Date: Fri, 29 Sep 2017 15:28:54 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450904 - head/security/vuxml Message-ID: <201709291528.v8TFSsh0009897@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Fri Sep 29 15:28:54 2017 New Revision: 450904 URL: https://svnweb.freebsd.org/changeset/ports/450904 Log: - Purge another batch of superceded www/chromium entries to give us additional headroom under the 5M vuln.xml file size limit Approved by: ports-secteam (with hat) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 29 15:24:58 2017 (r450903) +++ head/security/vuxml/vuln.xml Fri Sep 29 15:28:54 2017 (r450904) @@ -52385,77 +52385,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <name>chromium-pulse</name> <!-- pcbsd only --> - <range><lt>38.0.2125.101</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html">; - <p>159 security fixes in this release, including 113 found using - MemorySanitizer:</p> - <ul> - <li>[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla - for a combination of V8 and IPC bugs that can lead to remote code - execution outside of the sandbox.</li> - <li>[398384] High CVE-2014-3189: Out-of-bounds read in PDFium. - Credit to cloudfuzzer.</li> - <li>[400476] High CVE-2014-3190: Use-after-free in Events. Credit - to cloudfuzzer.</li> - <li>[402407] High CVE-2014-3191: Use-after-free in Rendering. - Credit to cloudfuzzer.</li> - <li>[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to - cloudfuzzer.</li> - <li>[399655] High CVE-2014-3193: Type confusion in Session Management. - Credit to miaubiz.</li> - <li>[401115] High CVE-2014-3194: Use-after-free in Web Workers. - Credit to Collin Payne.</li> - <li>[403409] Medium CVE-2014-3195: Information Leak in V8. Credit - to Jüri Aedla.</li> - <li>[338538] Medium CVE-2014-3196: Permissions bypass in Windows - Sandbox. Credit to James Forshaw.</li> - <li>[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. - Credit to Takeshi Terada.</li> - <li>[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. - Credit to Atte Kettunen of OUSPG.</li> - <li>[395411] Low CVE-2014-3199: Release Assert in V8 bindings. - Credit to Collin Payne.</li> - <li>[420899] CVE-2014-3200: Various fixes from internal audits, - fuzzing and other initiatives (Chrome 38).</li> - <li>Multiple vulnerabilities in V8 fixed at the tip of the 3.28 - branch (currently 3.28.71.15).</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3188</cvename> - <cvename>CVE-2014-3189</cvename> - <cvename>CVE-2014-3190</cvename> - <cvename>CVE-2014-3191</cvename> - <cvename>CVE-2014-3192</cvename> - <cvename>CVE-2014-3193</cvename> - <cvename>CVE-2014-3194</cvename> - <cvename>CVE-2014-3195</cvename> - <cvename>CVE-2014-3196</cvename> - <cvename>CVE-2014-3197</cvename> - <cvename>CVE-2014-3198</cvename> - <cvename>CVE-2014-3199</cvename> - <cvename>CVE-2014-3200</cvename> - <url>http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html</url>; - </references> - <dates> - <discovery>2014-10-07</discovery> - <entry>2014-10-08</entry> - </dates> - </vuln> - <vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d"> <topic>Bugzilla multiple security issues</topic> <affects> @@ -52935,34 +52864,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="bd2ef267-4485-11e4-b0b7-00262d5ed8ee"> - <topic>chromium -- RSA signature malleability in NSS</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>37.0.2062.124</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>[414124] RSA signature malleability in NSS (CVE-2014-1568). - Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith - and Advanced Threat Research team at Intel Security</p> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1568</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-09-24</discovery> - <entry>2014-09-25</entry> - </dates> - </vuln> - <vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49"> <topic>krfb -- Multiple security issues in bundled libvncserver</topic> <affects> @@ -53258,39 +53159,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="36a415c8-3867-11e4-b522-00262d5ed8ee"> - <topic>www/chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>37.0.2062.120</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>4 security fixes in this release, including:</p> - <ul> - <li>[401362] High CVE-2014-3178: Use-after-free in rendering. - Credit to miaubiz.</li> - <li>[411014] CVE-2014-3179: Various fixes from internal audits, - fuzzing and other initiatives.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3178</cvename> - <cvename>CVE-2014-3179</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-09-09</discovery> - <entry>2014-09-09</entry> - </dates> - </vuln> - <vuln vid="6318b303-3507-11e4-b76c-0011d823eebd"> <topic>trafficserver -- unspecified vulnerability</topic> <affects> @@ -53322,64 +53190,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>37.0.2062.94</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>50 security fixes in this release, including:</p> - <ul> - <li>[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward - to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and - extensions that can lead to remote code execution outside of the - sandbox.</li> - <li>[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to - cloudfuzzer.</li> - <li>[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to - Andrzej Dyjak.</li> - <li>[390624] High CVE-2014-3170: Extension permission dialog spoofing. - Credit to Rob Wu.</li> - <li>[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to - cloudfuzzer.</li> - <li>[367567] Medium CVE-2014-3172: Issue related to extension debugging. - Credit to Eli Grey.</li> - <li>[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL. - Credit to jmuizelaar.</li> - <li>[389219] Medium CVE-2014-3174: Uninitialized memory read in Web - Audio. Credit to Atte Kettunen from OUSPG.</li> - <li>[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing - and other initiatives (Chrome 37).</li> - - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3168</cvename> - <cvename>CVE-2014-3169</cvename> - <cvename>CVE-2014-3170</cvename> - <cvename>CVE-2014-3171</cvename> - <cvename>CVE-2014-3172</cvename> - <cvename>CVE-2014-3173</cvename> - <cvename>CVE-2014-3174</cvename> - <cvename>CVE-2014-3175</cvename> - <cvename>CVE-2014-3176</cvename> - <cvename>CVE-2014-3177</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-08-26</discovery> - <entry>2014-08-26</entry> - </dates> - </vuln> - <vuln vid="84203724-296b-11e4-bebd-000c2980a9f3"> <topic>file -- buffer overruns and missing buffer size tests</topic> <affects> @@ -53571,42 +53381,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="df7754c0-2294-11e4-b505-000c6e25e3e9"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>36.0.1985.143</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl">; - <p>12 security fixes in this release, including</p> - <ul> - <li>[390174] High CVE-2014-3165: Use-after-free in web sockets. - Credit to Collin Payne.</li> - <li>[398925] High CVE-2014-3166: Information disclosure in SPDY. - Credit to Antoine Delignat-Lavaud.</li> - <li>[400950] CVE-2014-3167: Various fixes from internal audits, - fuzzing and other initiatives.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3165</cvename> - <cvename>CVE-2014-3166</cvename> - <cvename>CVE-2014-3167</cvename> - <url>http://googlechromereleases.blogspot.nl</url>; - </references> - <dates> - <discovery>2014-08-12</discovery> - <entry>2014-08-13</entry> - </dates> - </vuln> - <vuln vid="69048656-2187-11e4-802c-20cf30e32f6d"> <topic>serf -- SSL Certificate Null Byte Poisoning</topic> <affects> @@ -54401,39 +54175,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>36.0.1985.125</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl">; - <p>26 security fixes in this release, including</p> - <ul> - <li>[380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit - to Christian Schneider.</li> - <li>[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and - other initiatives.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3160</cvename> - <cvename>CVE-2014-3162</cvename> - <url>http://googlechromereleases.blogspot.nl</url>; - </references> - <dates> - <discovery>2014-07-16</discovery> - <entry>2014-07-16</entry> - </dates> - </vuln> - <vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49"> <topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic> <affects> @@ -54862,44 +54603,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="0b0fb9b0-f0fb-11e3-9bcd-000c6e25e3e9"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>35.0.1916.153</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl">; - <p>4 security fixes in this release, including:</p> - <ul> - <li>[369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit - to Collin Payne.</li> - <li>[369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit - to James March, Daniel Sommermann and Alan Frindell of Facebook.</li> - <li>[369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit - to Atte Kettunen of OUSPG.</li> - <li>[368980] CVE-2014-3157: Heap overflow in media.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-3154</cvename> - <cvename>CVE-2014-3155</cvename> - <cvename>CVE-2014-3156</cvename> - <cvename>CVE-2014-3157</cvename> - <url>http://googlechromereleases.blogspot.nl</url>; - </references> - <dates> - <discovery>2014-06-10</discovery> - <entry>2014-06-10</entry> - </dates> - </vuln> - <vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> @@ -55226,93 +54929,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="64f3872b-e05d-11e3-9dd4-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>35.0.1916.114</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>23 security fixes in this release, including:</p> - <ul> - <li>[356653] High CVE-2014-1743: Use-after-free in styles. Credit - to cloudfuzzer.</li> - <li>[359454] High CVE-2014-1744: Integer overflow in audio. Credit - to Aaron Staple.</li> - <li>[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to - Atte Kettunen of OUSPG.</li> - <li>[364065] Medium CVE-2014-1746: Out-of-bounds read in media - filters. Credit to Holger Fuhrmannek.</li> - <li>[330663] Medium CVE-2014-1747: UXSS with local MHTML file. - Credit to packagesu.</li> - <li>[331168] Medium CVE-2014-1748: UI spoofing with scrollbar. - Credit to Jordan Milne.</li> - <li>[374649] CVE-2014-1749: Various fixes from internal audits, - fuzzing and other initiatives.</li> - <li>[358057] CVE-2014-3152: Integer underflow in V8 fixed in - version 3.25.28.16.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1743</cvename> - <cvename>CVE-2014-1744</cvename> - <cvename>CVE-2014-1745</cvename> - <cvename>CVE-2014-1746</cvename> - <cvename>CVE-2014-1747</cvename> - <cvename>CVE-2014-1748</cvename> - <cvename>CVE-2014-1749</cvename> - <cvename>CVE-2014-3152</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-05-20</discovery> - <entry>2014-05-20</entry> - </dates> - </vuln> - - <vuln vid="cdf450fc-db52-11e3-a9fc-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>34.0.1847.137</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>3 security fixes in this release:</p> - <ul> - <li>[358038] High CVE-2014-1740: Use-after-free in WebSockets. - Credit to Collin Payne.</li> - <li>[349898] High CVE-2014-1741: Integer overflow in DOM ranges. - Credit to John Butler.</li> - <li>[356690] High CVE-2014-1742: Use-after-free in editing. Credit - to cloudfuzzer.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1740</cvename> - <cvename>CVE-2014-1741</cvename> - <cvename>CVE-2014-1742</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-05-13</discovery> - <entry>2014-05-14</entry> - </dates> - </vuln> - <vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c"> <topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic> <affects> @@ -55577,54 +55193,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="7cf25a0c-d031-11e3-947b-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>34.0.1847.132</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports (belatedly):</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>9 security fixes in this release, including:</p> - <ul> - <li>[354967] High CVE-2014-1730: Type confusion in V8. Credit to - Anonymous.</li> - <li>[349903] High CVE-2014-1731: Type confusion in DOM. Credit to - John Butler.</li> - <li>[359802] High CVE-2014-1736: Integer overflow in V8. Credit to - SkyLined working with HP's Zero Day Initiative.</li> - <li>[352851] Medium CVE-2014-1732: Use-after-free in Speech - Recognition. Credit to Khalil Zhani.</li> - <li>[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. - Credit to Jed Davis.</li> - <li>[367314] CVE-2014-1734: Various fixes from internal audits, - fuzzing and other initiatives.</li> - <li>[359130, 359525, 360429] CVE-2014-1735: Multiple - vulnerabilities in V8 fixed in version 3.24.35.33.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1730</cvename> - <cvename>CVE-2014-1731</cvename> - <cvename>CVE-2014-1732</cvename> - <cvename>CVE-2014-1733</cvename> - <cvename>CVE-2014-1734</cvename> - <cvename>CVE-2014-1735</cvename> - <cvename>CVE-2014-1736</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-04-24</discovery> - <entry>2014-04-30</entry> - </dates> - </vuln> - <vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> @@ -56230,76 +55798,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="963413a5-bf50-11e3-a2d6-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>34.0.1847.116</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>31 vulnerabilities fixed in this release, including:</p> - <ul> - <li>[354123] High CVE-2014-1716: UXSS in V8. Credit to - Anonymous.</li> - <li>[353004] High CVE-2014-1717: OOB access in V8. Credit to - Anonymous.</li> - <li>[348332] High CVE-2014-1718: Integer overflow in compositor. - Credit to Aaron Staple.</li> - <li>[343661] High CVE-2014-1719: Use-after-free in web workers. - Credit to Collin Payne.</li> - <li>[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to - cloudfuzzer.</li> - <li>[350434] High CVE-2014-1721: Memory corruption in V8. Credit to - Christian Holler.</li> - <li>[330626] High CVE-2014-1722: Use-after-free in rendering. - Credit to miaubiz.</li> - <li>[337746] High CVE-2014-1723: Url confusion with RTL characters. - Credit to George McBay.</li> - <li>[327295] High CVE-2014-1724: Use-after-free in speech. Credit - to Atte Kettunen of OUSPG.</li> - <li>[357332] Medium CVE-2014-1725: OOB read with window property. - Credit to Anonymous</li> - <li>[346135] Medium CVE-2014-1726: Local cross-origin bypass. - Credit to Jann Horn.</li> - <li>[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit - to Khalil Zhani.</li> - <li>[360298] CVE-2014-1728: Various fixes from internal audits, - fuzzing and other initiatives.</li> - <li>[345820, 347262, 348319, 350863, 352982, 355586, 358059] - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version - 3.24.35.22.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1716</cvename> - <cvename>CVE-2014-1717</cvename> - <cvename>CVE-2014-1718</cvename> - <cvename>CVE-2014-1719</cvename> - <cvename>CVE-2014-1720</cvename> - <cvename>CVE-2014-1721</cvename> - <cvename>CVE-2014-1722</cvename> - <cvename>CVE-2014-1723</cvename> - <cvename>CVE-2014-1724</cvename> - <cvename>CVE-2014-1725</cvename> - <cvename>CVE-2014-1726</cvename> - <cvename>CVE-2014-1727</cvename> - <cvename>CVE-2014-1728</cvename> - <cvename>CVE-2014-1729</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-04-08</discovery> - <entry>2014-04-08</entry> - </dates> - </vuln> - <vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978"> <topic>OpenSSL -- Remote Information Disclosure</topic> <affects> @@ -56793,51 +56291,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="a70966a1-ac22-11e3-8d04-00262d5ed8ee"> - <topic>www/chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>33.0.1750.152</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>New vulnerabilities after the Pwn2Own competition:</p> - <ul> - <li>[352369] Code execution outside sandbox. Credit to VUPEN. - <ul> - <li>[352374] High CVE-2014-1713: Use-after-free in Blink - bindings</li> - <li>[352395] High CVE-2014-1714: Windows clipboard - vulnerability</li> - </ul> - </li> - <li> [352420] Code execution outside sandbox. Credit to Anonymous. - <ul> - <li>[351787] High CVE-2014-1705: Memory corruption in V8</li> - <li>[352429] High CVE-2014-1715: Directory traversal issue</li> - </ul> - </li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1705</cvename> - <cvename>CVE-2014-1713</cvename> - <cvename>CVE-2014-1714</cvename> - <cvename>CVE-2014-1715</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-03-14</discovery> - <entry>2014-03-15</entry> - </dates> - </vuln> - <vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3"> <topic>mutt -- denial of service, potential remote code execution</topic> <affects> @@ -56998,48 +56451,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="24cefa4b-a940-11e3-91f2-00262d5ed8ee"> - <topic>www/chromium --multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>33.0.1750.149</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>7 vulnerabilities fixed in this release, including:</p> - <ul> - <li>[344881] High CVE-2014-1700: Use-after-free in speech. Credit - to Chamal de Silva.</li> - <li>[342618] High CVE-2014-1701: UXSS in events. Credit to - aidanhs.</li> - <li>[333058] High CVE-2014-1702: Use-after-free in web database. - Credit to Collin Payne.</li> - <li>[338354] High CVE-2014-1703: Potential sandbox escape due to a - use-after-free in web sockets.</li> - <li>[328202, 349079, 345715] CVE-2014-1704: Multiple - vulnerabilities in V8 fixed in version 3.23.17.18.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2014-1700</cvename> - <cvename>CVE-2014-1701</cvename> - <cvename>CVE-2014-1702</cvename> - <cvename>CVE-2014-1703</cvename> - <cvename>CVE-2014-1704</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-03-11</discovery> - <entry>2014-03-11</entry> - </dates> - </vuln> - <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c"> <topic>freetype2 -- Out of bounds read/write</topic> <affects> @@ -57144,51 +56555,6 @@ and CVE-2013-0155.</p> </dates> </vuln> - <vuln vid="b4023753-a4ba-11e3-bec2-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>33.0.1750.146</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>19 vulnerabilities fixed in this release, including:</p> - <ul> - <li>[344492] High CVE-2013-6663: Use-after-free in svg images. - Credit to Atte Kettunen of OUSPG.</li> - <li>[326854] High CVE-2013-6664: Use-after-free in speech - recognition. Credit to Khalil Zhani.</li> - <li>[337882] High CVE-2013-6665: Heap buffer overflow in software - rendering. Credit to cloudfuzzer.</li> - <li>[332023] Medium CVE-2013-6666: Chrome allows requests in flash - header request. Credit to netfuzzerr.</li> - <li>[348175] CVE-2013-6667: Various fixes from internal audits, - fuzzing and other initiatives.</li> - <li>[343964, 344186, 347909] CVE-2013-6668: Multiple - vulnerabilities in V8 fixed in version 3.24.35.10.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6663</cvename> - <cvename>CVE-2013-6664</cvename> - <cvename>CVE-2013-6665</cvename> - <cvename>CVE-2013-6666</cvename> - <cvename>CVE-2013-6667</cvename> - <cvename>CVE-2013-6668</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-03-03</discovery> - <entry>2014-03-05</entry> - </dates> - </vuln> - <vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2"> <topic>gnutls -- multiple certificate verification issues</topic> <affects> @@ -57393,66 +56759,6 @@ JavaScript code would be executed.</p> </dates> </vuln> - <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>33.0.1750.117</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>28 security fixes in this release, including:</p> - <ul> - <li>[334897] High CVE-2013-6652: Issue with relative paths in - Windows sandbox named pipe policy. Credit to tyranid.</li> - <li>[331790] High CVE-2013-6653: Use-after-free related to web - contents. Credit to Khalil Zhani.</li> - <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to - TheShow3511.</li> - <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit - to cloudfuzzer.</li> - <li>[331725] High CVE-2013-6656: Information leak in XSS auditor. - Credit to NeexEmil.</li> - <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor. - Credit to NeexEmil.</li> - <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit - to cloudfuzzer.</li> - <li>[306959] Medium CVE-2013-6659: Issue with certificates - validation in TLS handshake. Credit to Antoine Delignat-Lavaud - and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li> - <li>[332579] Low CVE-2013-6660: Information leak in drag and drop. - Credit to bishopjeffreys.</li> - <li>[344876] Low-High CVE-2013-6661: Various fixes from internal - audits, fuzzing and other initiatives. Of these, seven are fixes - for issues that could have allowed for sandbox escapes from - compromised renderers.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6652</cvename> - <cvename>CVE-2013-6653</cvename> - <cvename>CVE-2013-6654</cvename> - <cvename>CVE-2013-6655</cvename> - <cvename>CVE-2013-6656</cvename> - <cvename>CVE-2013-6657</cvename> - <cvename>CVE-2013-6658</cvename> - <cvename>CVE-2013-6659</cvename> - <cvename>CVE-2013-6660</cvename> - <cvename>CVE-2013-6661</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-02-20</discovery> - <entry>2014-02-24</entry> - </dates> - </vuln> - <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff"> <topic>PostgreSQL -- multiple privilege issues</topic> <affects> @@ -57975,40 +57281,6 @@ JavaScript code would be executed.</p> <cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/> </vuln> - <vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>32.0.1700.102</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>14 security fixes in this release, including:</p> - <ul> - <li>[330420] High CVE-2013-6649: Use-after-free in SVG images. - Credit to Atte Kettunen of OUSPG.</li> - <li>[331444] High CVE-2013-6650: Memory corruption in V8. This - issue was fixed in v8 version 3.22.24.16. Credit to Christian - Holler.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6649</cvename> - <cvename>CVE-2013-6650</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-01-27</discovery> - <entry>2014-01-27</entry> - </dates> - </vuln> - <vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42"> <topic>rt42 -- denial-of-service attack via the email gateway</topic> <affects> @@ -58233,51 +57505,6 @@ JavaScript code would be executed.</p> </dates> </vuln> - <vuln vid="5acf4638-7e2c-11e3-9fba-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>32.0.1700.77</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>11 security fixes in this release, including:</p> - <ul> - <li>[249502] High CVE-2013-6646: Use-after-free in web workers. - Credit to Collin Payne.</li> - <li>[326854] High CVE-2013-6641: Use-after-free related to forms. - Credit to Atte Kettunen of OUSPG.</li> - <li>[324969] High CVE-2013-6642: Address bar spoofing in Chrome for - Android. Credit to lpilorz.</li> - <li>[321940] High CVE-2013-6643: Unprompted sync with an attacker’s - Google account. Credit to Joao Lucas Melo Brasio.</li> - <li>[318791] Medium CVE-2013-6645 Use-after-free related to speech - input elements. Credit to Khalil Zhani.</li> - <li>[333036] CVE-2013-6644: Various fixes from internal audits, - fuzzing and other initiatives.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6641</cvename> - <cvename>CVE-2013-6642</cvename> - <cvename>CVE-2013-6643</cvename> - <cvename>CVE-2013-6644</cvename> - <cvename>CVE-2013-6645</cvename> - <cvename>CVE-2013-6646</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2014-01-14</discovery> - <entry>2014-01-15</entry> - </dates> - </vuln> - <vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317"> <topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic> <affects> @@ -59033,57 +58260,6 @@ JavaScript code would be executed.</p> </dates> </vuln> - <vuln vid="79356040-5da4-11e3-829e-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>31.0.1650.63</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>15 security fixes in this release, including:</p> - <ul> - <li>[307159] Medium CVE-2013-6634: Session fixation in sync related - to 302 redirects. Credit to Andrey Labunets.</li> - <li>[314469] High CVE-2013-6635: Use-after-free in editing. Credit - to cloudfuzzer.</li> - <li>[322959] Medium CVE-2013-6636: Address bar spoofing related to - modal dialogs. Credit to Bas Venis.</li> - <li>[325501] CVE-2013-6637: Various fixes from internal audits, - fuzzing and other initiatives.</li> - <li>[319722] Medium CVE-2013-6638: Buffer overflow in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.</li> - <li>[319835] High CVE-2013-6639: Out of bounds write in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.</li> - <li>[319860] Medium CVE-2013-6640: Out of bounds read in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.</li> - </ul> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6634</cvename> - <cvename>CVE-2013-6635</cvename> - <cvename>CVE-2013-6636</cvename> - <cvename>CVE-2013-6637</cvename> - <cvename>CVE-2013-6638</cvename> - <cvename>CVE-2013-6639</cvename> - <cvename>CVE-2013-6640</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2013-12-04</discovery> - <entry>2013-12-05</entry> - </dates> - </vuln> - <vuln vid="4158c57e-5d39-11e3-bc1e-6cf0490a8c18"> <topic>Joomla! -- Core XSS Vulnerabilities</topic> <affects> @@ -59448,33 +58624,6 @@ JavaScript code would be executed.</p> </dates> </vuln> - <vuln vid="e62ab2af-4df4-11e3-b0cf-00262d5ed8ee"> - <topic>chromium -- multiple memory corruption issues</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>31.0.1650.57</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>[319117] [319125] Critical CVE-2013-6632: Multiple memory - corruption issues. Credit to Pinkie Pie.</p> - </blockquote> - </body> - </description> - <references> - <cvename>CVE-2013-6632</cvename> - <url>http://googlechromereleases.blogspot.nl/</url>; - </references> - <dates> - <discovery>2013-11-14</discovery> - <entry>2013-11-15</entry> - </dates> - </vuln> - <vuln vid="adcbdba2-4c27-11e3-9848-98fc11cdc4f5"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> @@ -59503,69 +58652,6 @@ JavaScript code would be executed.</p> </dates> </vuln> - <vuln vid="3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>31.0.1650.48</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.nl/">; - <p>25 security fixes in this release, including:</p> - <ul> - <li>[268565] Medium CVE-2013-6621: Use after free related to speech input elements. - Credit to Khalil Zhani.</li> - <li>[272786] High CVE-2013-6622: Use after free related to media elements. Credit *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709291528.v8TFSsh0009897>