FreeBSD Mail Archives

Date:      Tue, 13 Sep 2016 19:10:33 +0000 (UTC)
From:      Rene Ladan <rene@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r422065 - head/security/vuxml
Message-ID:  <201609131910.u8DJAXpK012013@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: rene
Date: Tue Sep 13 19:10:33 2016
New Revision: 422065
URL: https://svnweb.freebsd.org/changeset/ports/422065

Log:
  Add vulnerabilities for www/chromium < 53.0.2785.92
  
  Obtained from:	https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Sep 13 19:10:31 2016	(r422064)
+++ head/security/vuxml/vuln.xml	Tue Sep 13 19:10:33 2016	(r422065)
@@ -58,6 +58,99 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="769ba449-79e1-11e6-bf75-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<name>chromium-npapi</name>
+	<name>chromium-pulse</name>
+	<range><lt>53.0.2785.92</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite="https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html">;
+	  <p>33 security fixes in this release, including:</p>
+	  <ul>
+	    <li>[628942] High CVE-2016-5147: Universal XSS in Blink. Credit to
+	      anonymous</li>
+	    <li>[621362] High CVE-2016-5148: Universal XSS in Blink. Credit to
+	      anonymous</li>
+	    <li>[573131] High CVE-2016-5149: Script injection in extensions.
+	      Credit to Max Justicz  (http://web.mit.edu/maxj/www/)</li>;
+	    <li>[637963] High CVE-2016-5150: Use after free in Blink. Credit to
+	      anonymous</li>
+	    <li>[634716] High CVE-2016-5151: Use after free in PDFium. Credit to
+	      anonymous</li>
+	    <li>[629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[631052] High CVE-2016-5153: Use after destruction in Blink.
+	      Credit to Atte Kettunen of OUSPG</li>
+	    <li>[633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to
+	      anonymous</li>
+	    <li>[630662] High CVE-2016-5155: Address bar spoofing. Credit to
+	      anonymous</li>
+	    <li>[625404] High CVE-2016-5156: Use after free in event bindings.
+	      Credit to jinmo123</li>
+	    <li>[632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to
+	      anonymous</li>
+	    <li>[628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to
+	      GiWan Go of Stealien</li>
+	    <li>[622420] Medium CVE-2016-5161: Type confusion in Blink. Credit
+	      to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro's
+	      Zero Day Initiative</li>
+	    <li>[589237] Medium CVE-2016-5162: Extensions web accessible
+	      resources bypass. Credit to Nicolas Golubovic</li>
+	    <li>[609680] Medium CVE-2016-5163: Address bar spoofing. Credit to
+	      Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)</li>;
+	    <li>[637594] Medium CVE-2016-5164: Universal XSS using DevTools.
+	      Credit to anonymous</li>
+	    <li>[618037] Medium CVE-2016-5165: Script injection in DevTools.
+	      Credit to Gregory Panakkal</li>
+	    <li>[616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page
+	      As. Credit to Gregory Panakkal</li>
+	    <li>[576867] Low CVE-2016-5160: Extensions web accessible resources
+	      bypass. Credit to @l33terally, FogMarks.com (@FogMarks)</li>
+	    <li>[642598] CVE-2016-5167: Various fixes from internal audits,
+	      fuzzing and other initiatives.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-5147</cvename>
+      <cvename>CVE-2016-5148</cvename>
+      <cvename>CVE-2016-5149</cvename>
+      <cvename>CVE-2016-5150</cvename>
+      <cvename>CVE-2016-5151</cvename>
+      <cvename>CVE-2016-5152</cvename>
+      <cvename>CVE-2016-5153</cvename>
+      <cvename>CVE-2016-5154</cvename>
+      <cvename>CVE-2016-5155</cvename>
+      <cvename>CVE-2016-5156</cvename>
+      <cvename>CVE-2016-5157</cvename>
+      <cvename>CVE-2016-5158</cvename>
+      <cvename>CVE-2016-5159</cvename>
+      <cvename>CVE-2016-5160</cvename>
+      <cvename>CVE-2016-5161</cvename>
+      <cvename>CVE-2016-5162</cvename>
+      <cvename>CVE-2016-5163</cvename>
+      <cvename>CVE-2016-5164</cvename>
+      <cvename>CVE-2016-5165</cvename>
+      <cvename>CVE-2016-5166</cvename>
+      <cvename>CVE-2016-5167</cvename>
+      <url>https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html</url>;
+    </references>
+    <dates>
+      <discovery>2016-08-31</discovery>
+      <entry>2016-09-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="958b9cee-79da-11e6-bf75-3065ec8fd3ec">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609131910.u8DJAXpK012013>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation