svn commit: r542278 - head/security/vuxml
Rene Ladan
rene at FreeBSD.org
Wed Jul 15 18:13:57 UTC 2020
Author: rene
Date: Wed Jul 15 18:13:55 2020
New Revision: 542278
URL: https://svnweb.freebsd.org/changeset/ports/542278
Log:
Document new vulnerabilities in www/chromium < 84.0.4147.89
Obtained from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jul 15 18:09:40 2020 (r542277)
+++ head/security/vuxml/vuln.xml Wed Jul 15 18:13:55 2020 (r542278)
@@ -58,6 +58,127 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="870d59b0-c6c4-11ea-8015-e09467587c17">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>84.0.4147.89</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html">
+ <p>This update contains 38 security fixes, including:</p>
+ <ul>
+ <li>[1103195] Critical CVE-2020-6510: Heap buffer overflow in
+ background fetch. Reported by Leecraso and Guang Gong of 360
+ Alpha Lab working with 360 BugCloud on 2020-07-08</li>
+ <li>[1074317] High CVE-2020-6511: Side-channel information leakage
+ in content security policy. Reported by Mikhail Oblozhikhin on
+ 2020-04-24</li>
+ <li>[1084820] High CVE-2020-6512: Type Confusion in V8. Reported by
+ nocma, leogan, cheneyxu of WeChat Open Platform Security Team on
+ 2020-05-20</li>
+ <li>[1091404] High CVE-2020-6513: Heap buffer overflow in PDFium.
+ Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04</li>
+ <li>[1076703] High CVE-2020-6514: Inappropriate implementation in
+ WebRTC. Reported by Natalie Silvanovich of Google Project Zero on
+ 2020-04-30</li>
+ <li>[1082755] High CVE-2020-6515: Use after free in tab strip.
+ Reported by DDV_UA on 2020-05-14</li>
+ <li>[1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by
+ Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security
+ Xuanwu Lab on 2020-06-08</li>
+ <li>[1095560] High CVE-2020-6517: Heap buffer overflow in history.
+ Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu
+ Lab on 2020-06-16</li>
+ <li>[986051] Medium CVE-2020-6518: Use after free in developer
+ tools. Reported by David Erceg on 2019-07-20</li>
+ <li>[1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported
+ by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25</li>
+ <li>[1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia.
+ Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08</li>
+ <li>[1075734] Medium CVE-2020-6521: Side-channel information leakage
+ in autofill. Reported by Xu Lin (University of Illinois at
+ Chicago), Panagiotis Ilia (University of Illinois at Chicago),
+ Jason Polakis (University of Illinois at Chicago) on
+ 2020-04-27</li>
+ <li>[1052093] Medium CVE-2020-6522: Inappropriate implementation in
+ external protocol handlers. Reported by Eric Lawrence of Microsoft
+ on 2020-02-13</li>
+ <li>[1080481] Medium CVE-2020-6523: Out of bounds write in Skia.
+ Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on
+ 2020-05-08</li>
+ <li>[1081722] Medium CVE-2020-6524: Heap buffer overflow in
+ WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona
+ State University on 2020-05-12</li>
+ <li>[1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia.
+ Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05</li>
+ <li>[1074340] Low CVE-2020-6526: Inappropriate implementation in
+ iframe sandbox. Reported by Jonathan Kingston on 2020-04-24</li>
+ <li>[992698] Low CVE-2020-6527: Insufficient policy enforcement in
+ CSP. Reported by Zhong Zhaochen of andsecurity.cn on
+ 2019-08-10</li>
+ <li>[1063690] Low CVE-2020-6528: Incorrect security UI in basic
+ auth. Reported by Rayyan Bijoora on 2020-03-22</li>
+ <li>[978779] Low CVE-2020-6529: Inappropriate implementation in
+ WebRTC. Reported by kaustubhvats7 on 2019-06-26</li>
+ <li>[1016278] Low CVE-2020-6530: Out of bounds memory access in
+ developer tools. Reported by myvyang on 2019-10-21</li>
+ <li>[1042986] Low CVE-2020-6531: Side-channel information leakage in
+ scroll to text. Reported by Jun Kokatsu, Microsoft Browser
+ Vulnerability Research on 2020-01-17</li>
+ <li>[1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by
+ Avihay Cohen @ SeraphicAlgorithms on 2020-04-11</li>
+ <li>[1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC.
+ Reported by Anonymous on 2020-04-20</li>
+ <li>[1073409] Low CVE-2020-6535: Insufficient data validation in
+ WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability
+ Research on 2020-04-22</li>
+ <li>[1080934] Low CVE-2020-6536: Incorrect security UI in PWAs.
+ Reported by Zhiyang Zeng of Tencent security platform department
+ on 2020-05-09</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-6510</cvename>
+ <cvename>CVE-2020-6511</cvename>
+ <cvename>CVE-2020-6512</cvename>
+ <cvename>CVE-2020-6513</cvename>
+ <cvename>CVE-2020-6514</cvename>
+ <cvename>CVE-2020-6515</cvename>
+ <cvename>CVE-2020-6516</cvename>
+ <cvename>CVE-2020-6517</cvename>
+ <cvename>CVE-2020-6518</cvename>
+ <cvename>CVE-2020-6519</cvename>
+ <cvename>CVE-2020-6520</cvename>
+ <cvename>CVE-2020-6521</cvename>
+ <cvename>CVE-2020-6522</cvename>
+ <cvename>CVE-2020-6523</cvename>
+ <cvename>CVE-2020-6524</cvename>
+ <cvename>CVE-2020-6525</cvename>
+ <cvename>CVE-2020-6526</cvename>
+ <cvename>CVE-2020-6527</cvename>
+ <cvename>CVE-2020-6528</cvename>
+ <cvename>CVE-2020-6529</cvename>
+ <cvename>CVE-2020-6530</cvename>
+ <cvename>CVE-2020-6531</cvename>
+ <cvename>CVE-2020-6533</cvename>
+ <cvename>CVE-2020-6534</cvename>
+ <cvename>CVE-2020-6535</cvename>
+ <cvename>CVE-2020-6536</cvename>
+ <url>https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2020-07-14</discovery>
+ <entry>2020-07-15</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1ddab5cb-14c9-4632-959f-802c412a9593">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list