svn commit: r305556 - head/security/vuxml
Rene Ladan
rene at FreeBSD.org
Tue Oct 9 06:28:52 UTC 2012
Author: rene
Date: Mon Oct 8 20:45:52 2012
New Revision: 305556
URL: http://svn.freebsd.org/changeset/ports/305556
Log:
Document new vulnerabilities in www/chromium < 22.0.1229.92
Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Oct 8 20:00:29 2012 (r305555)
+++ head/security/vuxml/vuln.xml Mon Oct 8 20:45:52 2012 (r305556)
@@ -51,6 +51,46 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e6161b65-1187-11e2-afe3-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>22.0.1229.92</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
+ <p>[138208] High CVE-2012-2900: Crash in Skia text rendering. Credit
+ to Atte Kettunen of OUSPG.</p>
+ <p>[147499] Critical CVE-2012-5108: Race condition in audio device
+ handling. Credit to Atte Kettunen of OUSPG.</p>
+ <p>[148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to
+ Arthur Gerkis.</p>
+ <p>[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor.
+ Credit to Google Chrome Security Team (Inferno).</p>
+ <p>[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing
+ for Pepper plug-ins. Credit to Google Chrome Security Team (Chris
+ Evans).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-2900</cvename>
+ <cvename>CVE-2012-5108</cvename>
+ <cvename>CVE-2012-5109</cvename>
+ <cvename>CVE-2012-5110</cvename>
+ <cvename>CVE-2012-5111</cvename>
+ <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
+ </references>
+ <dates>
+ <discovery>2012-10-08</discovery>
+ <entry>2012-10-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5">
<topic>OpenX -- SQL injection vulnerability</topic>
<affects>
More information about the svn-ports-head
mailing list