FreeBSD Mail Archives

Date:      Mon, 24 Feb 2014 13:13:55 +0000 (UTC)
From:      Rene Ladan <rene@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r345835 - head/security/vuxml
Message-ID:  <201402241313.s1ODDtbx024248@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: rene
Date: Mon Feb 24 13:13:55 2014
New Revision: 345835
URL: http://svnweb.freebsd.org/changeset/ports/345835
QAT: https://qat.redports.org/buildarchive/r345835/

Log:
  Document new vulnerabilities in www/chromium < 33.0.1750.117
  
  Obtained from:	http://googlechromereleases.blogspot.nl/
  MFH:		2014Q1

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Feb 24 13:13:37 2014	(r345834)
+++ head/security/vuxml/vuln.xml	Mon Feb 24 13:13:55 2014	(r345835)
@@ -51,6 +51,66 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>33.0.1750.117</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite="http://googlechromereleases.blogspot.nl/">;
+	  <p>28 security fixes in this release, including:</p>
+	  <ul>
+	    <li>[334897] High CVE-2013-6652: Issue with relative paths in
+	      Windows sandbox named pipe policy. Credit to tyranid.</li>
+	    <li>[331790] High CVE-2013-6653: Use-after-free related to web
+	      contents. Credit to Khalil Zhani.</li>
+	    <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to
+	      TheShow3511.</li>
+	    <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit
+	      to cloudfuzzer.</li>
+	    <li>[331725] High CVE-2013-6656: Information leak in XSS auditor.
+	      Credit to NeexEmil.</li>
+	    <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor.
+	      Credit to NeexEmil.</li>
+	    <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
+	      to cloudfuzzer.</li>
+	    <li>[306959] Medium CVE-2013-6659: Issue with certificates
+	      validation in TLS handshake. Credit to Antoine Delignat-Lavaud
+	      and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li>
+	    <li>[332579] Low CVE-2013-6660: Information leak in drag and drop.
+	      Credit to bishopjeffreys.</li>
+	    <li>[344876] Low-High CVE-2013-6661: Various fixes from internal
+	      audits, fuzzing and other initiatives. Of these, seven are fixes
+	      for issues that could have allowed for sandbox escapes from
+	      compromised renderers.</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-6652</cvename>
+      <cvename>CVE-2013-6653</cvename>
+      <cvename>CVE-2013-6654</cvename>
+      <cvename>CVE-2013-6655</cvename>
+      <cvename>CVE-2013-6656</cvename>
+      <cvename>CVE-2013-6657</cvename>
+      <cvename>CVE-2013-6658</cvename>
+      <cvename>CVE-2013-6659</cvename>
+      <cvename>CVE-2013-6660</cvename>
+      <cvename>CVE-2013-6661</cvename>
+      <url>http://googlechromereleases.blogspot.nl/</url>;
+    </references>
+    <dates>
+      <discovery>2014-02-20</discovery>
+      <entry>2014-02-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
     <topic>PostgreSQL -- multiple privilege issues</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402241313.s1ODDtbx024248>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation