From owner-svn-ports-all@FreeBSD.ORG Fri Jan 11 00:32:49 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 7B4453F0; Fri, 11 Jan 2013 00:32:49 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 5D470335; Fri, 11 Jan 2013 00:32:49 +0000 (UTC) Received: from svn.freebsd.org (svn.FreeBSD.org [8.8.178.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0B0WnGm090693; Fri, 11 Jan 2013 00:32:49 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0B0WmPc090690; Fri, 11 Jan 2013 00:32:48 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201301110032.r0B0WmPc090690@svn.freebsd.org> From: Rene Ladan Date: Fri, 11 Jan 2013 00:32:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310212 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2013 00:32:49 -0000 Author: rene Date: Fri Jan 11 00:32:48 2013 New Revision: 310212 URL: http://svnweb.freebsd.org/changeset/ports/310212 Log: Document vulnerabilities in www/chromium < 24.0.1312.52 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 10 23:56:33 2013 (r310211) +++ head/security/vuxml/vuln.xml Fri Jan 11 00:32:48 2013 (r310212) @@ -51,6 +51,106 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 24.0.1312.52 + + + + +

Google Chrome Releases reports:

+
[162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit + to Atte Kettunen of OUSPG.
+
[165622] High CVE-2012-5146: Same origin policy bypass with + malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, + both of Facebook.
+
[165864] High CVE-2012-5147: Use-after-free in DOM handling. + Credit to José A. Vázquez.
+
[167122] Medium CVE-2012-5148: Missing filename sanitization in + hyphenation support. Credit to Google Chrome Security Team (Justin + Schuh).
+
[166795] High CVE-2012-5149: Integer overflow in audio IPC + handling. Credit to Google Chrome Security Team (Chris Evans).
+
[165601] High CVE-2012-5150: Use-after-free when seeking video. + Credit to Google Chrome Security Team (Inferno).
+
[165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. + Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, + both of Google Security Team.
+
[165430] Medium CVE-2012-5152: Out-of-bounds read when seeking + video. Credit to Google Chrome Security Team (Inferno).
+
[164565] High CVE-2012-5153: Out-of-bounds stack access in v8. + Credit to Andreas Rossberg of the Chromium development + community.
+
[Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for + worker processes. Credit to Google Chrome Security Team (Julien + Tinnes).
+
[162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit + to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both + of Google Security Team.
+
[162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF + image handling. Credit to Mateusz Jurczyk, with contribution from + Gynvael Coldwind, both of Google Security Team.
+
[162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit + to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both + of Google Security Team.
+
[162114] High CVE-2013-0829: Corruption of database metadata + leading to incorrect file access. Credit to Google Chrome Security + Team (Jüri Aedla).
+
[161836] Low CVE-2013-0831: Possible path traversal from extension + process. Credit to Google Chrome Security Team (Tom Sepez).
+
[160380] Medium CVE-2013-0832: Use-after-free with printing. + Credit to Google Chrome Security Team (Cris Neckar).
+
[154485] Medium CVE-2013-0833: Out-of-bounds read with printing. + Credit to Google Chrome Security Team (Cris Neckar).
+
[154283] Medium CVE-2013-0834: Out-of-bounds read with glyph + handling. Credit to Google Chrome Security Team (Cris Neckar).
+
[152921] Low CVE-2013-0835: Browser crash with geolocation. Credit + to Arthur Gerkis.
+
[150545] High CVE-2013-0836: Crash in v8 garbage collection. + Credit to Google Chrome Security Team (Cris Neckar).
+
[145363] Medium CVE-2013-0837: Crash in extension tab handling. + Credit to Tom Nielsen.
+
[Linux only] [143859] Low CVE-2013-0838: Tighten permissions on + shared memory segments. Credit to Google Chrome Security Team + (Chris Palmer).
+

+ + + + CVE-2012-5145 + CVE-2012-5146 + CVE-2012-5147 + CVE-2012-5148 + CVE-2012-5149 + CVE-2012-5150 + CVE-2012-5151 + CVE-2012-5152 + CVE-2012-5153 + CVE-2012-5155 + CVE-2012-5156 + CVE-2012-5157 + CVE-2013-0828 + CVE-2013-0829 + CVE-2013-0831 + CVE-2013-0832 + CVE-2013-0833 + CVE-2013-0834 + CVE-2013-0835 + CVE-2013-0836 + CVE-2013-0837 + CVE-2013-0838 + http://googlechromereleases.blogspot.nl/search/label/Stable%20updates + + + 2013-01-10 + 2013-01-11 + + + mozilla -- multiple vulnerabilities