From owner-dev-commits-ports-all@freebsd.org Tue May 11 18:12:09 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9159F640B40; Tue, 11 May 2021 18:12:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FfmGd3m6Sz4fDC; Tue, 11 May 2021 18:12:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 744881CA3E; Tue, 11 May 2021 18:12:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14BIC9Sj003721; Tue, 11 May 2021 18:12:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14BIC9lA003713; Tue, 11 May 2021 18:12:09 GMT (envelope-from git) Date: Tue, 11 May 2021 18:12:09 GMT Message-Id: <202105111812.14BIC9lA003713@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Rene Ladan Subject: git: 8a46088e42ea - main - Document vulnerabilities in Chromium < 90.0.4430.212 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rene X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8a46088e42ea23088057e5597de37a7db3f87496 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2021 18:12:09 -0000 The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=8a46088e42ea23088057e5597de37a7db3f87496 commit 8a46088e42ea23088057e5597de37a7db3f87496 Author: Rene Ladan AuthorDate: 2021-05-11 18:10:28 +0000 Commit: Rene Ladan CommitDate: 2021-05-11 18:11:58 +0000 Document vulnerabilities in Chromium < 90.0.4430.212 Obtained from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html --- security/vuxml/vuln.xml | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 601adf34b349..ed42fff4982c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,84 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + chromium -- multiple vulnerabilities + + + chromium + 90.0.4430.212 + + + + +

Chrome Releases reports:

+
This release contains 19 security fixes, including:
+
+
[1180126] High CVE-2021-30506: Incorrect security UI in Web App + Installs. Reported by @retsew0x01 on 2021-02-19
+
[1178202] High CVE-2021-30507: Inappropriate implementation in + Offline. Reported by Alison Huffman, Microsoft Browser + Vulnerability Research on 2021-02-14
+
[1195340] High CVE-2021-30508: Heap buffer overflow in Media + Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on + 2021-04-02
+
[1196309] High CVE-2021-30509: Out of bounds write in Tab Strip. + Reported by David Erceg on 2021-04-06
+
[1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng + Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group + on 2021-04-09
+
[1197875] High CVE-2021-30511: Out of bounds read in Tab Groups. + Reported by David Erceg on 2021-04-10
+
[1200019] High CVE-2021-30512: Use after free in Notifications. + Reported by ZhanJia Song on 2021-04-17
+
[1200490] High CVE-2021-30513: Type Confusion in V8. Reported by + Man Yue Mo of GitHub Security Lab on 2021-04-19
+
[1200766] High CVE-2021-30514: Use after free in Autofill. + Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of + 360 Alpha Lab on 2021-04-20
+
[1201073] High CVE-2021-30515: Use after free in File API. + Reported by Rong Jian and Guang Gong of 360 Alpha Lab on + 2021-04-21
+
[1201446] High CVE-2021-30516: Heap buffer overflow in History. + Reported by ZhanJia Song on 2021-04-22
+
[1203122] High CVE-2021-30517: Type Confusion in V8. Reported by + laural on 2021-04-27
+
[1203590] High CVE-2021-30518: Heap buffer overflow in Reader + Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability + Research on 2021-04-28
+
[1194058] Medium CVE-2021-30519: Use after free in Payments. + Reported by asnine on 2021-03-30
+
[1193362] Medium CVE-2021-30520: Use after free in Tab Strip. + Reported by Khalil Zhani on 2021-04-03
+
+

+ + + + CVE-2021-30506 + CVE-2021-30507 + CVE-2021-30508 + CVE-2021-30509 + CVE-2021-30510 + CVE-2021-30511 + CVE-2021-30512 + CVE-2021-30513 + CVE-2021-30514 + CVE-2021-30515 + CVE-2021-30516 + CVE-2021-30517 + CVE-2021-30518 + CVE-2021-30519 + CVE-2021-30520 + https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html + + + 2021-05-10 + 2021-05-11 + + + py-matrix-synapse -- malicious push rules may be used for a denial of service attack.