From owner-svn-ports-all@FreeBSD.ORG Wed Jul 10 14:35:59 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 3B75CB51; Wed, 10 Jul 2013 14:35:59 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 2E23A11C3; Wed, 10 Jul 2013 14:35:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6AEZxpj067231; Wed, 10 Jul 2013 14:35:59 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6AEZwNu067230; Wed, 10 Jul 2013 14:35:58 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201307101435.r6AEZwNu067230@svn.freebsd.org> From: Rene Ladan Date: Wed, 10 Jul 2013 14:35:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r322699 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2013 14:35:59 -0000 Author: rene Date: Wed Jul 10 14:35:58 2013 New Revision: 322699 URL: http://svnweb.freebsd.org/changeset/ports/322699 Log: Add new vulnerabilities for www/chromium < 28.0.1500.71 Obtained from: http://googlechromereleases.blogspot.nl/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 10 14:01:42 2013 (r322698) +++ head/security/vuxml/vuln.xml Wed Jul 10 14:35:58 2013 (r322699) @@ -51,6 +51,75 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 28.0.1500.71 + + + + +

Google Chrome Releases reports:

+
A special reward for Andrey Labunets for his combination of + CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) + server-side bugs.
+
[252216] Low CVE-2013-2867: Block pop-unders in various + scenarios.
+
[252062] High CVE-2013-2879: Confusion setting up sign-in and sync. + Credit to Andrey Labunets.
+
[252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension + component. Credit to Andrey Labunets.
+
[245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 + handling. Credit to Felix Groebert of Google Security Team.
+
[244746] [242762] Critical CVE-2013-2870: Use-after-free with + network sockets. Credit to Collin Payne.
+
[244260] Medium CVE-2013-2853: Man-in-the-middle attack against + HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan + Bhargavan from Prosecco at INRIA Paris.
+
[243991] [243818] High CVE-2013-2871: Use-after-free in input + handling. Credit to miaubiz.
+
[Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in + renderers. Credit to Eric Rescorla.
+
[241139] High CVE-2013-2873: Use-after-free in resource loading. + Credit to miaubiz.
+
[233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit + to miaubiz.
+
[229504] Medium CVE-2013-2876: Extensions permissions confusion + with interstitials. Credit to Dev Akhawe.
+
[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. + Credit to Aki Helin of OUSPG.
+
[196636] None: Remove the "viewsource" attribute on iframes. + Credit to Collin Jackson.
+
[177197] Medium CVE-2013-2878: Out-of-bounds read in text + handling. Credit to Atte Kettunen of OUSPG.
+

+ + + + CVE-2013-2853 + CVE-2013-2867 + CVE-2013-2868 + CVE-2013-2869 + CVE-2013-2870 + CVE-2013-2871 + CVE-2013-2872 + CVE-2013-2873 + CVE-2013-2875 + CVE-2013-2876 + CVE-2013-2877 + CVE-2013-2878 + CVE-2013-2879 + http://googlechromereleases.blogspot.nl/ + + + 2013-07-09 + 2013-07-10 + + + apache22 -- mod_rewrite vulnerability