From nobody Wed Nov 30 12:15:37 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NMdT56sWyz4jn6c;
	Wed, 30 Nov 2022 12:15:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NMdT56Jd2z3LYQ;
	Wed, 30 Nov 2022 12:15:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1669810537;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6two6zmY4mhhPgiSySfDCOx4r7SatSDJkJYkCt3xerw=;
	b=yn9+w2KViiNb+rCnUpXGC71KQhtt51kzY4Q/zKkGPzEAxBQd1VfLEUX61vjUyIv0wrZsug
	Knpvj3YzjFdwQeUnZ1zeQJFcwNPTmzdSdxrEO+f8Unxud8V3Eu47RxtjqD+k/BJ74FLXgQ
	3JqaPVt9xw0Z7/nI8UFtdfA8MHSFYci8xPtBaLxRnJlg8XZaBcXWNHCiqy/1n3dB+H7DCL
	6gidZdCwRMnfC5XQI854vHIbMVRyk6ut+G3e1hVx5ry5YR5BYq5Y/bbRvKH5I+uCe5y5oT
	CIb6UzaFPycH9hH8lDiiXH13ANWBkhF5q/LskGExedzxIyjTOyZ/z49yeRewOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1669810537;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6two6zmY4mhhPgiSySfDCOx4r7SatSDJkJYkCt3xerw=;
	b=VfEvkOZy6U+ygmyE6JdVl/dDN0AZ5CpB/OjP4aE3QqzMrFX4vwNZNBtvFVPnDYFqQMesWp
	VeED7bhsvthTNo1PgEYJviacpWWz6w+Dw7MyRj4yhBokCEYHIssuwClh+extofs8hOWu0K
	m+JO6TMt4EcAv8Jb3JL2oK/OulHPiWJd/CoLcg3F61F5JmK8O2/o95ixxxVolmJ0g0LyHb
	80FbyD/HgU2LqmoFLBLYjV2k4NhhQLqZ+mczkM02zClPQxj4L1w0POawnwuj2rQtajYeLm
	oR/id0qxjBjn07N5iiE31hpMdNGAF75pOZZpW3Hzs47Ooa9AR/hZyJIOOhhPYw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669810537; a=rsa-sha256; cv=none;
	b=CZNq2zs9HUHz+ZbZhvCLn6yUyb5KlCfDs/Hm9RMYNRuFmERL8bsl/ecUR1iJlRClPqEJCK
	L0tkcRCYVJRcKvSym6DXBgEISXT4MkZezr/Cu7O3j6Qh/ZhEUHyHBKX/tirFowz0EJMDNl
	NOCNhUbrUYQ7YEN8BmCfbpPv5kVwAnwT0YeD3ljpjo9nE49Xsgy77wgs/9mvMNdign3PQU
	tfvOHztmXMTvw3rrdzWRii68L/7hwkPpFdjnT/Bf5/JRfPYtrwyOz7cvfzxG53PMdqJpkU
	mmxtuWltMm1QYo9J6qKgxvr2wjjOm+Ril8G2XpLtuQ4EsrQGGXbu7Ravs5ED9A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NMdT55L1lzw6Y;
	Wed, 30 Nov 2022 12:15:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AUCFblG034132;
	Wed, 30 Nov 2022 12:15:37 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AUCFb9P034131;
	Wed, 30 Nov 2022 12:15:37 GMT
	(envelope-from git)
Date: Wed, 30 Nov 2022 12:15:37 GMT
Message-Id: <202211301215.2AUCFb9P034131@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Rene Ladan <rene@FreeBSD.org>
Subject: git: 20320b878797 - main - security/vuxml: add www/chromium < 108.0.5359.71
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rene
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 20320b878797d2ae1f827ac818cc31c29fbbca0b
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by rene:

URL: https://cgit.FreeBSD.org/ports/commit/?id=20320b878797d2ae1f827ac818cc31c29fbbca0b

commit 20320b878797d2ae1f827ac818cc31c29fbbca0b
Author:     Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-11-30 12:14:44 +0000
Commit:     Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-11-30 12:14:44 +0000

    security/vuxml: add www/chromium < 108.0.5359.71
    
    Obtained from:  https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
---
 security/vuxml/vuln/2022.xml | 75 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index 08e896fdb5cd..07e350789831 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1,3 +1,78 @@
+  <vuln vid="5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>108.0.5359.71</lt></range>
+      </package>
+      <package>
+	<name>ungoogled-chromium</name>
+	<range><lt>108.0.5359.71</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html">
+	  <p>This release contains 28 security fixes, including:</p>
+	  <ul>
+	    <li>[1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27</li>
+	    <li>[1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04</li>
+	    <li>[1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08</li>
+	    <li>[1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28</li>
+	    <li>[1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18</li>
+	    <li>[1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24</li>
+	    <li>[1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26</li>
+	    <li>[1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09</li>
+	    <li>[1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28</li>
+	    <li>[1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22</li>
+	    <li>[1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01</li>
+	    <li>[1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10</li>
+	    <li>[1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21</li>
+	    <li>[1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04</li>
+	    <li>[1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30</li>
+	    <li>[1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15</li>
+	    <li>[1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27</li>
+	    <li>[1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12</li>
+	    <li>[1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14</li>
+	    <li>[1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19</li>
+	    <li>[1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03</li>
+	    <li>[1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-4174</cvename>
+      <cvename>CVE-2022-4175</cvename>
+      <cvename>CVE-2022-4176</cvename>
+      <cvename>CVE-2022-4177</cvename>
+      <cvename>CVE-2022-4178</cvename>
+      <cvename>CVE-2022-4179</cvename>
+      <cvename>CVE-2022-4180</cvename>
+      <cvename>CVE-2022-4181</cvename>
+      <cvename>CVE-2022-4182</cvename>
+      <cvename>CVE-2022-4183</cvename>
+      <cvename>CVE-2022-4184</cvename>
+      <cvename>CVE-2022-4185</cvename>
+      <cvename>CVE-2022-4186</cvename>
+      <cvename>CVE-2022-4187</cvename>
+      <cvename>CVE-2022-4188</cvename>
+      <cvename>CVE-2022-4189</cvename>
+      <cvename>CVE-2022-4190</cvename>
+      <cvename>CVE-2022-4191</cvename>
+      <cvename>CVE-2022-4192</cvename>
+      <cvename>CVE-2022-4193</cvename>
+      <cvename>CVE-2022-4194</cvename>
+      <cvename>CVE-2022-4195</cvename>
+      <url>https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html</url>
+    </references>
+    <dates>
+      <discovery>2022-11-29</discovery>
+      <entry>2022-11-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>