Date: Tue, 29 Mar 2016 20:08:03 +0000 (UTC) From: Christoph Moench-Tegeder <cmt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r412133 - head/security/vuxml Message-ID: <201603292008.u2TK83wm040103@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cmt Date: Tue Mar 29 20:08:03 2016 New Revision: 412133 URL: https://svnweb.freebsd.org/changeset/ports/412133 Log: Document chromium vulnerabilities Approved by: miwi (mentor), rene (mentor) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 29 19:58:58 2016 (r412132) +++ head/security/vuxml/vuln.xml Tue Mar 29 20:08:03 2016 (r412133) @@ -58,6 +58,76 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="8be8ca39-ae70-4422-bf1a-d8fae6911c5e"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-npapi</name> + <name>chromium-pulse</name> + <range><lt>49.0.2623.108</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html">; + <p>[594574] High CVE-2016-1646: Out-of-bounds read in V8.</p> + <p>[590284] High CVE-2016-1647: Use-after-free in Navigation.</p> + <p>[590455] High CVE-2016-1648: Use-after-free in Extensions.</p> + <p>[597518] CVE-2016-1650: Various fixes from internal audits, + fuzzing and other initiatives.</p> + <p>Multiple vulnerabilities in V8 fixed at the tip of the + 4.9 branch</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1646</cvename> + <cvename>CVE-2016-1647</cvename> + <cvename>CVE-2016-1648</cvename> + <cvename>CVE-2016-1649</cvename> + <cvename>CVE-2016-1650</cvename> + <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html</url>; + </references> + <dates> + <discovery>2016-03-24</discovery> + <entry>2016-03-29</entry> + </dates> + </vuln> + + <vuln vid="5c288f68-c7ca-4c0d-b7dc-1ec6295200b3"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-npapi</name> + <name>chromium-pulse</name> + <range><lt>49.0.2623.87</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html">; + <p>[589838] High CVE-2016-1643: Type confusion in Blink.</p> + <p>[590620] High CVE-2016-1644: Use-after-free in Blink.</p> + <p>[587227] High CVE-2016-1645: Out-of-bounds write in PDFium.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1643</cvename> + <cvename>CVE-2016-1644</cvename> + <cvename>CVE-2016-1645</cvename> + <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html</url>; + </references> + <dates> + <discovery>2016-03-08</discovery> + <entry>2016-03-29</entry> + </dates> + </vuln> + <vuln vid="cd409df7-f483-11e5-92ce-002590263bf5"> <topic>bind -- denial of service vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603292008.u2TK83wm040103>