svn commit: r422049 - head/security/vuxml
Rene Ladan
rene at FreeBSD.org
Tue Sep 13 17:59:24 UTC 2016
Author: rene
Date: Tue Sep 13 17:59:22 2016
New Revision: 422049
URL: https://svnweb.freebsd.org/changeset/ports/422049
Log:
Belatedly add vulnerabilities for www/chromium < 52.0.2743.116
Obtained from: https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Sep 13 17:51:38 2016 (r422048)
+++ head/security/vuxml/vuln.xml Tue Sep 13 17:59:22 2016 (r422049)
@@ -58,6 +58,59 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="958b9cee-79da-11e6-bf75-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>52.0.2743.116</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html">
+ <p>10 security fixes in this release, including:</p>
+ <ul>
+ <li>[629542] High CVE-2016-5141 Address bar spoofing. Credit to
+ anonymous</li>
+ <li>[626948] High CVE-2016-5142 Use-after-free in Blink. Credit to
+ anonymous</li>
+ <li>[625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to
+ GiWan Go of Stealien</li>
+ <li>[619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to
+ Ke Liu of Tencent's Xuanwu LAB</li>
+ <li>[623406] Medium CVE-2016-5145 Same origin bypass for images in
+ Blink. Credit to anonymous</li>
+ <li>[619414] Medium CVE-2016-5143 Parameter sanitization failure in
+ DevTools. Credit to Gregory Panakkal</li>
+ <li>[618333] Medium CVE-2016-5144 Parameter sanitization failure in
+ DevTools. Credit to Gregory Panakkal</li>
+ <li>[633486] CVE-2016-5146: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5139</cvename>
+ <cvename>CVE-2016-5140</cvename>
+ <cvename>CVE-2016-5141</cvename>
+ <cvename>CVE-2016-5142</cvename>
+ <cvename>CVE-2016-5143</cvename>
+ <cvename>CVE-2016-5144</cvename>
+ <cvename>CVE-2016-5145</cvename>
+ <cvename>CVE-2016-5146</cvename>
+ <url>https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2016-08-03</discovery>
+ <entry>2016-09-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="856b88bf-7984-11e6-81e7-d050996490d0">
<topic>mysql -- Remote Root Code Execution</topic>
<affects>
More information about the svn-ports-head
mailing list