Date: Wed, 3 Feb 2021 20:06:09 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r563959 - head/security/vuxml Message-ID: <202102032006.113K69VG007896@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Wed Feb 3 20:06:09 2021 New Revision: 563959 URL: https://svnweb.freebsd.org/changeset/ports/563959 Log: Document new vulnerabilities in www/chromium < 88.0.4324.146 Obtained from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Feb 3 19:51:19 2021 (r563958) +++ head/security/vuxml/vuln.xml Wed Feb 3 20:06:09 2021 (r563959) @@ -77,6 +77,54 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="479fdfda-6659-11eb-83e2-e09467587c17"> + <topic>www/chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>88.0.4324.146</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html"> + <p>This update include 6 security fixes:</p> + <ul> + <li>1169317] Critical CVE-2021-21142: Use after free in Payments. + Reported by Khalil Zhani on 2021-01-21</li> + <li>[1163504] High CVE-2021-21143: Heap buffer overflow in + Extensions. Reported by Allen Parker and Alex Morgan of MU on + 2021-01-06</li> + <li>[1163845] High CVE-2021-21144: Heap buffer overflow in Tab + Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on + 2021-01-07</li> + <li>[1154965] High CVE-2021-21145: Use after free in Fonts. Reported + by Anonymous on 2020-12-03</li> + <li>[1161705] High CVE-2021-21146: Use after free in Navigation. + Reported by Alison Huffman and Choongwoo Han of Microsoft Browser + Vulnerability Research on 2020-12-24</li> + <li>[1162942] Medium CVE-2021-21147: Inappropriate implementation in + Skia. Reported by Roman Starkov on 2021-01-04</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-21142</cvename> + <cvename>CVE-2021-21143</cvename> + <cvename>CVE-2021-21144</cvename> + <cvename>CVE-2021-21145</cvename> + <cvename>CVE-2021-21146</cvename> + <cvename>CVE-2021-21147</cvename> + <url>https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2021-02-02</discovery> + <entry>2021-02-03</entry> + </dates> + </vuln> + <vuln vid="66d1c277-652a-11eb-bb3f-001b217b3468"> <topic>Gitlab -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102032006.113K69VG007896>