svn commit: r546298 - head/security/vuxml
Rene Ladan
rene at FreeBSD.org
Wed Aug 26 18:01:44 UTC 2020
Author: rene
Date: Wed Aug 26 18:01:43 2020
New Revision: 546298
URL: https://svnweb.freebsd.org/changeset/ports/546298
Log:
Document new vulnerabilities in www/chromium < 85.0.4183.83
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Aug 26 17:46:48 2020 (r546297)
+++ head/security/vuxml/vuln.xml Wed Aug 26 18:01:43 2020 (r546298)
@@ -58,6 +58,83 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d73bc4e6-e7c4-11ea-a878-e09467587c17">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>85.0.4183.83</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html">
+ <p>This update includes 20 security fixes, including:</p>
+ <ul>
+ <li>[1109120] High CVE-2020-6558: Insufficient policy
+ enforcement in iOS. Reported by Alison Huffman, Microsoft Browser
+ Vulnerability Research on 2020-07-24</li>
+ <li>[1116706] High CVE-2020-6559: Use after free in presentation
+ API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu
+ Lab on 2020-08-15</li>
+ <li>[1108181] Medium CVE-2020-6560: Insufficient policy
+ enforcement in autofill. Reported by Nadja Ungethuem from
+ www.unnex.de on 2020-07-22</li>
+ <li>[932892] Medium CVE-2020-6561: Inappropriate implementation
+ in Content Security Policy. Reported by Rob Wu on 2019-02-16</li>
+ <li>[1086845] Medium CVE-2020-6562: Insufficient policy
+ enforcement in Blink. Reported by Masato Kinugawa on
+ 2020-05-27</li>
+ <li>[1104628] Medium CVE-2020-6563: Insufficient policy
+ enforcement in intent handling. Reported by Pedro Oliveira on
+ 2020-07-12</li>
+ <li>[841622] Medium CVE-2020-6564: Incorrect security UI in
+ permissions. Reported by Khalil Zhani on 2018-05-10</li>
+ <li>[1029907] Medium CVE-2020-6565: Incorrect security UI in
+ Omnibox. Reported by Khalil Zhani on 2019-12-02</li>
+ <li>[1065264] Medium CVE-2020-6566: Insufficient policy
+ enforcement in media. Reported by Jun Kokatsu, Microsoft Browser
+ Vulnerability Research on 2020-03-27</li>
+ <li>[937179] Low CVE-2020-6567: Insufficient validation of
+ untrusted input in command line handling. Reported by Joshua
+ Graham of TSS on 2019-03-01</li>
+ <li>[1092451] Low CVE-2020-6568: Insufficient policy enforcement
+ in intent handling. Reported by Yongke Wang(@Rudykewang) and
+ Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08</li>
+ <li>[995732] Low CVE-2020-6569: Integer overflow in WebUSB.
+ Reported by guaixiaomei on 2019-08-20</li>
+ <li>[1084699] Low CVE-2020-6570: Side-channel information leakage
+ in WebRTC. Reported by Signal/Tenable on 2020-05-19</li>
+ <li>[1085315] Low CVE-2020-6571: Incorrect security UI in Omnibox.
+ Reported by Rayyan Bijoora on 2020-05-21</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-6558</cvename>
+ <cvename>CVE-2020-6559</cvename>
+ <cvename>CVE-2020-6560</cvename>
+ <cvename>CVE-2020-6561</cvename>
+ <cvename>CVE-2020-6562</cvename>
+ <cvename>CVE-2020-6563</cvename>
+ <cvename>CVE-2020-6564</cvename>
+ <cvename>CVE-2020-6565</cvename>
+ <cvename>CVE-2020-6566</cvename>
+ <cvename>CVE-2020-6567</cvename>
+ <cvename>CVE-2020-6568</cvename>
+ <cvename>CVE-2020-6569</cvename>
+ <cvename>CVE-2020-6570</cvename>
+ <cvename>CVE-2020-6571</cvename>
+ <url>https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html</url>
+ </references>
+ <dates>
+ <discovery>2020-08-25</discovery>
+ <entry>2020-08-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6842ac7e-d250-11ea-b9b7-08002728f74c">
<topic>jasper -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list