From owner-svn-ports-head@FreeBSD.ORG Fri Aug 10 14:38:47 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E74EB106564A; Fri, 10 Aug 2012 14:38:47 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C81608FC19; Fri, 10 Aug 2012 14:38:47 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7AEcleq044256; Fri, 10 Aug 2012 14:38:47 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7AEclPw044254; Fri, 10 Aug 2012 14:38:47 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201208101438.q7AEclPw044254@svn.freebsd.org> From: Rene Ladan Date: Fri, 10 Aug 2012 14:38:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r302390 - head/security/vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2012 14:38:48 -0000 Author: rene Date: Fri Aug 10 14:38:47 2012 New Revision: 302390 URL: http://svn.freebsd.org/changeset/ports/302390 Log: - Document vulnerabilities in www/chromium 20.0.1132.57 and 21.0.1180.60. - Keep the latest chromium vulnerabilies on top. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 10 14:20:23 2012 (r302389) +++ head/security/vuxml/vuln.xml Fri Aug 10 14:38:47 2012 (r302390) @@ -84,6 +84,116 @@ Note: Please add new entries to the beg + + chromium -- multiple vulnerabilities + + + chromium + 21.0.1180.60 + + + + +

Google Chrome Releases reports:

+
+

[Linux only] [125225] Medium CVE-2012-2846: Cross-process + interference in renderers. Credit to Google Chrome Security Team + (Julien Tinnes).

+

[127522] Low CVE-2012-2847: Missing re-prompt to user upon + excessive downloads. Credit to Matt Austin of Aspect Security.

+

[127525] Medium CVE-2012-2848: Overly broad file access granted + after drag+drop. Credit to Matt Austin of Aspect Security.

+

[128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit + to Atte Kettunen of OUSPG.

+

[130251] [130592] [130611] [131068] [131237] [131252] [131621] + [131690] [132860] Medium CVE-2012-2850: Various lower severity + issues in the PDF viewer. Credit to Mateusz Jurczyk of Google + Security Team, with contributions by Gynvael Coldwind of Google + Security Team.

+

[132585] [132694] [132861] High CVE-2012-2851: Integer overflows in + PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with + contributions by Gynvael Coldwind of Google Security Team.

+

[134028] High CVE-2012-2852: Use-after-free with bad object linkage + in PDF. Credit to Alexey Samsonov of Google.

+

[134101] Medium CVE-2012-2853: webRequest can interfere with the + Chrome Web Store. Credit to Trev of Adblock.

+

[134519] Low CVE-2012-2854: Leak of pointer values to WebUI + renderers. Credit to Nasko Oskov of the Chromium development + community.

+

[134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit + to Mateusz Jurczyk of Google Security Team, with contributions by + Gynvael Coldwind of Google Security Team.

+

[134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF + viewer. Credit to Mateusz Jurczyk of Google Security Team, with + contributions by Gynvael Coldwind of Google Security Team.

+

[136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to + Arthur Gerkis.

+

[136894] High CVE-2012-2858: Buffer overflow in WebP decoder. + Credit to Juri Aedla.

+

[Linux only] [137541] Critical CVE-2012-2859: Crash in tab + handling. Credit to Jeff Roberts of Google Security Team.

+

[137671] Medium CVE-2012-2860: Out-of-bounds access when clicking + in date picker. Credit to Chamal de Silva.

+
+ +
+ + CVE-2012-2846 + CVE-2012-2847 + CVE-2012-2848 + CVE-2012-2849 + CVE-2012-2850 + CVE-2012-2851 + CVE-2012-2852 + CVE-2012-2853 + CVE-2012-2854 + CVE-2012-2855 + CVE-2012-2856 + CVE-2012-2857 + CVE-2012-2858 + CVE-2012-2859 + CVE-2012-2860 + http://googlechromereleases.blogspot.com/search/label/Stable%20updates + + + 2012-07-31 + 2012-08-10 + +
+ + + www/chromium -- multiple vulnerabilities + + + chromium + 20.0.1132.57 + + + + +

Google Chrome Releases reports:

+
+

[129898] High CVE-2012-2842: Use-after-free in counter handling. + Credit to miaubiz.

+

[130595] High CVE-2012-2843: Use-after-free in layout height + tracking. Credit to miaubiz.

+

[133450] High CVE-2012-2844: Bad object access with JavaScript in + PDF. Credit to Alexey Samsonov of Google.

+
+ +
+ + CVE-2012-2842 + CVE-2012-2843 + CVE-2012-2844 + http://googlechromereleases.blogspot.com/search/label/Stable%20updates + + + 2012-07-11 + 2012-08-10 + +
+ rubygem-rails -- multiple vulnerabilities