From owner-svn-ports-branches@FreeBSD.ORG Wed Aug 27 07:15:18 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76342AFE; Wed, 27 Aug 2014 07:15:18 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 613633CB8; Wed, 27 Aug 2014 07:15:18 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7R7FI5p099692; Wed, 27 Aug 2014 07:15:18 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s7R7FHAC099691; Wed, 27 Aug 2014 07:15:17 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201408270715.s7R7FHAC099691@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Wed, 27 Aug 2014 07:15:17 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r366294 - branches/2014Q3/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2014 07:15:18 -0000 Author: rene Date: Wed Aug 27 07:15:17 2014 New Revision: 366294 URL: http://svnweb.freebsd.org/changeset/ports/366294 QAT: https://qat.redports.org/buildarchive/r366294/ Log: MFH: r366223 Document new vulnerabilities in www/chromium < 37.0.2062.94 Obtained from: http://googlechromereleases.blogspot.nl Also merge entries for file, django, php, and phpMyAdmin Approved by: portmgr (erwin) Modified: branches/2014Q3/security/vuxml/vuln.xml Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q3/security/vuxml/vuln.xml Wed Aug 27 06:32:27 2014 (r366293) +++ branches/2014Q3/security/vuxml/vuln.xml Wed Aug 27 07:15:17 2014 (r366294) @@ -57,6 +57,255 @@ Notes: --> + + chromium -- multiple vulnerabilities + + + chromium + 37.0.2062.94 + + + + +

Google Chrome Releases reports:

+
+

50 security fixes in this release, including:

+
    +
  • [386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward + to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and + extensions that can lead to remote code execution outside of the + sandbox.
  • +
  • [369860] High CVE-2014-3168: Use-after-free in SVG. Credit to + cloudfuzzer.
  • +
  • [387389] High CVE-2014-3169: Use-after-free in DOM. Credit to + Andrzej Dyjak.
  • +
  • [390624] High CVE-2014-3170: Extension permission dialog spoofing. + Credit to Rob Wu.
  • +
  • [390928] High CVE-2014-3171: Use-after-free in bindings. Credit to + cloudfuzzer.
  • +
  • [367567] Medium CVE-2014-3172: Issue related to extension debugging. + Credit to Eli Grey.
  • +
  • [376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL. + Credit to jmuizelaar.
  • +
  • [389219] Medium CVE-2014-3174: Uninitialized memory read in Web + Audio. Credit to Atte Kettunen from OUSPG.
  • +
  • [406143] CVE-2014-3175: Various fixes from internal audits, fuzzing + and other initiatives (Chrome 37).
  • + +
+
+ +
+ + CVE-2014-3168 + CVE-2014-3169 + CVE-2014-3170 + CVE-2014-3171 + CVE-2014-3172 + CVE-2014-3173 + CVE-2014-3174 + CVE-2014-3175 + CVE-2014-3176 + CVE-2014-3177 + http://googlechromereleases.blogspot.nl/ + + + 2014-08-26 + 2014-08-26 + +
+ + + file -- buffer overruns and missing buffer size tests + + + file + 5.19 + + + + +

Christos Zoulas reports:

+
+

A specially crafted file can cause a segmentation fault.

+
+ +
+ + http://mx.gw.com/pipermail/file/2014/001553.html + + + 2014-06-09 + 2014-08-21 + +
+ + + django -- multiple vulnerabilities + + + py27-django + 1.61.6.6 + + + py27-django15 + 1.51.5.9 + + + py27-django14 + 1.41.4.14 + + + py32-django + 1.61.6.6 + + + py32-django15 + 1.51.5.9 + + + py33-django + 1.61.6.6 + + + py33-django15 + 1.51.5.9 + + + py34-django + 1.61.6.6 + + + py34-django15 + 1.51.5.9 + + + py27-django-devel + 20140821,1 + + + py32-django-devel + 20140821,1 + + + py33-django-devel + 20140821,1 + + + py34-django-devel + 20140821,1 + + + + +

The Django project reports:

+
+

These releases address an issue with reverse() generating external + URLs; a denial of service involving file uploads; a potential + session hijacking issue in the remote-user middleware; and a data + leak in the administrative interface. We encourage all users of + Django to upgrade as soon as possible.

+
+ +
+ + https://www.djangoproject.com/weblog/2014/aug/20/security/ + CVE-2014-0480 + CVE-2014-0481 + CVE-2014-0482 + CVE-2014-0483 + + + 2014-08-20 + 2014-08-21 + +
+ + + PHP multiple vulnerabilities + + + php53 + 5.3.29 + + + + +

The PHP Team reports:

+
+

insecure temporary file use in the configure script

+

unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion +

+

Heap buffer over-read in DateInterval

+

fileinfo: cdf_read_short_sector insufficient boundary check

+

fileinfo: CDF infinite loop in nelements DoS

+

fileinfo: fileinfo: numerous file_printf calls resulting in + performance degradation)

+

Fix potential segfault in dns_check_record()

+
+ +
+ + CVE-2013-6712 + CVE-2014-0207 + CVE-2014-0237 + CVE-2014-0238 + CVE-2014-3515 + CVE-2014-3981 + CVE-2014-4049 + http://php.net/ChangeLog-5.php#5.3.29 + https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html + + + 2014-08-14 + 2014-08-18 + +
+ + + phpMyAdmin -- XSS vulnerabilities + + + phpMyAdmin + 4.2.04.2.7.1 + + + + +

The phpMyAdmin development team reports:

+
+

Multiple XSS vulnerabilities in browse table, ENUM + editor, monitor, query charts and table relations pages.

+

With a crafted database, table or a primary/unique key + column name it is possible to trigger an XSS when dropping + a row from the table. With a crafted column name it is + possible to trigger an XSS in the ENUM editor dialog. With + a crafted variable name or a crafted value for unit field + it is possible to trigger a self-XSS when adding a new + chart in the monitor page. With a crafted value for x-axis + label it is possible to trigger a self-XSS in the query + chart page. With a crafted relation name it is possible to + trigger an XSS in table relations page.

+
+
+

XSS in view operations page.

+

With a crafted view name it is possible to trigger an + XSS when dropping the view in view operation page.

+
+ +
+ + http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + CVE-2014-5273 + CVE-2014-5274 + + + 2014-08-17 + 2014-08-17 + +
+ chromium -- multiple vulnerabilities