From nobody Tue Jan 10 19:50:56 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ns1dX5chlz2p5l1; Tue, 10 Jan 2023 19:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ns1dX58W5z4MTX; Tue, 10 Jan 2023 19:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673380256; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fyu3d891CELgFYBVm4D401ydmGauu/H9GZ49fuUCFAQ=; b=PPBnDVHU4QBmOS15c+PRAj9DS4ciyfEDQ8+nPvzZBB3IwuJZDfR6Yr4RNqY+JnEb63dq3x bqRdgxRhTwbDASvEqAU+ap5zN6Zm+tTgXy7sjV6/fxWaCCj+AwLoU8LFXe+wVev4o1JDg5 aFV8LeJvbjIJbJgjeGVZqV0lwyZ7GlIwP06XTavshJjw2fyK+7J6IU+MybetOC9RkHOISx WK7YRk3RSElmyJW2C/qZppEx+uu6oqcTH3IX5lqwliytnkDEWyJMUpMu0OwoqZae/6vebQ ED9YwV2l0ybmPs0f9sH7naBaZR2CKr2t1x4zpSChBTW/32syy2hpkPSOyLdpuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673380256; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Fyu3d891CELgFYBVm4D401ydmGauu/H9GZ49fuUCFAQ=; b=vZqC5EP/OESBl3z/cPoV/ouYVDSylg4A/FSihLrdM9OxXuikFQCpIj2wDhmO/elP3zj4M0 NHu+KZVpbEU+2PqT5R5I5YcyO64nTTuuZzQSPT5O2fr4YhhTLfM94jSU+yQk+/Cl+v2qDv vc3flwIhgxw3f9HRWmwPn77DvfLh0eDhYz3JDFlIe5TyZ2dhaA3hUyRRF+CRsZy+TJyyDn xleSK4rb5nzoyUne9uDIU2FU95rz89jK03q4qrvIWkDI9PPgrWiZZcOKSG6QkQsUsSY+Nl PXaviIPRzQnJFm0Fi7YIaGXAnLnUZc+62JCcv7uCdLTlFiti8hXYZr54QNWndg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673380256; a=rsa-sha256; cv=none; b=oLgCKTI/1UTt8JcoNV6Z4dAvW8OYMmlwSxr9JDefxO5cwlK8t5MA/p7CYtyvVuijZh27Z5 d+4KwD8yeTEaPOfMI9RCPNVe4u59z0sMH3ivHBKDEjA668RCBNjPjlRBJZ9hz+ooBgfWQ8 iABM+Hnn2WuYd7fE4tt1e5k/dskJZnuiqXwhM5nApiFuLF0tkd3enBUjx4HQt4TeLydnJx +NAOIiXM84D5w/s+au2gnh9zfGp8Je0CGtS/zulCfgMxR79LtKwsoeSX/KQ02qqA/VqPVV 7ERPBCqCkgJTLJX2Jv2fR6DPEPqmwrVABy5/TCyZ8yT6I3Gvt+MZ6iGbaFrk5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ns1dX4C7czKw7; Tue, 10 Jan 2023 19:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30AJouvU004879; Tue, 10 Jan 2023 19:50:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30AJouUw004878; Tue, 10 Jan 2023 19:50:56 GMT (envelope-from git) Date: Tue, 10 Jan 2023 19:50:56 GMT Message-Id: <202301101950.30AJouUw004878@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Rene Ladan Subject: git: 40c70d31cf0e - main - security/vuxml: add www/*chromium < 109.0.5414.74 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rene X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 40c70d31cf0e8393604bc6a20bff9ee8df5157bc Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=40c70d31cf0e8393604bc6a20bff9ee8df5157bc commit 40c70d31cf0e8393604bc6a20bff9ee8df5157bc Author: Rene Ladan AuthorDate: 2023-01-10 19:46:56 +0000 Commit: Rene Ladan CommitDate: 2023-01-10 19:46:56 +0000 security/vuxml: add www/*chromium < 109.0.5414.74 Obtained from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html --- security/vuxml/vuln/2023.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index a435871a86b5..35895839ff4c 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,62 @@ + + chromium -- multiple vulnerabilities + + + chromium + 109.0.5414.74 + + + ungoogled-chromium + 109.0.5414.74 + + + + +

Chrome Releases reports:

+
+

This release contains 17 security fixes, including:

+
    +
  • [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
    • +
  • [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
    • +
  • [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
    • +
  • [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
    • +
  • [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
    • +
  • [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
    • +
  • [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
    • +
  • [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
    • +
  • [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
    • +
  • [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
    • +
  • [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
    • +
  • [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
    • +
  • [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
    • +
  • [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
    • +
+
+ + + + CVE-2023-0128 + CVE-2023-0129 + CVE-2023-0130 + CVE-2023-0131 + CVE-2023-0132 + CVE-2023-0133 + CVE-2023-0134 + CVE-2023-0135 + CVE-2023-0136 + CVE-2023-0137 + CVE-2023-0138 + CVE-2023-0139 + CVE-2023-0140 + CVE-2023-0141 + https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html + + + 2023-01-10 + 2023-01-10 + + + net-mgmt/cacti is vulnerable to remote command injection