From owner-freebsd-chromium@FreeBSD.ORG  Wed Mar  4 21:54:20 2015
Return-Path: <owner-freebsd-chromium@FreeBSD.ORG>
Delivered-To: freebsd-chromium@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B4D2ACC6;
 Wed,  4 Mar 2015 21:54:20 +0000 (UTC)
Received: from imap1-2.ox.privateemail.com (imap1-2.ox.privateemail.com
 [192.64.116.200])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "privateemail.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7546C86D;
 Wed,  4 Mar 2015 21:54:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail.privateemail.com (Postfix) with ESMTP id 17169B0008F;
 Wed,  4 Mar 2015 16:54:12 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at imap1.ox.privateemail.com
Received: from mail.privateemail.com ([127.0.0.1])
 by localhost (imap1.ox.privateemail.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 6LctnmYJwcUK; Wed,  4 Mar 2015 16:54:11 -0500 (EST)
Received: from localhost (unknown [77.229.99.246])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.privateemail.com (Postfix) with ESMTPSA id 2EBA1B00068;
 Wed,  4 Mar 2015 16:54:10 -0500 (EST)
Date: Wed, 4 Mar 2015 22:50:48 +0100
From: Carlos Jacobo Puga Medina <cpm@fbsd.es>
To: freebsd-chromium@freebsd.org
Subject: Document new vulnerabilities in www/chromium < 41.0.2272.76
Message-Id: <20150304225048.e041eda2d40562f31323156a@fbsd.es>
X-Mailer: Sylpheed 3.4.2 (GTK+ 2.24.25; i386-portbld-freebsd11.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-chromium@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: FreeBSD-specific Chromium issues <freebsd-chromium.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chromium/>
List-Post: <mailto:freebsd-chromium@freebsd.org>
List-Help: <mailto:freebsd-chromium-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2015 21:54:20 -0000

Current chromium port is marked as vulnerable on Google Chrome website [1]

--- vuln.xml.old	2015-03-04 22:14:52.603195000 +0100
+++ vuln.xml	2015-03-04 22:44:47.160901000 +0100
@@ -57,6 +57,93 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="8505e013-c2b3-11e4-875d-000c6e25e3e9">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>41.0.2272.76</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="http://googlechromereleases.blogspot.nl">
+	  <p>51 security fixes in this release, including:</p>
+		<ul>
+		  <li>[456516] High CVE-2015-1212: Out-of-bounds write in media.
+		Credit to anonymous.</li>
+		  <li>[448423] High CVE-2015-1213: Out-of-bounds write in skia filters.
+		Credit to cloudfuzzer.</li>
+		  <li>[445810] High CVE-2015-1214: Out-of-bounds write in skia filters.
+		Credit to cloudfuzzer.</li>
+		  <li>[445809] High CVE-2015-1215: Out-of-bounds write in skia filters.
+		Credit to cloudfuzzer.</li>
+		  <li>[454954] High CVE-2015-1216: Use-after-free in v8 bindings.
+		Credit to anonymous.</li>
+		  <li>[456192] High CVE-2015-1217: Type confusion in v8 bindings.
+		Credit to anonymous.</li>
+		  <li>[456059] High CVE-2015-1218: Use-after-free in dom.
+		Credit to cloudfuzzer.</li>
+		  <li>[446164] High CVE-2015-1219: Integer overflow in webgl.
+		Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.</li>
+		  <li>[437651] High CVE-2015-1220: Use-after-free in gif decoder.
+		Credit to Aki Helin of OUSPG.</li>
+		  <li>[455368] High CVE-2015-1221: Use-after-free in web databases.
+		Credit to Collin Payne.</li>
+		  <li>[448082] High CVE-2015-1222: Use-after-free in service workers.
+		Credit to Collin Payne.</li>
+		  <li>[454231] High CVE-2015-1223: Use-after-free in dom.
+		Credit to Maksymillian Motyl.</li>
+		  <li>High CVE-2015-1230: Type confusion in v8.
+		Credit to Skylined working with HP's Zero Day Initiative.</li>
+		  <li>[449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder.
+		Credit to Aki Helin of OUSPG.</li>
+		  <li>[446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium.
+		Credit to cloudfuzzer.</li>
+		  <li>[456841] Medium CVE-2015-1226: Validation issue in debugger.
+		Credit to Rob Wu.</li>
+		  <li>[450389] Medium CVE-2015-1227: Uninitialized value in blink.
+		Credit to Christoph Diehl.</li>
+		  <li>[444707] Medium CVE-2015-1228: Uninitialized value in rendering.
+		Credit to miaubiz.</li>
+		  <li>[431504] Medium CVE-2015-1229: Cookie injection via proxies.
+		Credit to iliwoy.</li>
+		  <li>[463349] CVE-2015-1231: Various fixes from internal audits, fuzzing
+		and other initiatives.</li>
+		</ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+	<cvename>CVE-2015-1212</cvename>
+	<cvename>CVE-2015-1213</cvename>
+	<cvename>CVE-2015-1214</cvename>
+	<cvename>CVE-2015-1215</cvename>
+	<cvename>CVE-2015-1216</cvename>
+	<cvename>CVE-2015-1217</cvename>
+	<cvename>CVE-2015-1218</cvename>
+	<cvename>CVE-2015-1219</cvename>
+	<cvename>CVE-2015-1220</cvename>
+	<cvename>CVE-2015-1221</cvename>
+	<cvename>CVE-2015-1222</cvename>
+	<cvename>CVE-2015-1223</cvename>
+	<cvename>CVE-2015-1224</cvename>
+	<cvename>CVE-2015-1225</cvename>
+	<cvename>CVE-2015-1226</cvename>
+	<cvename>CVE-2015-1227</cvename>
+	<cvename>CVE-2015-1228</cvename>
+	<cvename>CVE-2015-1229</cvename>
+	<cvename>CVE-2015-1230</cvename>
+	<cvename>CVE-2015-1231</cvename>
+      <url>http://googlechromereleases.blogspot.nl</url>
+    </references>
+    <dates>
+      <discovery>2015-03-03</discovery>
+      <entry>2015-03-04</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7480b6ac-adf1-443e-a33c-3a3c0becba1e">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>

[1] http://googlechromereleases.blogspot.nl
-- 
Carlos Jacobo Puga Medina <cpm@fbsd.es>

From owner-freebsd-chromium@FreeBSD.ORG  Sat Mar  7 02:05:06 2015
Return-Path: <owner-freebsd-chromium@FreeBSD.ORG>
Delivered-To: freebsd-chromium@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 278F1636
 for <freebsd-chromium@freebsd.org>; Sat,  7 Mar 2015 02:05:06 +0000 (UTC)
Received: from ns354937.ovh.net (sphereinfo.fr [91.121.115.180])
 by mx1.freebsd.org (Postfix) with ESMTP id CC7DF697
 for <freebsd-chromium@freebsd.org>; Sat,  7 Mar 2015 02:05:04 +0000 (UTC)
Received: from newsletter.love4aviation.aero (newsletter.love4aviation.aero
 [176.31.32.3])
 by ns354937.ovh.net (Postfix) with ESMTPA id 3F5ED10261C
 for <freebsd-chromium@freebsd.org>; Sat,  7 Mar 2015 02:55:47 +0100 (CET)
Date: Sat, 7 Mar 2015 02:55:47 +0100
To: freebsd-chromium@freebsd.org
From: "newsletter@love4aviation.aero" <newsletter@love4aviation.aero>
Reply-To: "newsletter@love4aviation.aero" <newsletter@love4aviation.aero>
Subject: EchoFive by Love4aviation.
Message-ID: <930d2f928b83395b9c50e25b9edb39ef@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer 5.2.5 (https://github.com/Synchro/PHPMailer/)
X-phpList-version: 3.0.6
X-MessageID: 16
X-ListMember: freebsd-chromium@freebsd.org
Precedence: bulk
Bounces-To: newsletter@love4aviation.aero
List-Owner: <mailto:contact@love4aviation.aero>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-chromium@freebsd.org
X-Mailman-Version: 2.1.18-1
List-Id: FreeBSD-specific Chromium issues <freebsd-chromium.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chromium/>
List-Post: <mailto:freebsd-chromium@freebsd.org>
List-Help: <mailto:freebsd-chromium-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2015 02:05:06 -0000

<http://newsletter.love4aviation.aero//lt.php?id=3DYB4BUU5SAU4AAAlVUw>

EchoFive by Love4aviation

EchoFive, our new video. Gigabits of recordings provided by pilots
from all over the world were necessary for the making of this video.
We hope you enjoy it and become contributors by sending us your raw
video files.

EchoFive, notre nouvelle vid=C3=A9o. Des gigabits d'enregistrements
envoy=C3=A9s par des pilotes du monde entier ont =C3=A9t=C3=A9 n=C3=A9cessa=
ires pour
la cr=C3=A9ation de cette vid=C3=A9o. Nous esp=C3=A9rons que vous l'appr=C3=
=A9cierez
et que vous deviendrez contributeurs en nous envoyant vos
enregistrements vid=C3=A9o natifs.

**Watch it now on:**

<http://newsletter.love4aviation.aero//lt.php?id=3DYB4AUk5SAU4AAAlVUw>
<http://newsletter.love4aviation.aero//lt.php?id=3DYB4AUU5SAU4AAAlVUw>
<http://newsletter.love4aviation.aero//lt.php?id=3DYB4AUE5SAU4AAAlVUw>

**Stay with us:**

<http://newsletter.love4aviation.aero//lt.php?id=3DYB4BUE5SAU4AAAlVUw>
<http://newsletter.love4aviation.aero//lt.php?id=3DYB4BV05SAU4AAAlVUw>
<http://newsletter.love4aviation.aero//lt.php?id=3DYB4BWk5SAU4AAAlVUw>

=20
=20
 This message was sent to freebsd-chromium@freebsd.org by=0Anewsletter@love=
4aviation.aero

 To change your email address or select HTML or text, visit your
personal preferences page=0A<http://newsletter.love4aviation.aero//lt.php?i=
d=3DYB4BVk5SAU4AAAlVUw>

 Or you can opt-out completely=0A<http://newsletter.love4aviation.aero//lt.=
php?id=3DYB4BVU5SAU4AAAlVUw>
from all future mailings.

 [USERTRACK]
=20