Date: Wed, 2 Aug 2017 00:28:29 +0000 (UTC) From: "Carlos J. Puga Medina" <cpm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r447083 - head/security/vuxml Message-ID: <201708020028.v720STIN019977@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cpm Date: Wed Aug 2 00:28:29 2017 New Revision: 447083 URL: https://svnweb.freebsd.org/changeset/ports/447083 Log: Document new vulnerabilities in www/chromium < 60.0.3112.78 Obtained from: https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 1 22:33:36 2017 (r447082) +++ head/security/vuxml/vuln.xml Wed Aug 2 00:28:29 2017 (r447083) @@ -58,6 +58,98 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7d138476-7710-11e7-88a1-e8e0b747a45a"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-pulse</name> + <range><lt>60.0.3112.78</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"> + <p>40 security fixes in this release, including:</p> + <ul> + <li>[728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by + Ned Williamson on 2017-06-02</li> + <li>[733549] High CVE-2017-5092: Use after free un PPAPI. Reported by + Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15</li> + <li>[550017] High CVE-2017-5093: UI spoofing in Blink. Reported by + Luan Herrera on 2015-10-31</li> + <li>[702946] High CVE-2017-5094: Type confusion in extensions. Reported by + Anonymous on 2017-03-19</li> + <li>[732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by + Anonymous on 2017-06-13</li> + <li>[714442] High CVE-2017-5096: User information leak via Android intents. Reported by + Takeshi Terada on 2017-04-23</li> + <li>[740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by + Anonymous on 2017-07-11</li> + <li>[740803] High CVE-2017-5098: Use after free in V8. Reported by + Jihoon Kim on 2017-07-11</li> + <li>[733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by + Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15</li> + <li>[718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by + Anonymous on 2017-05-04</li> + <li>[681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by + Luan Herrera on 2017-01-17</li> + <li>[727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by + Anonymous on 2017-05-30</li> + <li>[726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by + Anonymous on 2017-05-25</li> + <li>[729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by + Khalil Zhani on 2017-06-02</li> + <li>[742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. Reported by + Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative</li> + <li>[729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by + Rayyan Bijoora on 2017-06-06</li> + <li>[714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by + Jack Zac on 2017-04-24</li> + <li>[686253] Low CVE-2017-5107: User information leak via SVG. Reported by + David Kohlbrenner of UC San Diego on 2017-01-27</li> + <li>[695830] Low CVE-2017-5108: Type of confusion in PDFium. Reported by + Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24</li> + <li>[710400] Low CVE-2017-5109: UI spoofing in browser. Reported by + Jose Maria Acunia Morgado on 2017-04-11</li> + <li>[717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by + xisigr of Tencent's Xuanwu Lab on 2017-05-02</li> + <li>[748565] Various fixes from internal audits, fuzzing and other initiatives</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5091</cvename> + <cvename>CVE-2017-5092</cvename> + <cvename>CVE-2017-5093</cvename> + <cvename>CVE-2017-5094</cvename> + <cvename>CVE-2017-5095</cvename> + <cvename>CVE-2017-5096</cvename> + <cvename>CVE-2017-5097</cvename> + <cvename>CVE-2017-5098</cvename> + <cvename>CVE-2017-5099</cvename> + <cvename>CVE-2017-5100</cvename> + <cvename>CVE-2017-5101</cvename> + <cvename>CVE-2017-5102</cvename> + <cvename>CVE-2017-5103</cvename> + <cvename>CVE-2017-5104</cvename> + <cvename>CVE-2017-7000</cvename> + <cvename>CVE-2017-5105</cvename> + <cvename>CVE-2017-5106</cvename> + <cvename>CVE-2017-5107</cvename> + <cvename>CVE-2017-5108</cvename> + <cvename>CVE-2017-5109</cvename> + <cvename>CVE-2017-5110</cvename> + <url>https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2017-07-25</discovery> + <entry>2017-08-01</entry> + </dates> + </vuln> + <vuln vid="f86d0e5d-7467-11e7-93af-005056925db4"> <topic>Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708020028.v720STIN019977>