Date: Mon, 5 Dec 2016 20:21:12 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r427919 - head/security/vuxml Message-ID: <201612052021.uB5KLCb0069766@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Mon Dec 5 20:21:11 2016 New Revision: 427919 URL: https://svnweb.freebsd.org/changeset/ports/427919 Log: Document new vulnerabilities in www/chromium < 55.0.2883.75 Obtained from: https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Dec 5 20:04:34 2016 (r427918) +++ head/security/vuxml/vuln.xml Mon Dec 5 20:21:11 2016 (r427919) @@ -58,6 +58,116 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-npapi</name> + <name>chromium-pulse</name> + <range><lt>55.0.2883.75</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Google Chrome Releases reports:</p> + <blockquote cite="https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html">; + <p>36 security fixes in this release, including:</p> + <ul> + <li>[664411] High CVE-2016-9651: Private property access in V8. + Credit to Guang Gong of Alpha Team Of Qihoo 360</li> + <li>[658535] High CVE-2016-5208: Universal XSS in Blink. Credit to + Mariusz Mlynski</li> + <li>[655904] High CVE-2016-5207: Universal XSS in Blink. Credit to + Mariusz Mlynski</li> + <li>[653749] High CVE-2016-5206: Same-origin bypass in PDFium. + Credit to Rob Wu (robwu.nl)</li> + <li>[646610] High CVE-2016-5205: Universal XSS in Blink. Credit to + Anonymous</li> + <li>[630870] High CVE-2016-5204: Universal XSS in Blink. Credit to + Mariusz Mlynski</li> + <li>[664139] High CVE-2016-5209: Out of bounds write in Blink. + Credit to Giwan Go of STEALIEN</li> + <li>[644219] High CVE-2016-5203: Use after free in PDFium. Credit + to Anonymous</li> + <li>[654183] High CVE-2016-5210: Out of bounds write in PDFium. + Credit to Ke Liu of Tencent's Xuanwu LAB</li> + <li>[653134] High CVE-2016-5212: Local file disclosure in DevTools. + Credit to Khalil Zhani</li> + <li>[649229] High CVE-2016-5211: Use after free in PDFium. Credit + to Anonymous</li> + <li>[652548] High CVE-2016-5213: Use after free in V8. Credit to + Khalil Zhani</li> + <li>[601538] Medium CVE-2016-5214: File download protection bypass. + Credit to Jonathan Birch and MSVR</li> + <li>[653090] Medium CVE-2016-5216: Use after free in PDFium. Credit + to Anonymous</li> + <li>[619463] Medium CVE-2016-5215: Use after free in Webaudio. + Credit to Looben Yang</li> + <li>[654280] Medium CVE-2016-5217: Use of unvalidated data in + PDFium. Credit to Rob Wu (robwu.nl)</li> + <li>[660498] Medium CVE-2016-5218: Address spoofing in Omnibox. + Credit to Abdulrahman Alqabandi (@qab)</li> + <li>[657568] Medium CVE-2016-5219: Use after free in V8. Credit to + Rob Wu (robwu.nl)</li> + <li>[660854] Medium CVE-2016-5221: Integer overflow in ANGLE. + Credit to Tim Becker of ForAllSecure</li> + <li>[654279] Medium CVE-2016-5220: Local file access in PDFium. + Credit to Rob Wu (robwu.nl)</li> + <li>[657720] Medium CVE-2016-5222: Address spoofing in Omnibox. + Credit to xisigr of Tencent's Xuanwu Lab</li> + <li>[653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to + Jakub Żoczek</li> + <li>[652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit + to Hwiwon Lee</li> + <li>[639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun + Kokatsu (@shhnjk)</li> + <li>[630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to + Scott Helme (@Scott_Helme, scotthelme.co.uk)</li> + <li>[615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit + to Roeland Krak</li> + <li>[669928] CVE-2016-9652: Various fixes from internal audits, + fuzzing and other initiatives</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-9651</cvename> + <cvename>CVE-2016-5208</cvename> + <cvename>CVE-2016-5207</cvename> + <cvename>CVE-2016-5206</cvename> + <cvename>CVE-2016-5205</cvename> + <cvename>CVE-2016-5204</cvename> + <cvename>CVE-2016-5209</cvename> + <cvename>CVE-2016-5203</cvename> + <cvename>CVE-2016-5210</cvename> + <cvename>CVE-2016-5212</cvename> + <cvename>CVE-2016-5211</cvename> + <cvename>CVE-2016-5213</cvename> + <cvename>CVE-2016-5214</cvename> + <cvename>CVE-2016-5216</cvename> + <cvename>CVE-2016-5215</cvename> + <cvename>CVE-2016-5217</cvename> + <cvename>CVE-2016-5218</cvename> + <cvename>CVE-2016-5219</cvename> + <cvename>CVE-2016-5221</cvename> + <cvename>CVE-2016-5220</cvename> + <cvename>CVE-2016-5222</cvename> + <cvename>CVE-2016-9650</cvename> + <cvename>CVE-2016-5223</cvename> + <cvename>CVE-2016-5226</cvename> + <cvename>CVE-2016-5225</cvename> + <cvename>CVE-2016-5224</cvename> + <cvename>CVE-2016-9652</cvename> + <url>https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html</url>; + </references> + <dates> + <discovery>2016-12-01</discovery> + <entry>2016-12-05</entry> + </dates> + </vuln> + <vuln vid="e1f67063-aab4-11e6-b2d3-60a44ce6887b"> <topic>ImageMagick7 -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612052021.uB5KLCb0069766>