Author: rene
Date: Tue Nov 27 19:32:44 2012
New Revision: 307860
URL: http://svnweb.freebsd.org/changeset/ports/307860
Log:
MFH r307828: describe new vulnerabilities in www/chromium < 23.0.1271.91
Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
MFH r307855: update www/chromium to 23.0.1271.91
Security: http://www.vuxml.org/freebsd/4d64fc61-3878-11e2-a4eb-00262d5ed8ee.html
Approved by: portmgr (tabthorpe)
Feature safe: yes
Modified:
branches/RELENG_9_1_0/security/vuxml/vuln.xml
branches/RELENG_9_1_0/www/chromium/Makefile
branches/RELENG_9_1_0/www/chromium/distinfo
Directory Properties:
branches/RELENG_9_1_0/ (props changed)
Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml
==============================================================================
--- branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 27 19:25:51 2012 (r307859)
+++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 27 19:32:44 2012 (r307860)
@@ -51,6 +51,48 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4d64fc61-3878-11e2-a4eb-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>23.0.1271.91</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/search/label/Stable%20updates">
+ <p>[156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit
+ to miaubiz.</p>
+ <p>[148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit
+ to Atte Kettunen of OUSPG.</p>
+ <p>[155711] Low CVE-2012-5132: Browser crash with chunked encoding.
+ Credit to Attila Szász.</p>
+ <p>[158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to
+ Google Chrome Security Team (Jüri Aedla).</p>
+ <p>[159165] Medium CVE-2012-5135: Use-after-free with printing.
+ Credit to Fermin Serna of Google Security Team.</p>
+ <p>[159829] Medium CVE-2012-5136: Bad cast in input element handling.
+ Credit to Google Chrome Security Team (Inferno).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-5130</cvename>
+ <cvename>CVE-2012-5132</cvename>
+ <cvename>CVE-2012-5133</cvename>
+ <cvename>CVE-2012-5134</cvename>
+ <cvename>CVE-2012-5135</cvename>
+ <cvename>CVE-2012-5136</cvename>
+ <url>http://googlechromereleases.blogspot.nl/search/label/Stable%20updates</url>
+ </references>
+ <dates>
+ <discovery>2012-11-26</discovery>
+ <entry>2012-11-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5536c8e4-36b3-11e2-a633-902b343deec9">
<topic>FreeBSD -- Linux compatibility layer input validation error</topic>
<affects>
Modified: branches/RELENG_9_1_0/www/chromium/Makefile
==============================================================================
--- branches/RELENG_9_1_0/www/chromium/Makefile Tue Nov 27 19:25:51 2012 (r307859)
+++ branches/RELENG_9_1_0/www/chromium/Makefile Tue Nov 27 19:32:44 2012 (r307860)
@@ -3,8 +3,7 @@
PORTNAME= chromium
DISTVERSIONPREFIX= courgette-redacted-
-DISTVERSION= 23.0.1271.64
-PORTREVISION= 1
+DISTVERSION= 23.0.1271.91
CATEGORIES= www
MASTER_SITES= http://download.goodking.org/downloads/ \
ftp://rene-ladan.nl/pub/distfiles/ \
Modified: branches/RELENG_9_1_0/www/chromium/distinfo
==============================================================================
--- branches/RELENG_9_1_0/www/chromium/distinfo Tue Nov 27 19:25:51 2012 (r307859)
+++ branches/RELENG_9_1_0/www/chromium/distinfo Tue Nov 27 19:32:44 2012 (r307860)
@@ -1,2 +1,2 @@
-SHA256 (chromium-courgette-redacted-23.0.1271.64.tar.xz) = da86614142ea34d27b0e566fe2c7823cb07ef45a9161d77cfdf715d6c018ca39
-SIZE (chromium-courgette-redacted-23.0.1271.64.tar.xz) = 179486396
+SHA256 (chromium-courgette-redacted-23.0.1271.91.tar.xz) = f5b45eeab5b292a81b70ee8d0cf5db4c1b76b9a98db60f7602b12f373ffe62b1
+SIZE (chromium-courgette-redacted-23.0.1271.91.tar.xz) = 179453608