svn commit: r412133 - head/security/vuxml
Christoph Moench-Tegeder
cmt at FreeBSD.org
Tue Mar 29 20:08:05 UTC 2016
Author: cmt
Date: Tue Mar 29 20:08:03 2016
New Revision: 412133
URL: https://svnweb.freebsd.org/changeset/ports/412133
Log:
Document chromium vulnerabilities
Approved by: miwi (mentor), rene (mentor)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Mar 29 19:58:58 2016 (r412132)
+++ head/security/vuxml/vuln.xml Tue Mar 29 20:08:03 2016 (r412133)
@@ -58,6 +58,76 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8be8ca39-ae70-4422-bf1a-d8fae6911c5e">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>49.0.2623.108</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html">
+ <p>[594574] High CVE-2016-1646: Out-of-bounds read in V8.</p>
+ <p>[590284] High CVE-2016-1647: Use-after-free in Navigation.</p>
+ <p>[590455] High CVE-2016-1648: Use-after-free in Extensions.</p>
+ <p>[597518] CVE-2016-1650: Various fixes from internal audits,
+ fuzzing and other initiatives.</p>
+ <p>Multiple vulnerabilities in V8 fixed at the tip of the
+ 4.9 branch</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1646</cvename>
+ <cvename>CVE-2016-1647</cvename>
+ <cvename>CVE-2016-1648</cvename>
+ <cvename>CVE-2016-1649</cvename>
+ <cvename>CVE-2016-1650</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-24</discovery>
+ <entry>2016-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5c288f68-c7ca-4c0d-b7dc-1ec6295200b3">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>49.0.2623.87</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html">
+ <p>[589838] High CVE-2016-1643: Type confusion in Blink.</p>
+ <p>[590620] High CVE-2016-1644: Use-after-free in Blink.</p>
+ <p>[587227] High CVE-2016-1645: Out-of-bounds write in PDFium.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1643</cvename>
+ <cvename>CVE-2016-1644</cvename>
+ <cvename>CVE-2016-1645</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html</url>
+ </references>
+ <dates>
+ <discovery>2016-03-08</discovery>
+ <entry>2016-03-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cd409df7-f483-11e5-92ce-002590263bf5">
<topic>bind -- denial of service vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list