Date: Mon, 24 Feb 2014 13:13:55 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r345835 - head/security/vuxml Message-ID: <201402241313.s1ODDtbx024248@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Mon Feb 24 13:13:55 2014 New Revision: 345835 URL: http://svnweb.freebsd.org/changeset/ports/345835 QAT: https://qat.redports.org/buildarchive/r345835/ Log: Document new vulnerabilities in www/chromium < 33.0.1750.117 Obtained from: http://googlechromereleases.blogspot.nl/ MFH: 2014Q1 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Feb 24 13:13:37 2014 (r345834) +++ head/security/vuxml/vuln.xml Mon Feb 24 13:13:55 2014 (r345835) @@ -51,6 +51,66 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>33.0.1750.117</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.nl/"> + <p>28 security fixes in this release, including:</p> + <ul> + <li>[334897] High CVE-2013-6652: Issue with relative paths in + Windows sandbox named pipe policy. Credit to tyranid.</li> + <li>[331790] High CVE-2013-6653: Use-after-free related to web + contents. Credit to Khalil Zhani.</li> + <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to + TheShow3511.</li> + <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit + to cloudfuzzer.</li> + <li>[331725] High CVE-2013-6656: Information leak in XSS auditor. + Credit to NeexEmil.</li> + <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor. + Credit to NeexEmil.</li> + <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit + to cloudfuzzer.</li> + <li>[306959] Medium CVE-2013-6659: Issue with certificates + validation in TLS handshake. Credit to Antoine Delignat-Lavaud + and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li> + <li>[332579] Low CVE-2013-6660: Information leak in drag and drop. + Credit to bishopjeffreys.</li> + <li>[344876] Low-High CVE-2013-6661: Various fixes from internal + audits, fuzzing and other initiatives. Of these, seven are fixes + for issues that could have allowed for sandbox escapes from + compromised renderers.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-6652</cvename> + <cvename>CVE-2013-6653</cvename> + <cvename>CVE-2013-6654</cvename> + <cvename>CVE-2013-6655</cvename> + <cvename>CVE-2013-6656</cvename> + <cvename>CVE-2013-6657</cvename> + <cvename>CVE-2013-6658</cvename> + <cvename>CVE-2013-6659</cvename> + <cvename>CVE-2013-6660</cvename> + <cvename>CVE-2013-6661</cvename> + <url>http://googlechromereleases.blogspot.nl/</url> + </references> + <dates> + <discovery>2014-02-20</discovery> + <entry>2014-02-24</entry> + </dates> + </vuln> + <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff"> <topic>PostgreSQL -- multiple privilege issues</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402241313.s1ODDtbx024248>