxib2R5IHhtbG5z
PSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4KKwk8cD5Hb29nbGUgQ2hyb21lIFJlbGVh
c2VzIHJlcG9ydHM6PC9wPgorCTxibG9ja3F1b3RlIGNpdGU9Imh0dHA6Ly9nb29nbGVjaHJvbWVy
ZWxlYXNlcy5ibG9nc3BvdC5ubCI+CisJICA8cD4yOSBzZWN1cml0eSBmaXhlcyBpbiB0aGlzIHJl
bGVhc2UsIGluY2x1ZGluZzo8L3A+CisJICA8dWw+CisJICAgIDxsaT5bNTE2Mzc3XSBIaWdoIENW
RS0yMDE1LTEyOTE6IENyb3NzLW9yaWdpbiBieXBhc3MgaW4gRE9NLiBDcmVkaXQKKwkgICAgICB0
byBhbm9ueW1vdXMuPC9saT4KKwkgICAgPGxpPls1MjI3OTFdIEhpZ2ggQ1ZFLTIwMTUtMTI5Mjog
Q3Jvc3Mtb3JpZ2luIGJ5cGFzcyBpbiBTZXJ2aWNlV29ya2VyLiBDcmVkaXQKKwkgICAgICB0byBN
YXJpdXN6IE1seW5za2kuPC9saT4KKwkgICAgPGxpPls1MjQwNzRdIEhpZ2ggQ1ZFLTIwMTUtMTI5
MzogQ3Jvc3Mtb3JpZ2luIGJ5cGFzcyBpbiBET00uIENyZWRpdAorCSAgICAgIHRvIE1hcml1c3og
TWx5bnNraS48L2xpPgorCSAgICA8bGk+WzQ5MjI2M10gSGlnaCBDVkUtMjAxNS0xMjk0OiBVc2Ut
YWZ0ZXItZnJlZSBpbiBTa2lhLiBDcmVkaXQKKwkgICAgICB0byBjbG91ZGZ1enplci48L2xpPgor
CSAgICA8bGk+WzUwMjU2Ml0gSGlnaCBDVkUtMjAxNS0xMjk1OiBVc2UtYWZ0ZXItZnJlZSBpbiBQ
cmludGluZy4gQ3JlZGl0CisJICAgICAgdG8gYW5vbnltb3VzLjwvbGk+CisJICAgIDxsaT5bNDIx
MzMyXSBIaWdoIENWRS0yMDE1LTEyOTY6IENoYXJhY3RlciBzcG9vZmluZyBpbiBvbW5pYm94LiBD
cmVkaXQKKwkgICAgICB0byB6Y29ycGFuLjwvbGk+CisJICAgIDxsaT5bNTEwODAyXSBNZWRpdW0g
Q1ZFLTIwMTUtMTI5NzogUGVybWlzc2lvbiBzY29waW5nIGVycm9yIGluIFdlYnJlcXVlc3QuIENy
ZWRpdAorCSAgICAgIHRvIEFsZXhhbmRlciBLYXNoZXYuPC9saT4KKwkgICAgPGxpPls1MTg4Mjdd
IE1lZGl1bSBDVkUtMjAxNS0xMjk4OiBVUkwgdmFsaWRhdGlvbiBlcnJvciBpbiBleHRlbnNpb25z
LiBDcmVkaXQKKwkgICAgICB0byBSb2IgV3UuPC9saT4KKwkgICAgPGxpPls0MTYzNjJdIE1lZGl1
bSBDVkUtMjAxNS0xMjk5OiBVc2UtYWZ0ZXItZnJlZSBpbiBCbGluay4gQ3JlZGl0CisJICAgICAg
dG8gdGFyby5zdXp1a2kuZGV2LjwvbGk+CisJICAgIDxsaT5bNTExNjE2XSBNZWRpdW0gQ1ZFLTIw
MTUtMTMwMDogSW5mb3JtYXRpb24gbGVhayBpbiBCbGluay4gQ3JlZGl0CisJICAgICAgdG8gY2d2
d3pxLjwvbGk+CisJICAgIDxsaT5bNTI2ODI1XSBDVkUtMjAxNS0xMzAxOiBWYXJpb3VzIGZpeGVz
IGZyb20gaW50ZXJuYWwgYXVkaXRzLCBmdXp6aW5nIGFuZAorCSAgICAgIG90aGVyIGluaXRpYXRp
dmVzLjwvbGk+CisJICA8L3VsPgorCTwvYmxvY2txdW90ZT4KKyAgICAgIDwvYm9keT4KKyAgICA8
L2Rlc2NyaXB0aW9uPgorICAgIDxyZWZlcmVuY2VzPgorICAgICAgPGN2ZW5hbWU+Q1ZFLTIwMTUt
MTI5MTwvY3ZlbmFtZT4KKyAgICAgIDxjdmVuYW1lPkNWRS0yMDE1LTEyOTI8L2N2ZW5hbWU+Cisg
ICAgICA8Y3ZlbmFtZT5DVkUtMjAxNS0xMjkzPC9jdmVuYW1lPgorICAgICAgPGN2ZW5hbWU+Q1ZF
LTIwMTUtMTI5NDwvY3ZlbmFtZT4KKyAgICAgIDxjdmVuYW1lPkNWRS0yMDE1LTEyOTU8L2N2ZW5h
bWU+CisgICAgICA8Y3ZlbmFtZT5DVkUtMjAxNS0xMjk2PC9jdmVuYW1lPgorICAgICAgPGN2ZW5h
bWU+Q1ZFLTIwMTUtMTI5NzwvY3ZlbmFtZT4KKyAgICAgIDxjdmVuYW1lPkNWRS0yMDE1LTEyOTg8
L2N2ZW5hbWU+CisgICAgICA8Y3ZlbmFtZT5DVkUtMjAxNS0xMjk5PC9jdmVuYW1lPgorICAgICAg
PGN2ZW5hbWU+Q1ZFLTIwMTUtMTMwMDwvY3ZlbmFtZT4KKyAgICAgIDxjdmVuYW1lPkNWRS0yMDE1
LTEzMDE8L2N2ZW5hbWU+CisgICAgICA8dXJsPmh0dHA6Ly9nb29nbGVjaHJvbWVyZWxlYXNlcy5i
bG9nc3BvdC5ubDwvdXJsPgorICAgIDwvcmVmZXJlbmNlcz4KKyAgICA8ZGF0ZXM+CisgICAgICA8
ZGlzY292ZXJ5PjIwMTUtMDktMDE8L2Rpc2NvdmVyeT4KKyAgICAgIDxlbnRyeT4yMDE1LTA5LTAy
PC9lbnRyeT4KKyAgICA8L2RhdGVzPgorICA8L3Z1bG4+CisKICAgPHZ1bG4gdmlkPSJmYzFmNjY1
OC00ZjUzLTExZTUtOTM0Yi0wMDI1OTAyNjNiZjUiPgogICAgIDx0b3BpYz5naG9zdHNjcmlwdCAt
LSBkZW5pYWwgb2Ygc2VydmljZSAoY3Jhc2gpIHZpYSBjcmFmdGVkIFBvc3RzY3JpcHQgZmlsZXM8
L3RvcGljPgogICAgIDxhZmZlY3RzPgo=


--=-xJdjVc3JYrfDpHZdNT9S--

--=-seMc7Zsveb397/BmKMcu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAABAgAGBQJV5s22AAoJEKHzXWbm0FRTPUMH/1tJFoqNXWMfVPbPqFm39rMB
ciuUEqlG44zNvlrTClRgFjGgEbBwaoLgV5+d0emeRvit53YmdYNkiJt+qY9WY48U
KLx0kF15RyWYHqKz39U9ei43OxEXyodx1FAmKmEPILJ62/UeUAjwZlSdJeTCBOVW
TyS2TN6z4mhm+aeEOxACO/ucllhZV4zYsWVOsUY5+RmYuwT9nfVKdJwEyLbYAP45
fo3Qil3mDbvnfNIHGXMqLxDP+SKpoWxtsjdS6t2EyZcn0IuWWe61isBBgkBtlrBc
xbuuIvLTdrlieXdyrTFCGVtpPUqKj7K09azgoCk+AmPWbAE2kyEF7C64K6Ie1os=
=0GBr
-----END PGP SIGNATURE-----

--=-seMc7Zsveb397/BmKMcu--