From owner-svn-ports-head@FreeBSD.ORG Tue Jun 4 22:30:29 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5EFF1D36; Tue, 4 Jun 2013 22:30:29 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 41DD91FA9; Tue, 4 Jun 2013 22:30:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r54MUTOU003837; Tue, 4 Jun 2013 22:30:29 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r54MUSXS003835; Tue, 4 Jun 2013 22:30:28 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201306042230.r54MUSXS003835@svn.freebsd.org> From: Rene Ladan Date: Tue, 4 Jun 2013 22:30:28 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319933 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jun 2013 22:30:29 -0000 Author: rene Date: Tue Jun 4 22:30:28 2013 New Revision: 319933 URL: http://svnweb.freebsd.org/changeset/ports/319933 Log: Document vulnerabilities in www/chromium < 27.0.1453.110 Obtained from: http://googlechromereleases.blogspot.nl/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jun 4 22:27:58 2013 (r319932) +++ head/security/vuxml/vuln.xml Tue Jun 4 22:30:28 2013 (r319933) @@ -51,6 +51,65 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 27.0.1453.110 + + + + +

Google Chrome Releases reports:

+
[242322] Medium CVE-2013-2855: Memory corruption in dev tools API. + Credit to "daniel.zulla".
+
[242224] High CVE-2013-2856: Use-after-free in input handling. + Credit to miaubiz.
+
[240124] High CVE-2013-2857: Use-after-free in image handling. + Credit to miaubiz.
+
[239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit + to "cdel921".
+
[237022] High CVE-2013-2859: Cross-origin namespace pollution. + to "bobbyholley".
+
[225546] High CVE-2013-2860: Use-after-free with workers accessing + database APIs. Credit to Collin Payne.
+
[209604] High CVE-2013-2861: Use-after-free with SVG. Credit to + miaubiz.
+
[161077] High CVE-2013-2862: Memory corruption in Skia GPU + handling. Credit to Atte Kettunen of OUSPG.
+
[232633] Critical CVE-2013-2863: Memory corruption in SSL socket + handling. Credit to Sebastian Marchand of the Chromium development + community.
+
[239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to + Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from + Google Security Team.
+
[246389] High CVE-2013-2865: Various fixes from internal audits, + fuzzing and other initiatives.
+

+ + + + CVE-2013-2855 + CVE-2013-2856 + CVE-2013-2857 + CVE-2013-2858 + CVE-2013-2859 + CVE-2013-2860 + CVE-2013-2861 + CVE-2013-2862 + CVE-2013-2863 + CVE-2013-2864 + CVE-2013-2865 + http://googlechromereleases.blogspot.nl/ + + + 2013-06-04 + 2013-06-04 + + + xorg -- protocol handling issues in X Window System client libraries