Date: Fri, 29 Sep 2017 15:17:04 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450898 - head/security/vuxml Message-ID: <201709291517.v8TFH4Hg005273@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Fri Sep 29 15:17:04 2017 New Revision: 450898 URL: https://svnweb.freebsd.org/changeset/ports/450898 Log: - Fix invalid date entries - Purge 6887828f-0229-11e0-b84d-00262d5ed8ee as it has been superceded by other entries and it is massive. (We have hit 5M on vuln.xml) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 29 15:16:41 2017 (r450897) +++ head/security/vuxml/vuln.xml Fri Sep 29 15:17:04 2017 (r450898) @@ -511,7 +511,7 @@ Notes: <cvename>CVE-2017-13725</cvename> </references> <dates> - <discovery>2017-7-22</discovery> + <discovery>2017-07-22</discovery> <entry>2017-09-26</entry> </dates> </vuln> @@ -711,7 +711,7 @@ Notes: <cvename>CVE-2017-7473</cvename> </references> <dates> - <discovery>2017-7-21</discovery> + <discovery>2017-07-21</discovery> <entry>2017-09-25</entry> </dates> </vuln> @@ -13275,7 +13275,7 @@ maliciously crafted GET request to the Horde server.</ <url>https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html</url>; </references> <dates> - <discovery>2016-11-9</discovery> + <discovery>2016-11-09</discovery> <entry>2016-11-10</entry> </dates> </vuln> @@ -85060,830 +85060,6 @@ executed in your Internet Explorer while displaying th </dates> </vuln> - <vuln vid="6887828f-0229-11e0-b84d-00262d5ed8ee"> - <topic>chromium -- multiple vulnerabilities</topic> - <affects> - <package> - <name>chromium</name> - <range><lt>15.0.874.121</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>Google Chrome Releases reports:</p> - <blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">; - <p>Fixed in 15.0.874.121:<br/> - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to - Christian Holler.</p> - - <p>Fixed in 15.0.874.120:<br/> - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit - to Aki Helin of OUSPG.<br/> - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV - and Vorbis media handlers. Credit to Aki Helin of OUSPG.<br/> - [101172] High CVE-2011-3894: Memory corruption regression in VP8 - decoding. Credit to Andrew Scherkus of the Chromium development - community.<br/> - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. - Credit to Aki Helin of OUSPG.<br/> - [101624] High CVE-2011-3896: Buffer overflow in shader variable - mapping. Credit to Ken "strcpy" Russell of the Chromium - development community.<br/> - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to - pa_kt reported through ZDI (ZDI-CAN-1416).<br/> - [102461] Low CVE-2011-3898: Failure to ask for permission to run - applets in JRE7. Credit to Google Chrome Security Team (Chris - Evans).</p> - - <p>Fixed in 15.0.874.102:<br/> - [86758] High CVE-2011-2845: URL bar spoof in history handling. - Credit to Jordi Chancel.<br/> - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. - Credit to Jordi Chancel.<br/> - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of - download filenames. Credit to Marc Novak.<br/> - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit - to Google Chrome Security Team (Tom Sepez) plus independent - discovery by Juho Nurminen.<br/> - [94487] Medium CVE-2011-3878: Race condition in worker process - initialization. Credit to miaubiz.<br/> - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. - Credit to Masato Kinugawa.<br/> - [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter. - Credit to Vladimir Vorontsov, ONsec company.<br/> - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: - Cross-origin policy violations. Credit to Sergey Glazunov.<br/> - [96292] High CVE-2011-3882: Use-after-free in media buffer handling. - Credit to Google Chrome Security Team (Inferno).<br/> - [96902] High CVE-2011-3883: Use-after-free in counter handling. - Credit to miaubiz.<br/> - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit - to Brian Ryner of the Chromium development community.<br/> - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: - Stale style bugs leading to use-after-free. Credit to - miaubiz.<br/> - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. - Credit to Christian Holler.<br/> - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. - Credit to Sergey Glazunov.<br/> - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. - Credit to miaubiz.<br/> - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to - miaubiz.<br/> - [99553] High CVE-2011-3890: Use-after-free in video source handling. - Credit to Ami Fischman of the Chromium development community.<br/> - [100332] High CVE-2011-3891: Exposure of internal v8 functions. - Credit to Steven Keuchel of the Chromium development community - plus independent discovery by Daniel Divricean.</p> - - <p>Fixed in 14.0.835.202:<br/> - [93788] High CVE-2011-2876: Use-after-free in text line box - handling. Credit to miaubiz.<br/> - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit - to miaubiz.<br/> - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the - window prototype. Credit to Sergey Glazunov.<br/> - [96150] High CVE-2011-2879: Lifetime and threading issues in audio - node handling. Credit to Google Chrome Security Team - (Inferno).<br/> - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 - bindings. Credit to Sergey Glazunov.<br/> - [97784] High CVE-2011-2881: Memory corruption with v8 hidden - objects. Credit to Sergey Glazunov.<br/> - [98089] Critical CVE-2011-3873: Memory corruption in shader - translator. Credit to Zhenyao Mo of the Chromium development - community.</p> - - <p>Fixed in 14.0.835.163:<br/> - [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.<br/> - [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in - to avoid click-free access to the system Flash. Credit to - electronixtar.<br/> - [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler - flags. Credit to wbrana.<br/> - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when - loading plug-ins. Credit to Michal Zalewski of the Google Security - Team.<br/> - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. - Credit to Kostya Serebryany of the Chromium development - community.<br/> - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with - unusual user interaction. Credit to kuzzcc.<br/> - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit - to Mario Gomes.<br/> - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. - Credit to Kostya Serebryany of the Chromium development - community.<br/> - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. - Credit to Mario Gomes.<br/> - [89219] High CVE-2011-2846: Use-after-free in unload event handling. - Credit to Arthur Gerkis.<br/> - [89330] High CVE-2011-2847: Use-after-free in document loader. - Credit to miaubiz.<br/> - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. - Credit to Jordi Chancel.<br/> - [89795] Low CVE-2011-2849: Browser NULL pointer crash with - WebSockets. Credit to Arthur Gerkis.<br/> - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. - Credit to miaubiz.<br/> - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer - characters. Credit to miaubiz.<br/> - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. - Credit to Google Chrome Security Team (Inferno).<br/> - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian - Holler.<br/> - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. - Credit to Google Chrome Security Team (SkyLined).<br/> - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table - style handing. Credit to Slawomir Blazek, and independent later - discoveries by miaubiz and Google Chrome Security Team - (Inferno).<br/> - [92959] High CVE-2011-2855: Stale node in stylesheet handling. - Credit to Arthur Gerkis.<br/> - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to - Daniel Divricean.<br/> - [93420] High CVE-2011-2857: Use-after-free in focus controller. - Credit to miaubiz.<br/> - [93472] High CVE-2011-2834: Double free in libxml XPath handling. - Credit to Yang Dingning from NCNIPC, Graduate University of - Chinese Academy of Sciences.<br/> - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to - non-gallery pages. Credit to Bernhard "Bruhns" Brehm of Recurity - Labs.<br/> - [93587] High CVE-2011-2860: Use-after-free in table style handling. - Credit to miaubiz.<br/> - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki - Helin of OUSPG.<br/> - [93906] High CVE-2011-2862: Unintended access to v8 built-in - objects. Credit to Sergey Glazunov.<br/> - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan - characters. Credit to Google Chrome Security Team (Inferno).<br/> - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle - arrays. Credit to Google Chrome Security Team (Inferno).<br/> - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a - session. Credit to Nishant Yadant of VMware and Craig Chamberlain - (@randomuserid).<br/> - High CVE-2011-2875: Type confusion in v8 object sealing. Credit to - Christian Holler.</p> - - <p>Fixed in 13.0.782.215:<br/> - [89402] High CVE-2011-2821: Double free in libxml XPath handling. - Credit to Yang Dingning from NCNIPC, Graduate University of - Chinese Academy of Sciences.<br/> - [82552] High CVE-2011-2823: Use-after-free in line box handling. - Credit to Google Chrome Security Team (SkyLined) and independent - later discovery by miaubiz.<br/> - [88216] High CVE-2011-2824: Use-after-free with counter nodes. - Credit to miaubiz.<br/> - [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit - to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus - indepdendent later discovery by miaubiz.<br/> - [87453] High CVE-2011-2826: Cross-origin violation with empty - origins. Credit to Sergey Glazunov.<br/> - [90668] High CVE-2011-2827: Use-after-free in text searching. Credit - to miaubiz.<br/> - [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to - Google Chrome Security Team (SkyLined).<br/> - [32-bit only] [91598] High CVE-2011-2829: Integer overflow in - uniform arrays. Credit to Sergey Glazunov.<br/> - [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. - Credit to Aki Helin of OUSPG.</p> - - <p>Fixed in 13.0.782.107:<br/> - [75821] Medium CVE-2011-2358: Always confirm an extension install - via a browser dialog. Credit to Sergey Glazunov.<br/> - [78841] High CVE-2011-2359: Stale pointer due to bad line box - tracking in rendering. Credit to miaubiz and Martin Barbella.<br/> - [79266] Low CVE-2011-2360: Potential bypass of dangerous file - prompt. Credit to kuzzcc.<br/> - [79426] Low CVE-2011-2361: Improve designation of strings in the - basic auth dialog. Credit to kuzzcc.<br/> - [Linux only] [81307] Medium CVE-2011-2782: File permissions error - with drag and drop. Credit to Evan Martin of the Chromium - development community.<br/> - [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI - extension install via a browser dialog. Credit to Sergey - Glazunov.<br/> - [83841] Low CVE-2011-2784: Local file path disclosure via GL - program log. Credit to kuzzcc.<br/> - [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. - Credit to kuzzcc.<br/> - [84600] Low CVE-2011-2786: Make sure the speech input bubble is - always on-screen. Credit to Olli Pettay of Mozilla.<br/> - [84805] Medium CVE-2011-2787: Browser crash due to GPU lock - re-entrancy issue. Credit to kuzzcc.<br/> - [85559] Low CVE-2011-2788: Buffer overflow in inspector - serialization. Credit to Mikolaj Malecki.<br/> - [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in - instantiation. Credit to Mario Gomes and kuzzcc.<br/> - [86502] High CVE-2011-2790: Use-after-free with floating styles. - Credit to miaubiz.<br/> - [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to - Yang Dingning from NCNIPC, Graduate University of Chinese Academy - of Sciences.<br/> - [87148] High CVE-2011-2792: Use-after-free with float removal. - Credit to miaubiz.<br/> - [87227] High CVE-2011-2793: Use-after-free in media selectors. - Credit to miaubiz.<br/> - [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. - Credit to miaubiz.<br/> - [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to - Shih Wei-Long.<br/> - [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google - Chrome Security Team (Inferno) and Kostya Serebryany of the - Chromium development community.<br/> - [87729] High CVE-2011-2797: Use-after-free in resource caching. - Credit to miaubiz.<br/> - [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from - being web accessible. Credit to sirdarckcat of the Google Security - Team.<br/> - [87925] High CVE-2011-2799: Use-after-free in HTML range handling. - Credit to miaubiz.<br/> - [88337] Medium CVE-2011-2800: Leak of client-side redirect target. - Credit to Juho Nurminen.<br/> - [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to - Christian Holler.<br/> - [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. - Credit to Google Chrome Security Team (Inferno).<br/> - [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit - to miaubiz.<br/> - [88889] High CVE-2011-2818: Use-after-free in display box rendering. - Credit to Martin Barbella.<br/> - [89142] High CVE-2011-2804: PDF crash with nested functions. Credit - to Aki Helin of OUSPG.<br/> - [89520] High CVE-2011-2805: Cross-origin script injection. Credit to - Sergey Glazunov.<br/> - [90222] High CVE-2011-2819: Cross-origin violation in base URI - handling. Credit to Sergey Glazunov.</p> - - <p>Fixed in 12.0.742.112:<br/> - [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string - handling. Credit to Philippe Arteau.<br/> - [84355] High CVE-2011-2346: Use-after-free in SVG font handling. - Credit to miaubiz.<br/> - [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit - to miaubiz.<br/> - [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the - HTML parser. Credit to miaubiz.<br/> - [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki - Helin of OUSPG.<br/> - [85211] High CVE-2011-2351: Use-after-free with SVG use element. - Credit to miaubiz.<br/> - [85418] High CVE-2011-2349: Use-after-free in text selection. Credit - to miaubiz.</p> - - <p>Fixed in 12.0.742.91:<br/> - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer - issues in float handling. Credit to miaubiz.<br/> - [75496] Medium CVE-2011-1809: Use-after-free in accessibility - support. Credit to Google Chrome Security Team (SkyLined).<br/> - [75643] Low CVE-2011-1810: Visit history information leak in CSS. - Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability - Research (MSVR).<br/> - [76034] Low CVE-2011-1811: Browser crash with lots of form - submissions. Credit to "DimitrisV22".<br/> - [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit - to kuzzcc.<br/> - [78516] High CVE-2011-1813: Stale pointer in extension framework. - Credit to Google Chrome Security Team (Inferno).<br/> - [79362] Medium CVE-2011-1814: Read from uninitialized pointer. - Credit to Eric Roman of the Chromium development community.<br/> - [79862] Low CVE-2011-1815: Extension script injection into new tab - page. Credit to kuzzcc.<br/> - [80358] Medium CVE-2011-1816: Use-after-free in developer tools. - Credit to kuzzcc.<br/> - [81916] Medium CVE-2011-1817: Browser memory corruption in history - deletion. Credit to Collin Payne.<br/> - [81949] High CVE-2011-1818: Use-after-free in image loader. Credit - to miaubiz.<br/> - [83010] Medium CVE-2011-1819: Extension injection into chrome:// - pages. Credit to Vladislavas Jarmalis, plus subsequent - independent discovery by Sergey Glazunov.<br/> - [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to - Sergey Glazunov.<br/> - [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to - Sergey Glazunov.</p> - - <p>Fixed in 11.0.696.71:<br/> - [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal - De Silva.<br/> - [82546] High CVE-2011-1804: Stale pointer in floats rendering. - Credit to Martin Barbella.<br/> - [82873] Critical CVE-2011-1806: Memory corruption in GPU command - buffer. Credit to Google Chrome Security Team (Cris Neckar).<br/> - [82903] Critical CVE-2011-1807: Out-of-bounds write in blob - handling. Credit to Google Chrome Security Team (Inferno) and - Kostya Serebryany of the Chromium development community.</p> - - <p>Fixed in 11.0.696.68:<br/> - [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. - Credit to Google Chrome Security Team (SkyLined).<br/> - [80608] High CVE-2011-1800: Integer overflows in SVG filters. - Credit to Google Chrome Security Team (Cris Neckar).</p> - - <p>Fixed in 11.0.696.57:<br/> - [61502] High CVE-2011-1303: Stale pointer in floating object - handling. Credit to Scott Hess of the Chromium development - community and Martin Barbella.<br/> - [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit - to Chamal De Silva.<br/> - [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race - in database handling. Credit to Kostya Serebryany of the - Chromium development community.<br/> - [71586] Medium CVE-2011-1434: Lack of thread safety in MIME - handling. Credit to Aki Helin.<br/> - [72523] Medium CVE-2011-1435: Bad extension with "tabs" permission - can capture local files. Credit to Cole Snodgrass.<br/> - [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due - to bad interaction with X. Credit to miaubiz.<br/> - [73526] High CVE-2011-1437: Integer overflows in float rendering. - Credit to miaubiz.<br/> - [74653] High CVE-2011-1438: Same origin policy violation with - blobs. Credit to kuzzcc.<br/> - [Linux only] [74763] High CVE-2011-1439: Prevent interference - between renderer processes. Credit to Julien Tinnes of the - Google Security Team.<br/> - [75186] High CVE-2011-1440: Use-after-free with <ruby> tag - and CSS. Credit to Jose A. Vazquez.<br/> - [75347] High CVE-2011-1441: Bad cast with floating select lists. - Credit to Michael Griffiths.<br/> - [75801] High CVE-2011-1442: Corrupt node trees with mutation events. - Credit to Sergey Glazunov and wushi of team 509.<br/> - [76001] High CVE-2011-1443: Stale pointers in layering code. Credit - to Martin Barbella.<br/> - [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox - launcher. Credit to Dan Rosenberg.<br/> - Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of - team509.<br/> - [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs - with navigation errors and interrupted loads. Credit to - kuzzcc.<br/> - [76966] High CVE-2011-1447: Stale pointer in drop-down list - handling. Credit to miaubiz.<br/> - [77130] High CVE-2011-1448: Stale pointer in height calculations. - Credit to wushi of team509.<br/> - [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to - Marek Majkowski.<br/> - Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to - kuzzcc.<br/> - [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit - to Sergey Glazunov.<br/> - [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual - reload. Credit to Jordi Chancel.<br/> - [79199] High CVE-2011-1454: Use-after-free in DOM id handling. - Credit to Sergey Glazunov.<br/> - [79361] Medium CVE-2011-1455: Out-of-bounds read with - multipart-encoded PDF. Credit to Eric Roman of the Chromium - development community.<br/> - [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to - Eric Roman of the Chromium development community.</p> - - <p>Fixed in 10.0.648.205:<br/> - [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. - Credit to Google Chrome Security Team (Inferno).<br/> - [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. - Credit to Christoph Diehl.</p> - - <p>Fixed in 10.0.648.204:<br/> - [72517] High CVE-2011-1291: Buffer error in base string handling. - Credit to Alex Turpin.<br/> - [73216] High CVE-2011-1292: Use-after-free in the frame loader. - Credit to Slawomir Blazek.<br/> - [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. - Credit to Sergey Glazunov.<br/> - [74562] High CVE-2011-1294: Stale pointer in CSS handling. - Credit to Sergey Glazunov.<br/> - [74991] High CVE-2011-1295: DOM tree corruption with broken node - parentage. Credit to Sergey Glazunov.<br/> - [75170] High CVE-2011-1296: Stale pointer in SVG text handling. - Credit to Sergey Glazunov.</p> - - <p>Fixed in 10.0.648.133:<br/> - [75712] High Memory corruption in style handling. - Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem - Pinckaers reported through ZDI.</p> - - <p>Fixed in 10.0.648.127:<br/> - [42765] Low Possible to navigate or close the top location in a - sandboxed frame. Credit to sirdarckcat of the Google Security - Team.<br/> - [Linux only] [49747] Low Work around an X server bug and crash with - long messages. Credit to Louis Lang.<br/> - [Linux only] [66962] Low Possible browser crash with parallel - print()s. Credit to Aki Helin of OUSPG.<br/> - [69187] Medium Cross-origin error message leak. Credit to Daniel - Divricean.<br/> - [69628] High Memory corruption with counter nodes. Credit to Martin - Barbella.<br/> - [70027] High Stale node in box layout. Credit to Martin - Barbella.<br/> - [70336] Medium Cross-origin error message leak with workers. Credit - to Daniel Divricean.<br/> - [70442] High Use after free with DOM URL handling. Credit to Sergey - Glazunov.<br/> - [Linux only] [70779] Medium Out of bounds read handling unicode - ranges. Credit to miaubiz.<br/> - [70877] High Same origin policy bypass in v8. Credit to Daniel - Divricean.<br/> - [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de - Silva.<br/> - [71763] High Use-after-free in document script lifetime handling. - Credit to miaubiz.<br/> - [71788] High Out-of-bounds write in the OGG container. Credit to - Google Chrome Security Team (SkyLined); plus subsequent - independent discovery by David Weston of Microsoft and MSVR.<br/> - [72028] High Stale pointer in table painting. Credit to Martin - Barbella.<br/> - [73026] High Use of corrupt out-of-bounds structure in video code. - Credit to Tavis Ormandy of the Google Security Team.<br/> - [73066] High Crash with the DataView object. Credit to Sergey - Glazunov.<br/> - [73134] High Bad cast in text rendering. Credit to miaubiz.<br/> - [73196] High Stale pointer in WebKit context code. Credit to Sergey - Glazunov.<br/> - [73716] Low Leak of heap address in XSLT. Credit to Google Chrome - Security Team (Chris Evans).<br/> - [73746] High Stale pointer with SVG cursors. Credit to Sergey - Glazunov.<br/> - [74030] High DOM tree corruption with attribute handling. Credit to - Sergey Glazunov.<br/> - [74662] High Corruption via re-entrancy of RegExp code. Credit to - Christian Holler.<br/> - [74675] High Invalid memory access in v8. Credit to Christian - Holler.</p> - - <p>Fixed in 9.0.597.107:<br/> - [54262] High URL bar spoof. Credit to Jordi Chancel.<br/> - [63732] High Crash with javascript dialogs. Credit to Sergey - Radchenko.<br/> - [68263] High Stylesheet node stale pointer. Credit to Sergey - Glazunov.<br/> - [68741] High Stale pointer with key frame rule. Credit to Sergey - Glazunov.<br/> - [70078] High Crash with forms controls. Credit to Stefan van - Zanden.<br/> - [70244] High Crash in SVG rendering. Credit to Slawomir Blazek.<br/> - [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle - deserialization. Credit to Evgeniy Stepanov of the Chromium - development community.<br/> - [71114] High Stale node in table handling. Credit to Martin - Barbella.<br/> - [71115] High Stale pointer in table rendering. Credit to Martin - Barbella.<br/> - [71296] High Stale pointer in SVG animations. Credit to - miaubiz.<br/> - [71386] High Stale nodes in XHTML. Credit to wushi of team509.<br/> - [71388] High Crash in textarea handling. Credit to wushi of - team509.<br/> - [71595] High Stale pointer in device orientation. Credit to Sergey - Glazunov.<br/> - [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.<br/> - [71855] High Integer overflow in textarea handling. Credit to - miaubiz.<br/> - [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome - Security Team (Inferno).<br/> - [72214] High Accidental exposure of internal extension functions. - Credit to Tavis Ormandy of the Google Security Team.<br/> - [72437] High Use-after-free with blocked plug-ins. Credit to Chamal - de Silva.<br/> - [73235] High Stale pointer in layout. Credit to Martin Barbella.</p> - - <p>Fixed in 9.0.597.94:<br/> - [67234] High Stale pointer in animation event handling. Credit to - Rik Cabanier.<br/> - [68120] High Use-after-free in SVG font faces. Credit to - miaubiz.<br/> - [69556] High Stale pointer with anonymous block handling. Credit to - Martin Barbella.<br/> - [69970] Medium Out-of-bounds read in plug-in handling. Credit to - Bill Budge of Google.<br/> - [70456] Medium Possible failure to terminate process on - out-of-memory condition. Credit to David Warren of CERT/CC.</p> - - <p>Fixed in 9.0.597.84:<br/> - [Mac only] [42989] Low Minor sandbox leak via stat(). Credit to - Daniel Cheng of the Chromium development community.<br/> - [55831] High Use-after-free in image loading. Credit to Aki - Helin of OUSPG.<br/> - [59081] Low Apply some restrictions to cross-origin drag + drop. - Credit to Google Chrome Security Team (SkyLined) and the Google - Security Team (Michal Zalewski, David Bloom).<br/> - [62791] Low Browser crash with extension with missing key. Credit - to Brian Kirchoff.<br/> - [64051] High Crashing when printing in PDF event handler. Credit to - Aki Helin of OUSPG.<br/> - [65669] Low Handle merging of autofill profiles more gracefully. - Credit to Google Chrome Security Team (Inferno).<br/> - [Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL - libraries. Credit to Dan Morrison.<br/> - [68244] Low Browser crash with bad volume setting. Credit to - Matthew Heidermann.<br/> - [69195] Critical Race condition in audio handling. Credit to the - gamers of Reddit!</p> - - <p>Fixed in 8.0.552.237:<br/> - [58053] Medium Browser crash in extensions notification handling. - Credit to Eric Roman of the Chromium development community.<br/> - [65764] High Bad pointer handling in node iteration. Credit to - Sergey Glazunov.<br/> - [66334] High Crashes when printing multi-page PDFs. Credit to - Google Chrome Security Team (Chris Evans).<br/> - [66560] High Stale pointer with CSS + canvas. Credit to Sergey - Glazunov.<br/> - [66748] High Stale pointer with CSS + cursors. Credit to Jan - Tosovsk.<br/> - [67100] High Use after free in PDF page handling. Credit to Google - Chrome Security Team (Chris Evans).<br/> - [67208] High Stack corruption after PDF out-of-memory condition. - Credit to Jared Allar of CERT.<br/> - [67303] High Bad memory access with mismatched video frame sizes. - Credit to Aki Helin of OUSPG; plus independent discovery by - Google Chrome Security Team (SkyLined) and David Warren of - CERT.<br/> - [67363] High Stale pointer with SVG use element. Credited - anonymously; plus indepdent discovery by miaubiz.<br/> - [67393] Medium Uninitialized pointer in the browser triggered by - rogue extension. Credit to kuzzcc.<br/> - [68115] High Vorbis decoder buffer overflows. Credit to David - Warren of CERT.<br/> - [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of - OUSPG.<br/> - [68178] High Bad cast in anchor handling. Credit to Sergey - Glazunov.<br/> - [68181] High Bad cast in video handling. Credit to Sergey - Glazunov.<br/> - [68439] High Stale rendering node after DOM node removal. Credit to - Martin Barbella; plus independent discovery by Google Chrome - Security Team (SkyLined).<br/> - [68666] Critical Stale pointer in speech handling. Credit to Sergey - Glazunov.</p> - - <p>Fixed in 8.0.552.224:<br/> - [64-bit Linux only] [56449] High Bad validation for message - deserialization on 64-bit builds. Credit to Lei Zhang of the - Chromium development community.<br/> - [60761] Medium Bad extension can cause browser crash in tab - handling. Credit to kuzzcc.<br/> - [63529] Low Browser crash with NULL pointer in web worker handling. - Credit to Nathan Weizenbaum of Google.<br/> - [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris - Rohlf.<br/> - [64959] High Stale pointers in cursor handling. Credit to Slawomir - Blazek and Sergey Glazunov.</p> - - <p>Fixed in 8.0.552.215:<br/> - [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome - Security Team (SkyLined).<br/> - [55745] Medium Cross-origin video theft with canvas. Credit to - Nirankush Panchbhai and Microsoft Vulnerability Research - (MSVR).<br/> - [56237] Low Browser crash with HTML5 databases. Credit to Google - Chrome Security Team (Inferno).<br/> - [58319] Low Prevent excessive file dialogs, possibly leading to - browser crash. Credit to Cezary Tomczak (gosu.pl).<br/> - [59554] High Use after free in history handling. Credit to Stefan - Troger.<br/> - [Linux / Mac] [59817] Medium Make sure the "dangerous file types" - list is uptodate with the Windows platforms. Credit to Billy Rios - of the Google Security Team.<br/> - [61701] Low Browser crash with HTTP proxy authentication. Credit to - Mohammed Bouhlel.<br/> - [61653] Medium Out-of-bounds read regression in WebM video support. - Credit to Google Chrome Security Team (Chris Evans), based on - earlier testcases from Mozilla and Microsoft (MSVR).<br/> - [62127] High Crash due to bad indexing with malformed video. Credit - to miaubiz.<br/> - [62168] Medium Possible browser memory corruption via malicious - privileged extension. Credit to kuzzcc.<br/> - [62401] High Use after free with SVG animations. Credit to Slawomir - Blazek.<br/> - [63051] Medium Use after free in mouse dragging event handling. - Credit to kuzzcc.<br/> - [63444] High Double free in XPath handling. Credit to Yang Dingning - from NCNIPC, Graduate University of Chinese Academy of Sciences.</p> - - <p>Fixed in 7.0.517.44:<br/> - [51602] High Use-after-free in text editing. Credit to David Bloom - of the Google Security Team, Google Chrome Security Team (Inferno) - and Google Chrome Security Team (Cris Neckar).<br/> - [55257] High Memory corruption with enormous text area. Credit to - wushi of team509.<br/> - [58657] High Bad cast with the SVG use element. Credit to the - kuzzcc.<br/> - [58731] High Invalid memory read in XPath handling. Credit to Bui - Quang Minh from Bkis (www.bkis.com).<br/> - [58741] High Use-after-free in text control selections. Credit to - "vkouchna".<br/> - [Linux only] [59320] High Integer overflows in font handling. Credit - to Aki Helin of OUSPG.<br/> - [60055] High Memory corruption in libvpx. Credit to Christoph - Diehl.<br/> - [60238] High Bad use of destroyed frame object. Credit to various - developers, including "gundlach".<br/> - [60327] [60769] [61255] High Type confusions with event objects. - Credit to "fam.lam" and Google Chrome Security Team - (Inferno).<br/> - [60688] High Out-of-bounds array access in SVG handling. Credit to - wushi of team509.</p> - - <p>Fixed in 7.0.517.43:<br/> - [48225] [51727] Medium Possible autofill / autocomplete profile - spamming. Credit to Google Chrome Security Team (Inferno).<br/> - [48857] High Crash with forms. Credit to the Chromium development - community.<br/> - [50428] Critical Browser crash with form autofill. Credit to the - Chromium development community.<br/> - [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; - plus independent discovery by Jordi Chancel.<br/> - [53002] Low Pop-up block bypass. Credit to kuzzcc.<br/> - [53985] Medium Crash on shutdown with Web Sockets. Credit to the - Chromium development community.<br/> - [Linux only] [54132] Low Bad construction of PATH variable. Credit - to Dan Rosenberg, Virtual Security Research.<br/> - [54500] High Possible memory corruption with animated GIF. Credit to - Simon Schaak.<br/> - [Linux only] [54794] High Failure to sandbox worker processes on - Linux. Credit to Google Chrome Security Team (Chris Evans).<br/> - [56451] High Stale elements in an element map. Credit to Michal - Zalewski of the Google Security Team.</p> - </blockquote> - </body> - </description> - <references> - <url>http://googlechromereleases.blogspot.com/search/label/Stable%20updates</url>; - <cvename>CVE-2011-1290</cvename> - <cvename>CVE-2011-1291</cvename> - <cvename>CVE-2011-1292</cvename> - <cvename>CVE-2011-1293</cvename> - <cvename>CVE-2011-1294</cvename> - <cvename>CVE-2011-1295</cvename> - <cvename>CVE-2011-1296</cvename> - <cvename>CVE-2011-1301</cvename> - <cvename>CVE-2011-1302</cvename> - <cvename>CVE-2011-1303</cvename> - <cvename>CVE-2011-1304</cvename> - <cvename>CVE-2011-1305</cvename> - <cvename>CVE-2011-1434</cvename> - <cvename>CVE-2011-1435</cvename> - <cvename>CVE-2011-1436</cvename> - <cvename>CVE-2011-1437</cvename> - <cvename>CVE-2011-1438</cvename> - <cvename>CVE-2011-1439</cvename> - <cvename>CVE-2011-1440</cvename> - <cvename>CVE-2011-1441</cvename> - <cvename>CVE-2011-1442</cvename> - <cvename>CVE-2011-1443</cvename> - <cvename>CVE-2011-1444</cvename> - <cvename>CVE-2011-1445</cvename> - <cvename>CVE-2011-1446</cvename> - <cvename>CVE-2011-1447</cvename> - <cvename>CVE-2011-1448</cvename> - <cvename>CVE-2011-1449</cvename> - <cvename>CVE-2011-1450</cvename> - <cvename>CVE-2011-1451</cvename> - <cvename>CVE-2011-1452</cvename> - <cvename>CVE-2011-1454</cvename> - <cvename>CVE-2011-1455</cvename> - <cvename>CVE-2011-1456</cvename> - <cvename>CVE-2011-1799</cvename> - <cvename>CVE-2011-1800</cvename> - <cvename>CVE-2011-1801</cvename> - <cvename>CVE-2011-1804</cvename> - <cvename>CVE-2011-1806</cvename> - <cvename>CVE-2011-1807</cvename> - <cvename>CVE-2011-1808</cvename> - <cvename>CVE-2011-1809</cvename> - <cvename>CVE-2011-1810</cvename> - <cvename>CVE-2011-1811</cvename> - <cvename>CVE-2011-1812</cvename> - <cvename>CVE-2011-1813</cvename> - <cvename>CVE-2011-1814</cvename> - <cvename>CVE-2011-1815</cvename> - <cvename>CVE-2011-1816</cvename> - <cvename>CVE-2011-1817</cvename> - <cvename>CVE-2011-1818</cvename> - <cvename>CVE-2011-1819</cvename> - <cvename>CVE-2011-2332</cvename> - <cvename>CVE-2011-2342</cvename> - <cvename>CVE-2011-2345</cvename> - <cvename>CVE-2011-2346</cvename> - <cvename>CVE-2011-2347</cvename> - <cvename>CVE-2011-2348</cvename> - <cvename>CVE-2011-2349</cvename> - <cvename>CVE-2011-2350</cvename> - <cvename>CVE-2011-2351</cvename> - <cvename>CVE-2011-2358</cvename> - <cvename>CVE-2011-2359</cvename> - <cvename>CVE-2011-2360</cvename> - <cvename>CVE-2011-2361</cvename> - <cvename>CVE-2011-2782</cvename> - <cvename>CVE-2011-2783</cvename> - <cvename>CVE-2011-2784</cvename> - <cvename>CVE-2011-2785</cvename> - <cvename>CVE-2011-2786</cvename> - <cvename>CVE-2011-2787</cvename> - <cvename>CVE-2011-2788</cvename> - <cvename>CVE-2011-2789</cvename> - <cvename>CVE-2011-2790</cvename> - <cvename>CVE-2011-2791</cvename> - <cvename>CVE-2011-2792</cvename> - <cvename>CVE-2011-2793</cvename> - <cvename>CVE-2011-2794</cvename> - <cvename>CVE-2011-2795</cvename> - <cvename>CVE-2011-2796</cvename> - <cvename>CVE-2011-2797</cvename> - <cvename>CVE-2011-2798</cvename> - <cvename>CVE-2011-2799</cvename> - <cvename>CVE-2011-2800</cvename> - <cvename>CVE-2011-2801</cvename> - <cvename>CVE-2011-2802</cvename> - <cvename>CVE-2011-2803</cvename> - <cvename>CVE-2011-2804</cvename> - <cvename>CVE-2011-2805</cvename> - <cvename>CVE-2011-2818</cvename> - <cvename>CVE-2011-2819</cvename> - <cvename>CVE-2011-2821</cvename> - <cvename>CVE-2011-2823</cvename> - <cvename>CVE-2011-2824</cvename> - <cvename>CVE-2011-2825</cvename> - <cvename>CVE-2011-2826</cvename> - <cvename>CVE-2011-2827</cvename> - <cvename>CVE-2011-2828</cvename> - <cvename>CVE-2011-2829</cvename> - <cvename>CVE-2011-2834</cvename> - <cvename>CVE-2011-2835</cvename> - <cvename>CVE-2011-2836</cvename> - <cvename>CVE-2011-2837</cvename> - <cvename>CVE-2011-2838</cvename> - <cvename>CVE-2011-2839</cvename> - <cvename>CVE-2011-2840</cvename> - <cvename>CVE-2011-2841</cvename> - <cvename>CVE-2011-2842</cvename> - <cvename>CVE-2011-2843</cvename> - <cvename>CVE-2011-2844</cvename> - <cvename>CVE-2011-2845</cvename> - <cvename>CVE-2011-2846</cvename> - <cvename>CVE-2011-2847</cvename> - <cvename>CVE-2011-2848</cvename> - <cvename>CVE-2011-2849</cvename> - <cvename>CVE-2011-2850</cvename> - <cvename>CVE-2011-2851</cvename> - <cvename>CVE-2011-2852</cvename> - <cvename>CVE-2011-2853</cvename> - <cvename>CVE-2011-2854</cvename> - <cvename>CVE-2011-2855</cvename> - <cvename>CVE-2011-2856</cvename> - <cvename>CVE-2011-2857</cvename> - <cvename>CVE-2011-2858</cvename> - <cvename>CVE-2011-2859</cvename> - <cvename>CVE-2011-2860</cvename> - <cvename>CVE-2011-2861</cvename> - <cvename>CVE-2011-2862</cvename> - <cvename>CVE-2011-2864</cvename> - <cvename>CVE-2011-2874</cvename> - <cvename>CVE-2011-2875</cvename> - <cvename>CVE-2011-2876</cvename> - <cvename>CVE-2011-2877</cvename> - <cvename>CVE-2011-2878</cvename> - <cvename>CVE-2011-2879</cvename> - <cvename>CVE-2011-2880</cvename> - <cvename>CVE-2011-2881</cvename> - <cvename>CVE-2011-3234</cvename> - <cvename>CVE-2011-3873</cvename> - <cvename>CVE-2011-3873</cvename> - <cvename>CVE-2011-3875</cvename> - <cvename>CVE-2011-3876</cvename> - <cvename>CVE-2011-3877</cvename> - <cvename>CVE-2011-3878</cvename> - <cvename>CVE-2011-3879</cvename> - <cvename>CVE-2011-3880</cvename> - <cvename>CVE-2011-3881</cvename> - <cvename>CVE-2011-3882</cvename> - <cvename>CVE-2011-3883</cvename> - <cvename>CVE-2011-3884</cvename> - <cvename>CVE-2011-3885</cvename> - <cvename>CVE-2011-3886</cvename> - <cvename>CVE-2011-3887</cvename> - <cvename>CVE-2011-3888</cvename> - <cvename>CVE-2011-3889</cvename> - <cvename>CVE-2011-3890</cvename> - <cvename>CVE-2011-3891</cvename> - <cvename>CVE-2011-3892</cvename> - <cvename>CVE-2011-3893</cvename> - <cvename>CVE-2011-3894</cvename> - <cvename>CVE-2011-3895</cvename> - <cvename>CVE-2011-3896</cvename> - <cvename>CVE-2011-3897</cvename> - <cvename>CVE-2011-3898</cvename> - <cvename>CVE-2011-3900</cvename> - </references> - <dates> - <discovery>2010-10-19</discovery> - <entry>2010-12-07</entry> - <modified>2011-11-17</modified> - </dates> - </vuln> - <vuln vid="ed7fa1b4-ff59-11df-9759-080027284eaa"> <topic>proftpd -- Compromised source packages backdoor</topic> <affects> @@ -87256,7 +86432,7 @@ executed in your Internet Explorer while displaying th <url>http://gitorious.org/webkitgtk/stable/commit/9d07fda89aab7105962d933eef32ca15dda610d8</url>; </references> <dates> - <discovery>2010-09-7</discovery> + <discovery>2010-09-07</discovery> <entry>2010-09-10</entry> </dates> </vuln> @@ -101327,7 +100503,7 @@ executed in your Internet Explorer while displaying th <url>http://secunia.com/advisories/31028/</url>; </references> <dates> - <discovery>2008-07-9</discovery> + <discovery>2008-07-09</discovery> <entry>2008-07-13</entry> <modified>2010-05-12</modified> </dates> @@ -111062,7 +110238,7 @@ executed in your Internet Explorer while displaying th <url>http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html</url>; </references> <dates> - <discovery>2006-12-1</discovery> + <discovery>2006-12-01</discovery> <entry>2006-12-11</entry> <modified>2010-05-12</modified> </dates>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709291517.v8TFH4Hg005273>