Date: Wed, 15 Jul 2020 18:13:56 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r542278 - head/security/vuxml Message-ID: <202007151813.06FIDue5097207@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Wed Jul 15 18:13:55 2020 New Revision: 542278 URL: https://svnweb.freebsd.org/changeset/ports/542278 Log: Document new vulnerabilities in www/chromium < 84.0.4147.89 Obtained from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 15 18:09:40 2020 (r542277) +++ head/security/vuxml/vuln.xml Wed Jul 15 18:13:55 2020 (r542278) @@ -58,6 +58,127 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="870d59b0-c6c4-11ea-8015-e09467587c17"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>84.0.4147.89</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html"> + <p>This update contains 38 security fixes, including:</p> + <ul> + <li>[1103195] Critical CVE-2020-6510: Heap buffer overflow in + background fetch. Reported by Leecraso and Guang Gong of 360 + Alpha Lab working with 360 BugCloud on 2020-07-08</li> + <li>[1074317] High CVE-2020-6511: Side-channel information leakage + in content security policy. Reported by Mikhail Oblozhikhin on + 2020-04-24</li> + <li>[1084820] High CVE-2020-6512: Type Confusion in V8. Reported by + nocma, leogan, cheneyxu of WeChat Open Platform Security Team on + 2020-05-20</li> + <li>[1091404] High CVE-2020-6513: Heap buffer overflow in PDFium. + Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04</li> + <li>[1076703] High CVE-2020-6514: Inappropriate implementation in + WebRTC. Reported by Natalie Silvanovich of Google Project Zero on + 2020-04-30</li> + <li>[1082755] High CVE-2020-6515: Use after free in tab strip. + Reported by DDV_UA on 2020-05-14</li> + <li>[1092449] High CVE-2020-6516: Policy bypass in CORS. Reported by + Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security + Xuanwu Lab on 2020-06-08</li> + <li>[1095560] High CVE-2020-6517: Heap buffer overflow in history. + Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu + Lab on 2020-06-16</li> + <li>[986051] Medium CVE-2020-6518: Use after free in developer + tools. Reported by David Erceg on 2019-07-20</li> + <li>[1064676] Medium CVE-2020-6519: Policy bypass in CSP. Reported + by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25</li> + <li>[1092274] Medium CVE-2020-6520: Heap buffer overflow in Skia. + Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08</li> + <li>[1075734] Medium CVE-2020-6521: Side-channel information leakage + in autofill. Reported by Xu Lin (University of Illinois at + Chicago), Panagiotis Ilia (University of Illinois at Chicago), + Jason Polakis (University of Illinois at Chicago) on + 2020-04-27</li> + <li>[1052093] Medium CVE-2020-6522: Inappropriate implementation in + external protocol handlers. Reported by Eric Lawrence of Microsoft + on 2020-02-13</li> + <li>[1080481] Medium CVE-2020-6523: Out of bounds write in Skia. + Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on + 2020-05-08</li> + <li>[1081722] Medium CVE-2020-6524: Heap buffer overflow in + WebAudio. Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona + State University on 2020-05-12</li> + <li>[1091670] Medium CVE-2020-6525: Heap buffer overflow in Skia. + Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05</li> + <li>[1074340] Low CVE-2020-6526: Inappropriate implementation in + iframe sandbox. Reported by Jonathan Kingston on 2020-04-24</li> + <li>[992698] Low CVE-2020-6527: Insufficient policy enforcement in + CSP. Reported by Zhong Zhaochen of andsecurity.cn on + 2019-08-10</li> + <li>[1063690] Low CVE-2020-6528: Incorrect security UI in basic + auth. Reported by Rayyan Bijoora on 2020-03-22</li> + <li>[978779] Low CVE-2020-6529: Inappropriate implementation in + WebRTC. Reported by kaustubhvats7 on 2019-06-26</li> + <li>[1016278] Low CVE-2020-6530: Out of bounds memory access in + developer tools. Reported by myvyang on 2019-10-21</li> + <li>[1042986] Low CVE-2020-6531: Side-channel information leakage in + scroll to text. Reported by Jun Kokatsu, Microsoft Browser + Vulnerability Research on 2020-01-17</li> + <li>[1069964] Low CVE-2020-6533: Type Confusion in V8. Reported by + Avihay Cohen @ SeraphicAlgorithms on 2020-04-11</li> + <li>[1072412] Low CVE-2020-6534: Heap buffer overflow in WebRTC. + Reported by Anonymous on 2020-04-20</li> + <li>[1073409] Low CVE-2020-6535: Insufficient data validation in + WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability + Research on 2020-04-22</li> + <li>[1080934] Low CVE-2020-6536: Incorrect security UI in PWAs. + Reported by Zhiyang Zeng of Tencent security platform department + on 2020-05-09</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2020-6510</cvename> + <cvename>CVE-2020-6511</cvename> + <cvename>CVE-2020-6512</cvename> + <cvename>CVE-2020-6513</cvename> + <cvename>CVE-2020-6514</cvename> + <cvename>CVE-2020-6515</cvename> + <cvename>CVE-2020-6516</cvename> + <cvename>CVE-2020-6517</cvename> + <cvename>CVE-2020-6518</cvename> + <cvename>CVE-2020-6519</cvename> + <cvename>CVE-2020-6520</cvename> + <cvename>CVE-2020-6521</cvename> + <cvename>CVE-2020-6522</cvename> + <cvename>CVE-2020-6523</cvename> + <cvename>CVE-2020-6524</cvename> + <cvename>CVE-2020-6525</cvename> + <cvename>CVE-2020-6526</cvename> + <cvename>CVE-2020-6527</cvename> + <cvename>CVE-2020-6528</cvename> + <cvename>CVE-2020-6529</cvename> + <cvename>CVE-2020-6530</cvename> + <cvename>CVE-2020-6531</cvename> + <cvename>CVE-2020-6533</cvename> + <cvename>CVE-2020-6534</cvename> + <cvename>CVE-2020-6535</cvename> + <cvename>CVE-2020-6536</cvename> + <url>https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2020-07-14</discovery> + <entry>2020-07-15</entry> + </dates> + </vuln> + <vuln vid="1ddab5cb-14c9-4632-959f-802c412a9593"> <topic>jenkins -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007151813.06FIDue5097207>