From owner-dev-commits-ports-all@freebsd.org Wed Jun 2 13:48:32 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DD5296441D3; Wed, 2 Jun 2021 13:48:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fw9NJ58kpz3NQh; Wed, 2 Jun 2021 13:48:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 91EF018020; Wed, 2 Jun 2021 13:48:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 152DmWF5025994; Wed, 2 Jun 2021 13:48:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 152DmWo5025993; Wed, 2 Jun 2021 13:48:32 GMT (envelope-from git) Date: Wed, 2 Jun 2021 13:48:32 GMT Message-Id: <202106021348.152DmWo5025993@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Ryan Steinmetz Subject: git: 72a5d3cd59a6 - main - security/vuxml: Fix overly large entry that violates 'make validate' MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 72a5d3cd59a6a858cb043cf67579dd1621676300 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jun 2021 13:48:33 -0000 The branch main has been updated by zi: URL: https://cgit.FreeBSD.org/ports/commit/?id=72a5d3cd59a6a858cb043cf67579dd1621676300 commit 72a5d3cd59a6a858cb043cf67579dd1621676300 Author: Ryan Steinmetz AuthorDate: 2021-06-02 13:47:14 +0000 Commit: Ryan Steinmetz CommitDate: 2021-06-02 13:48:26 +0000 security/vuxml: Fix overly large entry that violates 'make validate' --- security/vuxml/vuln.xml | 92 +------------------------------------------------ 1 file changed, 1 insertion(+), 91 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c3c369a55749..f59756dc1458 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -3598,97 +3598,7 @@ Notes:

This release includes 47 security fixes, including the below. Google is aware of reports that an exploit for CVE-2021-21166 exists - in the wild.

-
    -
  • [1171049] High CVE-2021-21159: Heap buffer overflow in - TabStrip. Reported by Khalil Zhani on 2021-01-27
  • -
  • [1170531] High CVE-2021-21160: Heap buffer overflow in - WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos on - 2021-01-25
  • -
  • [1173702] High CVE-2021-21161: Heap buffer overflow in - TabStrip. Reported by Khalil Zhani on 2021-02-02
  • -
  • [1172054] High CVE-2021-21162: Use after free in WebRTC. - Reported by Anonymous on 2021-01-29
  • -
  • [1111239] High CVE-2021-21163: Insufficient data validation in - Reader Mode. Reported by Alison Huffman, Microsoft Browser - Vulnerability Research on 2020-07-30
  • -
  • [1164846] High CVE-2021-21164: Insufficient data validation in - Chrome for iOS. Reported by Muneaki Nishimura (nishimunea) on - 2021-01-11
  • -
  • [1174582] High CVE-2021-21165: Object lifecycle issue in audio. - Reported by Alison Huffman, Microsoft Browser Vulnerability - Research on 2021-02-04
  • -
  • [1177465] High CVE-2021-21166: Object lifecycle issue in audio. - Reported by Alison Huffman, Microsoft Browser Vulnerability - Research on 2021-02-11
  • -
  • [1161144] Medium CVE-2021-21167: Use after free in bookmarks. - Reported by Leecraso and Guang Gong of 360 Alpha Lab on - 2020-12-22
  • -
  • [1152226] Medium CVE-2021-21168: Insufficient policy - enforcement in appcache. Reported by Luan Herrera (@lbherrera_) - on 2020-11-24
  • -
  • [1166138] Medium CVE-2021-21169: Out of bounds memory access in - V8. Reported by Bohan Liu (@P4nda20371774) and Moon Liang of - Tencent Security Xuanwu Lab on 2021-01-13
  • -
  • [1111646] Medium CVE-2021-21170: Incorrect security UI in - Loader. Reported by David Erceg on 2020-07-31
  • -
  • [1152894] Medium CVE-2021-21171: Incorrect security UI in - TabStrip and Navigation. Reported by Irvan Kurniawan (sourc7) on - 2020-11-25
  • -
  • [1150810] Medium CVE-2021-21172: Insufficient policy - enforcement in File System API. Reported by Maciej Pulikowski on - 2020-11-19
  • -
  • [1154250] Medium CVE-2021-21173: Side-channel information - leakage in Network Internals. Reported by Tom Van Goethem from - imec-DistriNet, KU Leuven on 2020-12-01
  • -
  • [1158010] Medium CVE-2021-21174: Inappropriate implementation - in Referrer. Reported by Ashish Gautam Kamble on 2020-12-11
  • -
  • [1146651] Medium CVE-2021-21175: Inappropriate implementation - in Site isolation. Reported by Jun Kokatsu, Microsoft Browser - Vulnerability Research on 2020-11-07
  • -
  • [1170584] Medium CVE-2021-21176: Inappropriate implementation - in full screen mode. Reported by Luan Herrera (@lbherrera_) on - 2021-01-26
  • -
  • [1173879] Medium CVE-2021-21177: Insufficient policy - enforcement in Autofill. Reported by Abdulrahman Alqabandi, - Microsoft Browser Vulnerability Research on 2021-02-03
  • -
  • [1174186] Medium CVE-2021-21178: Inappropriate implementation - in Compositing. Reported by Japong on 2021-02-03
  • -
  • [1174943] Medium CVE-2021-21179: Use after free in Network - Internals. Reported by Anonymous on 2021-02-05
  • -
  • [1175507] Medium CVE-2021-21180: Use after free in tab search. - Reported by Abdulrahman Alqabandi, Microsoft Browser - Vulnerability Research on 2021-02-07
  • -
  • [1177875] Medium CVE-2020-27844: Heap buffer overflow in - OpenJPEG. Reported by Sean Campbell at Tableau on 2021-02-12
  • -
  • [1182767] Medium CVE-2021-21181: Side-channel information - leakage in autofill. Reported by Xu Lin (University of Illinois - at Chicago), Panagiotis Ilia (University of Illinois at Chicago), - Jason Polakis (University of Illinois at Chicago) on - 2021-02-26
  • -
  • [1049265] Low CVE-2021-21182: Insufficient policy enforcement - in navigations. Reported by Luan Herrera (@lbherrera_) on - 2020-02-05
  • -
  • [1105875] Low CVE-2021-21183: Inappropriate implementation in - performance APIs. Reported by Takashi Yoneuchi (@y0n3uchy) on - 2020-07-15
  • -
  • [1131929] Low CVE-2021-21184: Inappropriate implementation in - performance APIs. Reported by James Hartig on 2020-09-24
  • -
  • [1100748] Low CVE-2021-21185: Insufficient policy enforcement - in extensions. Reported by David Erceg on 2020-06-30
  • -
  • [1153445] Low CVE-2021-21186: Insufficient policy enforcement - in QR scanning. Reported by dhirajkumarnifty on 2020-11-28
  • -
  • [1155516] Low CVE-2021-21187: Insufficient data validation in - URL formatting. Reported by Kirtikumar Anandrao Ramchandani on - 2020-12-04
  • -
  • [1161739] Low CVE-2021-21188: Use after free in Blink. Reported - by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-12-24
  • -
  • [1165392] Low CVE-2021-21189: Insufficient policy enforcement - in payments. Reported by Khalil Zhani on 2021-01-11
  • -
  • [1166091] Low CVE-2021-21190: Uninitialized Use in PDFium. - Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on - 2021-01-13
  • -
+ in the wild. Please see URL for details.