From owner-svn-ports-all@freebsd.org Wed Sep 2 18:06:52 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B69759C9B18; Wed, 2 Sep 2015 18:06:52 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A7A1510B; Wed, 2 Sep 2015 18:06:52 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t82I6q2J052336; Wed, 2 Sep 2015 18:06:52 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t82I6qc0052334; Wed, 2 Sep 2015 18:06:52 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201509021806.t82I6qc0052334@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Wed, 2 Sep 2015 18:06:52 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r395903 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 18:06:52 -0000 Author: rene Date: Wed Sep 2 18:06:51 2015 New Revision: 395903 URL: https://svnweb.freebsd.org/changeset/ports/395903 Log: Document new vulnerabilities in www/chromium < 45.0.2454.85 Submitted by: Carlos Jacobo Puga Medina Obtained from: http://googlechromereleases.blogspot.nl/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 2 17:36:12 2015 (r395902) +++ head/security/vuxml/vuln.xml Wed Sep 2 18:06:51 2015 (r395903) @@ -58,6 +58,76 @@ Notes: --> + + chromium -- multiple vulnerabilities + + + chromium + 45.0.2454.85 + + + + chromium-npapi + 45.0.2454.85 + + + + chromium-pulse + 45.0.2454.85 + + + + +

Google Chrome Releases reports:

+
29 security fixes in this release, including:
+
+
[516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit + to anonymous.
+
[522791] High CVE-2015-1292: Cross-origin bypass in + ServiceWorker. Credit to Mariusz Mlynski.
+
[524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit + to Mariusz Mlynski.
+
[492263] High CVE-2015-1294: Use-after-free in Skia. Credit + to cloudfuzzer.
+
[502562] High CVE-2015-1295: Use-after-free in Printing. Credit + to anonymous.
+
[421332] High CVE-2015-1296: Character spoofing in omnibox. + Credit to zcorpan.
+
[510802] Medium CVE-2015-1297: Permission scoping error in + Webrequest. Credit to Alexander Kashev.
+
[518827] Medium CVE-2015-1298: URL validation error in + extensions. Credit to Rob Wu.
+
[416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit + to taro.suzuki.dev.
+
[511616] Medium CVE-2015-1300: Information leak in Blink. Credit + to cgvwzq.
+
[526825] CVE-2015-1301: Various fixes from internal audits, + fuzzing and other initiatives.
+
+

+ + + + CVE-2015-1291 + CVE-2015-1292 + CVE-2015-1293 + CVE-2015-1294 + CVE-2015-1295 + CVE-2015-1296 + CVE-2015-1297 + CVE-2015-1298 + CVE-2015-1299 + CVE-2015-1300 + CVE-2015-1301 + http://googlechromereleases.blogspot.nl + + + 2015-09-01 + 2015-09-02 + + + powerdns -- denial of service