svn commit: r450904 - head/security/vuxml
Ryan Steinmetz
zi at FreeBSD.org
Fri Sep 29 15:28:56 UTC 2017
Author: zi
Date: Fri Sep 29 15:28:54 2017
New Revision: 450904
URL: https://svnweb.freebsd.org/changeset/ports/450904
Log:
- Purge another batch of superceded www/chromium entries to give us additional headroom under the 5M vuln.xml file size limit
Approved by: ports-secteam (with hat)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Sep 29 15:24:58 2017 (r450903)
+++ head/security/vuxml/vuln.xml Fri Sep 29 15:28:54 2017 (r450904)
@@ -52385,77 +52385,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <name>chromium-pulse</name> <!-- pcbsd only -->
- <range><lt>38.0.2125.101</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html">
- <p>159 security fixes in this release, including 113 found using
- MemorySanitizer:</p>
- <ul>
- <li>[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
- for a combination of V8 and IPC bugs that can lead to remote code
- execution outside of the sandbox.</li>
- <li>[398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
- Credit to cloudfuzzer.</li>
- <li>[400476] High CVE-2014-3190: Use-after-free in Events. Credit
- to cloudfuzzer.</li>
- <li>[402407] High CVE-2014-3191: Use-after-free in Rendering.
- Credit to cloudfuzzer.</li>
- <li>[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[399655] High CVE-2014-3193: Type confusion in Session Management.
- Credit to miaubiz.</li>
- <li>[401115] High CVE-2014-3194: Use-after-free in Web Workers.
- Credit to Collin Payne.</li>
- <li>[403409] Medium CVE-2014-3195: Information Leak in V8. Credit
- to Jüri Aedla.</li>
- <li>[338538] Medium CVE-2014-3196: Permissions bypass in Windows
- Sandbox. Credit to James Forshaw.</li>
- <li>[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
- Credit to Takeshi Terada.</li>
- <li>[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[395411] Low CVE-2014-3199: Release Assert in V8 bindings.
- Credit to Collin Payne.</li>
- <li>[420899] CVE-2014-3200: Various fixes from internal audits,
- fuzzing and other initiatives (Chrome 38).</li>
- <li>Multiple vulnerabilities in V8 fixed at the tip of the 3.28
- branch (currently 3.28.71.15).</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3188</cvename>
- <cvename>CVE-2014-3189</cvename>
- <cvename>CVE-2014-3190</cvename>
- <cvename>CVE-2014-3191</cvename>
- <cvename>CVE-2014-3192</cvename>
- <cvename>CVE-2014-3193</cvename>
- <cvename>CVE-2014-3194</cvename>
- <cvename>CVE-2014-3195</cvename>
- <cvename>CVE-2014-3196</cvename>
- <cvename>CVE-2014-3197</cvename>
- <cvename>CVE-2014-3198</cvename>
- <cvename>CVE-2014-3199</cvename>
- <cvename>CVE-2014-3200</cvename>
- <url>http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html</url>
- </references>
- <dates>
- <discovery>2014-10-07</discovery>
- <entry>2014-10-08</entry>
- </dates>
- </vuln>
-
<vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
<topic>Bugzilla multiple security issues</topic>
<affects>
@@ -52935,34 +52864,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="bd2ef267-4485-11e4-b0b7-00262d5ed8ee">
- <topic>chromium -- RSA signature malleability in NSS</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.124</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[414124] RSA signature malleability in NSS (CVE-2014-1568).
- Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith
- and Advanced Threat Research team at Intel Security</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1568</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-24</discovery>
- <entry>2014-09-25</entry>
- </dates>
- </vuln>
-
<vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
<topic>krfb -- Multiple security issues in bundled libvncserver</topic>
<affects>
@@ -53258,39 +53159,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="36a415c8-3867-11e4-b522-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.120</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[401362] High CVE-2014-3178: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[411014] CVE-2014-3179: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3178</cvename>
- <cvename>CVE-2014-3179</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-09-09</discovery>
- <entry>2014-09-09</entry>
- </dates>
- </vuln>
-
<vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
<topic>trafficserver -- unspecified vulnerability</topic>
<affects>
@@ -53322,64 +53190,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>37.0.2062.94</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>50 security fixes in this release, including:</p>
- <ul>
- <li>[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward
- to lokihardt at asrt for a combination of bugs in V8, IPC, sync, and
- extensions that can lead to remote code execution outside of the
- sandbox.</li>
- <li>[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
- cloudfuzzer.</li>
- <li>[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
- Andrzej Dyjak.</li>
- <li>[390624] High CVE-2014-3170: Extension permission dialog spoofing.
- Credit to Rob Wu.</li>
- <li>[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
- cloudfuzzer.</li>
- <li>[367567] Medium CVE-2014-3172: Issue related to extension debugging.
- Credit to Eli Grey.</li>
- <li>[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
- Credit to jmuizelaar.</li>
- <li>[389219] Medium CVE-2014-3174: Uninitialized memory read in Web
- Audio. Credit to Atte Kettunen from OUSPG.</li>
- <li>[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
- and other initiatives (Chrome 37).</li>
-
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3168</cvename>
- <cvename>CVE-2014-3169</cvename>
- <cvename>CVE-2014-3170</cvename>
- <cvename>CVE-2014-3171</cvename>
- <cvename>CVE-2014-3172</cvename>
- <cvename>CVE-2014-3173</cvename>
- <cvename>CVE-2014-3174</cvename>
- <cvename>CVE-2014-3175</cvename>
- <cvename>CVE-2014-3176</cvename>
- <cvename>CVE-2014-3177</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-08-26</discovery>
- <entry>2014-08-26</entry>
- </dates>
- </vuln>
-
<vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
<topic>file -- buffer overruns and missing buffer size tests</topic>
<affects>
@@ -53571,42 +53381,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="df7754c0-2294-11e4-b505-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.143</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>12 security fixes in this release, including</p>
- <ul>
- <li>[390174] High CVE-2014-3165: Use-after-free in web sockets.
- Credit to Collin Payne.</li>
- <li>[398925] High CVE-2014-3166: Information disclosure in SPDY.
- Credit to Antoine Delignat-Lavaud.</li>
- <li>[400950] CVE-2014-3167: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3165</cvename>
- <cvename>CVE-2014-3166</cvename>
- <cvename>CVE-2014-3167</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-08-12</discovery>
- <entry>2014-08-13</entry>
- </dates>
- </vuln>
-
<vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
<topic>serf -- SSL Certificate Null Byte Poisoning</topic>
<affects>
@@ -54401,39 +54175,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>36.0.1985.125</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>26 security fixes in this release, including</p>
- <ul>
- <li>[380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit
- to Christian Schneider.</li>
- <li>[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and
- other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3160</cvename>
- <cvename>CVE-2014-3162</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-07-16</discovery>
- <entry>2014-07-16</entry>
- </dates>
- </vuln>
-
<vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
<topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
<affects>
@@ -54862,44 +54603,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="0b0fb9b0-f0fb-11e3-9bcd-000c6e25e3e9">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.153</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl">
- <p>4 security fixes in this release, including:</p>
- <ul>
- <li>[369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit
- to Collin Payne.</li>
- <li>[369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit
- to James March, Daniel Sommermann and Alan Frindell of Facebook.</li>
- <li>[369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[368980] CVE-2014-3157: Heap overflow in media.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-3154</cvename>
- <cvename>CVE-2014-3155</cvename>
- <cvename>CVE-2014-3156</cvename>
- <cvename>CVE-2014-3157</cvename>
- <url>http://googlechromereleases.blogspot.nl</url>
- </references>
- <dates>
- <discovery>2014-06-10</discovery>
- <entry>2014-06-10</entry>
- </dates>
- </vuln>
-
<vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -55226,93 +54929,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="64f3872b-e05d-11e3-9dd4-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>35.0.1916.114</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>23 security fixes in this release, including:</p>
- <ul>
- <li>[356653] High CVE-2014-1743: Use-after-free in styles. Credit
- to cloudfuzzer.</li>
- <li>[359454] High CVE-2014-1744: Integer overflow in audio. Credit
- to Aaron Staple.</li>
- <li>[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to
- Atte Kettunen of OUSPG.</li>
- <li>[364065] Medium CVE-2014-1746: Out-of-bounds read in media
- filters. Credit to Holger Fuhrmannek.</li>
- <li>[330663] Medium CVE-2014-1747: UXSS with local MHTML file.
- Credit to packagesu.</li>
- <li>[331168] Medium CVE-2014-1748: UI spoofing with scrollbar.
- Credit to Jordan Milne.</li>
- <li>[374649] CVE-2014-1749: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[358057] CVE-2014-3152: Integer underflow in V8 fixed in
- version 3.25.28.16.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1743</cvename>
- <cvename>CVE-2014-1744</cvename>
- <cvename>CVE-2014-1745</cvename>
- <cvename>CVE-2014-1746</cvename>
- <cvename>CVE-2014-1747</cvename>
- <cvename>CVE-2014-1748</cvename>
- <cvename>CVE-2014-1749</cvename>
- <cvename>CVE-2014-3152</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-20</discovery>
- <entry>2014-05-20</entry>
- </dates>
- </vuln>
-
- <vuln vid="cdf450fc-db52-11e3-a9fc-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.137</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>3 security fixes in this release:</p>
- <ul>
- <li>[358038] High CVE-2014-1740: Use-after-free in WebSockets.
- Credit to Collin Payne.</li>
- <li>[349898] High CVE-2014-1741: Integer overflow in DOM ranges.
- Credit to John Butler.</li>
- <li>[356690] High CVE-2014-1742: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1740</cvename>
- <cvename>CVE-2014-1741</cvename>
- <cvename>CVE-2014-1742</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-05-13</discovery>
- <entry>2014-05-14</entry>
- </dates>
- </vuln>
-
<vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
<topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
<affects>
@@ -55577,54 +55193,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="7cf25a0c-d031-11e3-947b-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.132</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports (belatedly):</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>9 security fixes in this release, including:</p>
- <ul>
- <li>[354967] High CVE-2014-1730: Type confusion in V8. Credit to
- Anonymous.</li>
- <li>[349903] High CVE-2014-1731: Type confusion in DOM. Credit to
- John Butler.</li>
- <li>[359802] High CVE-2014-1736: Integer overflow in V8. Credit to
- SkyLined working with HP's Zero Day Initiative.</li>
- <li>[352851] Medium CVE-2014-1732: Use-after-free in Speech
- Recognition. Credit to Khalil Zhani.</li>
- <li>[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF.
- Credit to Jed Davis.</li>
- <li>[367314] CVE-2014-1734: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[359130, 359525, 360429] CVE-2014-1735: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.33.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1730</cvename>
- <cvename>CVE-2014-1731</cvename>
- <cvename>CVE-2014-1732</cvename>
- <cvename>CVE-2014-1733</cvename>
- <cvename>CVE-2014-1734</cvename>
- <cvename>CVE-2014-1735</cvename>
- <cvename>CVE-2014-1736</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-24</discovery>
- <entry>2014-04-30</entry>
- </dates>
- </vuln>
-
<vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -56230,76 +55798,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="963413a5-bf50-11e3-a2d6-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>34.0.1847.116</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>31 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[354123] High CVE-2014-1716: UXSS in V8. Credit to
- Anonymous.</li>
- <li>[353004] High CVE-2014-1717: OOB access in V8. Credit to
- Anonymous.</li>
- <li>[348332] High CVE-2014-1718: Integer overflow in compositor.
- Credit to Aaron Staple.</li>
- <li>[343661] High CVE-2014-1719: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to
- cloudfuzzer.</li>
- <li>[350434] High CVE-2014-1721: Memory corruption in V8. Credit to
- Christian Holler.</li>
- <li>[330626] High CVE-2014-1722: Use-after-free in rendering.
- Credit to miaubiz.</li>
- <li>[337746] High CVE-2014-1723: Url confusion with RTL characters.
- Credit to George McBay.</li>
- <li>[327295] High CVE-2014-1724: Use-after-free in speech. Credit
- to Atte Kettunen of OUSPG.</li>
- <li>[357332] Medium CVE-2014-1725: OOB read with window property.
- Credit to Anonymous</li>
- <li>[346135] Medium CVE-2014-1726: Local cross-origin bypass.
- Credit to Jann Horn.</li>
- <li>[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit
- to Khalil Zhani.</li>
- <li>[360298] CVE-2014-1728: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[345820, 347262, 348319, 350863, 352982, 355586, 358059]
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
- 3.24.35.22.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1716</cvename>
- <cvename>CVE-2014-1717</cvename>
- <cvename>CVE-2014-1718</cvename>
- <cvename>CVE-2014-1719</cvename>
- <cvename>CVE-2014-1720</cvename>
- <cvename>CVE-2014-1721</cvename>
- <cvename>CVE-2014-1722</cvename>
- <cvename>CVE-2014-1723</cvename>
- <cvename>CVE-2014-1724</cvename>
- <cvename>CVE-2014-1725</cvename>
- <cvename>CVE-2014-1726</cvename>
- <cvename>CVE-2014-1727</cvename>
- <cvename>CVE-2014-1728</cvename>
- <cvename>CVE-2014-1729</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-04-08</discovery>
- <entry>2014-04-08</entry>
- </dates>
- </vuln>
-
<vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
<topic>OpenSSL -- Remote Information Disclosure</topic>
<affects>
@@ -56793,51 +56291,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="a70966a1-ac22-11e3-8d04-00262d5ed8ee">
- <topic>www/chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.152</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>New vulnerabilities after the Pwn2Own competition:</p>
- <ul>
- <li>[352369] Code execution outside sandbox. Credit to VUPEN.
- <ul>
- <li>[352374] High CVE-2014-1713: Use-after-free in Blink
- bindings</li>
- <li>[352395] High CVE-2014-1714: Windows clipboard
- vulnerability</li>
- </ul>
- </li>
- <li> [352420] Code execution outside sandbox. Credit to Anonymous.
- <ul>
- <li>[351787] High CVE-2014-1705: Memory corruption in V8</li>
- <li>[352429] High CVE-2014-1715: Directory traversal issue</li>
- </ul>
- </li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1705</cvename>
- <cvename>CVE-2014-1713</cvename>
- <cvename>CVE-2014-1714</cvename>
- <cvename>CVE-2014-1715</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-14</discovery>
- <entry>2014-03-15</entry>
- </dates>
- </vuln>
-
<vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
<topic>mutt -- denial of service, potential remote code execution</topic>
<affects>
@@ -56998,48 +56451,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="24cefa4b-a940-11e3-91f2-00262d5ed8ee">
- <topic>www/chromium --multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.149</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>7 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344881] High CVE-2014-1700: Use-after-free in speech. Credit
- to Chamal de Silva.</li>
- <li>[342618] High CVE-2014-1701: UXSS in events. Credit to
- aidanhs.</li>
- <li>[333058] High CVE-2014-1702: Use-after-free in web database.
- Credit to Collin Payne.</li>
- <li>[338354] High CVE-2014-1703: Potential sandbox escape due to a
- use-after-free in web sockets.</li>
- <li>[328202, 349079, 345715] CVE-2014-1704: Multiple
- vulnerabilities in V8 fixed in version 3.23.17.18.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2014-1700</cvename>
- <cvename>CVE-2014-1701</cvename>
- <cvename>CVE-2014-1702</cvename>
- <cvename>CVE-2014-1703</cvename>
- <cvename>CVE-2014-1704</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-11</discovery>
- <entry>2014-03-11</entry>
- </dates>
- </vuln>
-
<vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
<topic>freetype2 -- Out of bounds read/write</topic>
<affects>
@@ -57144,51 +56555,6 @@ and CVE-2013-0155.</p>
</dates>
</vuln>
- <vuln vid="b4023753-a4ba-11e3-bec2-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.146</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>19 vulnerabilities fixed in this release, including:</p>
- <ul>
- <li>[344492] High CVE-2013-6663: Use-after-free in svg images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[326854] High CVE-2013-6664: Use-after-free in speech
- recognition. Credit to Khalil Zhani.</li>
- <li>[337882] High CVE-2013-6665: Heap buffer overflow in software
- rendering. Credit to cloudfuzzer.</li>
- <li>[332023] Medium CVE-2013-6666: Chrome allows requests in flash
- header request. Credit to netfuzzerr.</li>
- <li>[348175] CVE-2013-6667: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[343964, 344186, 347909] CVE-2013-6668: Multiple
- vulnerabilities in V8 fixed in version 3.24.35.10.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6663</cvename>
- <cvename>CVE-2013-6664</cvename>
- <cvename>CVE-2013-6665</cvename>
- <cvename>CVE-2013-6666</cvename>
- <cvename>CVE-2013-6667</cvename>
- <cvename>CVE-2013-6668</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-03-03</discovery>
- <entry>2014-03-05</entry>
- </dates>
- </vuln>
-
<vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
<topic>gnutls -- multiple certificate verification issues</topic>
<affects>
@@ -57393,66 +56759,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="9dd47fa3-9d53-11e3-b20f-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>33.0.1750.117</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>28 security fixes in this release, including:</p>
- <ul>
- <li>[334897] High CVE-2013-6652: Issue with relative paths in
- Windows sandbox named pipe policy. Credit to tyranid.</li>
- <li>[331790] High CVE-2013-6653: Use-after-free related to web
- contents. Credit to Khalil Zhani.</li>
- <li>[333176] High CVE-2013-6654: Bad cast in SVG. Credit to
- TheShow3511.</li>
- <li>[293534] High CVE-2013-6655: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[331725] High CVE-2013-6656: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[331060] Medium CVE-2013-6657: Information leak in XSS auditor.
- Credit to NeexEmil.</li>
- <li>[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit
- to cloudfuzzer.</li>
- <li>[306959] Medium CVE-2013-6659: Issue with certificates
- validation in TLS handshake. Credit to Antoine Delignat-Lavaud
- and Karthikeyan Bhargavan from Prosecco, Inria Paris.</li>
- <li>[332579] Low CVE-2013-6660: Information leak in drag and drop.
- Credit to bishopjeffreys.</li>
- <li>[344876] Low-High CVE-2013-6661: Various fixes from internal
- audits, fuzzing and other initiatives. Of these, seven are fixes
- for issues that could have allowed for sandbox escapes from
- compromised renderers.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6652</cvename>
- <cvename>CVE-2013-6653</cvename>
- <cvename>CVE-2013-6654</cvename>
- <cvename>CVE-2013-6655</cvename>
- <cvename>CVE-2013-6656</cvename>
- <cvename>CVE-2013-6657</cvename>
- <cvename>CVE-2013-6658</cvename>
- <cvename>CVE-2013-6659</cvename>
- <cvename>CVE-2013-6660</cvename>
- <cvename>CVE-2013-6661</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-02-20</discovery>
- <entry>2014-02-24</entry>
- </dates>
- </vuln>
-
<vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
<topic>PostgreSQL -- multiple privilege issues</topic>
<affects>
@@ -57975,40 +57281,6 @@ JavaScript code would be executed.</p>
<cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
</vuln>
- <vuln vid="f9810c43-87a5-11e3-9214-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.102</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>14 security fixes in this release, including:</p>
- <ul>
- <li>[330420] High CVE-2013-6649: Use-after-free in SVG images.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[331444] High CVE-2013-6650: Memory corruption in V8. This
- issue was fixed in v8 version 3.22.24.16. Credit to Christian
- Holler.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6649</cvename>
- <cvename>CVE-2013-6650</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-27</discovery>
- <entry>2014-01-27</entry>
- </dates>
- </vuln>
-
<vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
<topic>rt42 -- denial-of-service attack via the email gateway</topic>
<affects>
@@ -58233,51 +57505,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="5acf4638-7e2c-11e3-9fba-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>32.0.1700.77</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>11 security fixes in this release, including:</p>
- <ul>
- <li>[249502] High CVE-2013-6646: Use-after-free in web workers.
- Credit to Collin Payne.</li>
- <li>[326854] High CVE-2013-6641: Use-after-free related to forms.
- Credit to Atte Kettunen of OUSPG.</li>
- <li>[324969] High CVE-2013-6642: Address bar spoofing in Chrome for
- Android. Credit to lpilorz.</li>
- <li>[321940] High CVE-2013-6643: Unprompted sync with an attacker’s
- Google account. Credit to Joao Lucas Melo Brasio.</li>
- <li>[318791] Medium CVE-2013-6645 Use-after-free related to speech
- input elements. Credit to Khalil Zhani.</li>
- <li>[333036] CVE-2013-6644: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6641</cvename>
- <cvename>CVE-2013-6642</cvename>
- <cvename>CVE-2013-6643</cvename>
- <cvename>CVE-2013-6644</cvename>
- <cvename>CVE-2013-6645</cvename>
- <cvename>CVE-2013-6646</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2014-01-14</discovery>
- <entry>2014-01-15</entry>
- </dates>
- </vuln>
-
<vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
<topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
<affects>
@@ -59033,57 +58260,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="79356040-5da4-11e3-829e-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.63</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>15 security fixes in this release, including:</p>
- <ul>
- <li>[307159] Medium CVE-2013-6634: Session fixation in sync related
- to 302 redirects. Credit to Andrey Labunets.</li>
- <li>[314469] High CVE-2013-6635: Use-after-free in editing. Credit
- to cloudfuzzer.</li>
- <li>[322959] Medium CVE-2013-6636: Address bar spoofing related to
- modal dialogs. Credit to Bas Venis.</li>
- <li>[325501] CVE-2013-6637: Various fixes from internal audits,
- fuzzing and other initiatives.</li>
- <li>[319722] Medium CVE-2013-6638: Buffer overflow in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319835] High CVE-2013-6639: Out of bounds write in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- <li>[319860] Medium CVE-2013-6640: Out of bounds read in v8. This
- issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow
- of the Chromium project.</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6634</cvename>
- <cvename>CVE-2013-6635</cvename>
- <cvename>CVE-2013-6636</cvename>
- <cvename>CVE-2013-6637</cvename>
- <cvename>CVE-2013-6638</cvename>
- <cvename>CVE-2013-6639</cvename>
- <cvename>CVE-2013-6640</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-12-04</discovery>
- <entry>2013-12-05</entry>
- </dates>
- </vuln>
-
<vuln vid="4158c57e-5d39-11e3-bc1e-6cf0490a8c18">
<topic>Joomla! -- Core XSS Vulnerabilities</topic>
<affects>
@@ -59448,33 +58624,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="e62ab2af-4df4-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple memory corruption issues</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.57</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>[319117] [319125] Critical CVE-2013-6632: Multiple memory
- corruption issues. Credit to Pinkie Pie.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <cvename>CVE-2013-6632</cvename>
- <url>http://googlechromereleases.blogspot.nl/</url>
- </references>
- <dates>
- <discovery>2013-11-14</discovery>
- <entry>2013-11-15</entry>
- </dates>
- </vuln>
-
<vuln vid="adcbdba2-4c27-11e3-9848-98fc11cdc4f5">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
@@ -59503,69 +58652,6 @@ JavaScript code would be executed.</p>
</dates>
</vuln>
- <vuln vid="3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee">
- <topic>chromium -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>chromium</name>
- <range><lt>31.0.1650.48</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>Google Chrome Releases reports:</p>
- <blockquote cite="http://googlechromereleases.blogspot.nl/">
- <p>25 security fixes in this release, including:</p>
- <ul>
- <li>[268565] Medium CVE-2013-6621: Use after free related to speech input elements.
- Credit to Khalil Zhani.</li>
- <li>[272786] High CVE-2013-6622: Use after free related to media elements. Credit
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list