From owner-svn-ports-all@FreeBSD.ORG Mon Feb 24 13:13:56 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CA9D6DE; Mon, 24 Feb 2014 13:13:56 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F1DCD1487; Mon, 24 Feb 2014 13:13:55 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1ODDtd0024249; Mon, 24 Feb 2014 13:13:55 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1ODDtbx024248; Mon, 24 Feb 2014 13:13:55 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201402241313.s1ODDtbx024248@svn.freebsd.org> From: Rene Ladan Date: Mon, 24 Feb 2014 13:13:55 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r345835 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 13:13:56 -0000 Author: rene Date: Mon Feb 24 13:13:55 2014 New Revision: 345835 URL: http://svnweb.freebsd.org/changeset/ports/345835 QAT: https://qat.redports.org/buildarchive/r345835/ Log: Document new vulnerabilities in www/chromium < 33.0.1750.117 Obtained from: http://googlechromereleases.blogspot.nl/ MFH: 2014Q1 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Feb 24 13:13:37 2014 (r345834) +++ head/security/vuxml/vuln.xml Mon Feb 24 13:13:55 2014 (r345835) @@ -51,6 +51,66 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 33.0.1750.117 + + + + +

Google Chrome Releases reports:

+
28 security fixes in this release, including:
+
+
[334897] High CVE-2013-6652: Issue with relative paths in + Windows sandbox named pipe policy. Credit to tyranid.
+
[331790] High CVE-2013-6653: Use-after-free related to web + contents. Credit to Khalil Zhani.
+
[333176] High CVE-2013-6654: Bad cast in SVG. Credit to + TheShow3511.
+
[293534] High CVE-2013-6655: Use-after-free in layout. Credit + to cloudfuzzer.
+
[331725] High CVE-2013-6656: Information leak in XSS auditor. + Credit to NeexEmil.
+
[331060] Medium CVE-2013-6657: Information leak in XSS auditor. + Credit to NeexEmil.
+
[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit + to cloudfuzzer.
+
[306959] Medium CVE-2013-6659: Issue with certificates + validation in TLS handshake. Credit to Antoine Delignat-Lavaud + and Karthikeyan Bhargavan from Prosecco, Inria Paris.
+
[332579] Low CVE-2013-6660: Information leak in drag and drop. + Credit to bishopjeffreys.
+
[344876] Low-High CVE-2013-6661: Various fixes from internal + audits, fuzzing and other initiatives. Of these, seven are fixes + for issues that could have allowed for sandbox escapes from + compromised renderers.
+
+

+ + + + CVE-2013-6652 + CVE-2013-6653 + CVE-2013-6654 + CVE-2013-6655 + CVE-2013-6656 + CVE-2013-6657 + CVE-2013-6658 + CVE-2013-6659 + CVE-2013-6660 + CVE-2013-6661 + http://googlechromereleases.blogspot.nl/ + + + 2014-02-20 + 2014-02-24 + + + PostgreSQL -- multiple privilege issues