From owner-svn-ports-head@FreeBSD.ORG Tue Nov 12 19:08:38 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E2DAE4FA; Tue, 12 Nov 2013 19:08:37 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D1CC72D9B; Tue, 12 Nov 2013 19:08:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rACJ8bkq066354; Tue, 12 Nov 2013 19:08:37 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id rACJ8bnE066353; Tue, 12 Nov 2013 19:08:37 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201311121908.rACJ8bnE066353@svn.freebsd.org> From: Rene Ladan Date: Tue, 12 Nov 2013 19:08:37 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r333601 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2013 19:08:38 -0000 Author: rene Date: Tue Nov 12 19:08:37 2013 New Revision: 333601 URL: http://svnweb.freebsd.org/changeset/ports/333601 Log: Document new vulnerabilities in www/chromium < 31.0.1650.48 Obtained from: http://googlechromereleases.blogspot.nl/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Nov 12 19:01:34 2013 (r333600) +++ head/security/vuxml/vuln.xml Tue Nov 12 19:08:37 2013 (r333601) @@ -51,6 +51,69 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 31.0.1650.48 + + + + +

Google Chrome Releases reports:

+
25 security fixes in this release, including:
+
+
[268565] Medium CVE-2013-6621: Use after free related to speech input elements. + Credit to Khalil Zhani.
+
[272786] High CVE-2013-6622: Use after free related to media elements. Credit + to cloudfuzzer.
+
[282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
+
[290566] High CVE-2013-6624: Use after free related to “id” attribute strings. + Credit to Jon Butler.
+
[295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to + cloudfuzzer.
+
[295695] Low CVE-2013-6626: Address bar spoofing related to interstitial + warnings. Credit to Chamal de Silva.
+
[299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to + skylined.
+
[306959] Medium CVE-2013-6628: Issue with certificates not being checked + during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan + Bhargavan from Prosecco of INRIA Paris.
+
[315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, + fuzzing and other initiatives.
+
[258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and + libjpeg-turbo. Credit to Michal Zalewski of Google.
+
[299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. + Credit to Michal Zalewski of Google.
+
[296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik + Höglund of the Chromium project.
+
+

+ + + + CVE-2013-2931 + CVE-2013-6621 + CVE-2013-6622 + CVE-2013-6623 + CVE-2013-6624 + CVE-2013-6625 + CVE-2013-6626 + CVE-2013-6627 + CVE-2013-6628 + CVE-2013-6629 + CVE-2013-6630 + CVE-2013-6631 + http://googlechromereleases.blogspot.nl/ + + + 2013-11-12 + 2013-11-12 + + + OpenSSH -- Memory corruption in sshd