Date: Wed, 2 Jun 2021 13:48:32 GMT From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 72a5d3cd59a6 - main - security/vuxml: Fix overly large entry that violates 'make validate' Message-ID: <202106021348.152DmWo5025993@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by zi: URL: https://cgit.FreeBSD.org/ports/commit/?id=72a5d3cd59a6a858cb043cf67579dd1621676300 commit 72a5d3cd59a6a858cb043cf67579dd1621676300 Author: Ryan Steinmetz <zi@FreeBSD.org> AuthorDate: 2021-06-02 13:47:14 +0000 Commit: Ryan Steinmetz <zi@FreeBSD.org> CommitDate: 2021-06-02 13:48:26 +0000 security/vuxml: Fix overly large entry that violates 'make validate' --- security/vuxml/vuln.xml | 92 +------------------------------------------------ 1 file changed, 1 insertion(+), 91 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c3c369a55749..f59756dc1458 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -3598,97 +3598,7 @@ Notes: <blockquote cite="https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html">; <p>This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists - in the wild.</p> - <ul> - <li>[1171049] High CVE-2021-21159: Heap buffer overflow in - TabStrip. Reported by Khalil Zhani on 2021-01-27</li> - <li>[1170531] High CVE-2021-21160: Heap buffer overflow in - WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos on - 2021-01-25</li> - <li>[1173702] High CVE-2021-21161: Heap buffer overflow in - TabStrip. Reported by Khalil Zhani on 2021-02-02</li> - <li>[1172054] High CVE-2021-21162: Use after free in WebRTC. - Reported by Anonymous on 2021-01-29</li> - <li>[1111239] High CVE-2021-21163: Insufficient data validation in - Reader Mode. Reported by Alison Huffman, Microsoft Browser - Vulnerability Research on 2020-07-30</li> - <li>[1164846] High CVE-2021-21164: Insufficient data validation in - Chrome for iOS. Reported by Muneaki Nishimura (nishimunea) on - 2021-01-11</li> - <li>[1174582] High CVE-2021-21165: Object lifecycle issue in audio. - Reported by Alison Huffman, Microsoft Browser Vulnerability - Research on 2021-02-04</li> - <li>[1177465] High CVE-2021-21166: Object lifecycle issue in audio. - Reported by Alison Huffman, Microsoft Browser Vulnerability - Research on 2021-02-11</li> - <li>[1161144] Medium CVE-2021-21167: Use after free in bookmarks. - Reported by Leecraso and Guang Gong of 360 Alpha Lab on - 2020-12-22</li> - <li>[1152226] Medium CVE-2021-21168: Insufficient policy - enforcement in appcache. Reported by Luan Herrera (@lbherrera_) - on 2020-11-24</li> - <li>[1166138] Medium CVE-2021-21169: Out of bounds memory access in - V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of - Tencent Security Xuanwu Lab on 2021-01-13</li> - <li>[1111646] Medium CVE-2021-21170: Incorrect security UI in - Loader. Reported by David Erceg on 2020-07-31</li> - <li>[1152894] Medium CVE-2021-21171: Incorrect security UI in - TabStrip and Navigation. Reported by Irvan Kurniawan (sourc7) on - 2020-11-25</li> - <li>[1150810] Medium CVE-2021-21172: Insufficient policy - enforcement in File System API. Reported by Maciej Pulikowski on - 2020-11-19</li> - <li>[1154250] Medium CVE-2021-21173: Side-channel information - leakage in Network Internals. Reported by Tom Van Goethem from - imec-DistriNet, KU Leuven on 2020-12-01</li> - <li>[1158010] Medium CVE-2021-21174: Inappropriate implementation - in Referrer. Reported by Ashish Gautam Kamble on 2020-12-11</li> - <li>[1146651] Medium CVE-2021-21175: Inappropriate implementation - in Site isolation. Reported by Jun Kokatsu, Microsoft Browser - Vulnerability Research on 2020-11-07</li> - <li>[1170584] Medium CVE-2021-21176: Inappropriate implementation - in full screen mode. Reported by Luan Herrera (@lbherrera_) on - 2021-01-26</li> - <li>[1173879] Medium CVE-2021-21177: Insufficient policy - enforcement in Autofill. Reported by Abdulrahman Alqabandi, - Microsoft Browser Vulnerability Research on 2021-02-03</li> - <li>[1174186] Medium CVE-2021-21178: Inappropriate implementation - in Compositing. Reported by Japong on 2021-02-03</li> - <li>[1174943] Medium CVE-2021-21179: Use after free in Network - Internals. Reported by Anonymous on 2021-02-05</li> - <li>[1175507] Medium CVE-2021-21180: Use after free in tab search. - Reported by Abdulrahman Alqabandi, Microsoft Browser - Vulnerability Research on 2021-02-07</li> - <li>[1177875] Medium CVE-2020-27844: Heap buffer overflow in - OpenJPEG. Reported by Sean Campbell at Tableau on 2021-02-12</li> - <li>[1182767] Medium CVE-2021-21181: Side-channel information - leakage in autofill. Reported by Xu Lin (University of Illinois - at Chicago), Panagiotis Ilia (University of Illinois at Chicago), - Jason Polakis (University of Illinois at Chicago) on - 2021-02-26</li> - <li>[1049265] Low CVE-2021-21182: Insufficient policy enforcement - in navigations. Reported by Luan Herrera (@lbherrera_) on - 2020-02-05</li> - <li>[1105875] Low CVE-2021-21183: Inappropriate implementation in - performance APIs. Reported by Takashi Yoneuchi (@y0n3uchy) on - 2020-07-15</li> - <li>[1131929] Low CVE-2021-21184: Inappropriate implementation in - performance APIs. Reported by James Hartig on 2020-09-24</li> - <li>[1100748] Low CVE-2021-21185: Insufficient policy enforcement - in extensions. Reported by David Erceg on 2020-06-30</li> - <li>[1153445] Low CVE-2021-21186: Insufficient policy enforcement - in QR scanning. Reported by dhirajkumarnifty on 2020-11-28</li> - <li>[1155516] Low CVE-2021-21187: Insufficient data validation in - URL formatting. Reported by Kirtikumar Anandrao Ramchandani on - 2020-12-04</li> - <li>[1161739] Low CVE-2021-21188: Use after free in Blink. Reported - by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-12-24</li> - <li>[1165392] Low CVE-2021-21189: Insufficient policy enforcement - in payments. Reported by Khalil Zhani on 2021-01-11</li> - <li>[1166091] Low CVE-2021-21190: Uninitialized Use in PDFium. - Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on - 2021-01-13</li> - </ul> + in the wild. Please see URL for details.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106021348.152DmWo5025993>