From nobody Wed Aug  3 14:51:57 2022
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LyZZP3mpXz4XqHc;
	Wed,  3 Aug 2022 14:51:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LyZZP3JjPz3n5l;
	Wed,  3 Aug 2022 14:51:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1659538317;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hrm5EYNgCRS1kOIadBOt4JgoG3qkowZYCGFZhf8tub8=;
	b=tDlJjL+tMC9o6LdXCfvBS1ffjE5vNgj+FVc2NkCFNBZgftmB5KLGEUL3ngftk33oMr76zq
	salGGDMwFHpR5G1jQR1ne1FBTdfvt9NkFM9iIcqoJ2PaYgC4zOSAGT9h3287VFXb79AhUF
	LCXsBMrvDf4u7DEIyQjNdxzBoJB5H3A4Rzbhg3Hq3Gat2BTNLTfDVXPSjXVFj6M669E+nM
	TiiQ082RQkRoQVmAHP3ztqa00nwThMsinAHu/gdk8/dBphnhVYTht+bSLfmD2pmK0OVZ6v
	Evhpan4G558DjT4V1EsNGtQnM+P9zsUC1t5mvOq6irL92LJ1L2uXV8rXUeGw5Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LyZZP2880zvpf;
	Wed,  3 Aug 2022 14:51:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 273Epveq081609;
	Wed, 3 Aug 2022 14:51:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 273EpvGE081608;
	Wed, 3 Aug 2022 14:51:57 GMT
	(envelope-from git)
Date: Wed, 3 Aug 2022 14:51:57 GMT
Message-Id: <202208031451.273EpvGE081608@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Rene Ladan <rene@FreeBSD.org>
Subject: git: 5b9287003a18 - main - security/vuxml: add www/chromium < 104.0.5112.79
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rene
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 5b9287003a185c527d70c5a81751d85825665498
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1659538317;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hrm5EYNgCRS1kOIadBOt4JgoG3qkowZYCGFZhf8tub8=;
	b=a4A3pMLa+4sDPibdFXgICh8uHEQA/6rKJMYWx3bHcRjRuaHsfIPQoKqqDmiTul5CeW9s7m
	CEWZaqVSk8k4gGZSHGmp6VhSyg1bo5oY6TyK/Kroo+3Zs4cfAn0eic/ROXywEXlLs4wVNR
	esYhDROSkWr7Ci8Qr4orUPQRIryxXBgtcrcLqtscnYZX/2Ubc39gD77Z12aRLQjutMX8ea
	Hm4pgKfsaavrVWaQ2IQBfG1HQ3Pr36BG3gD5CILmnKe8//icQEiGcYrS9cVZyTqHwUzKym
	UwkszX3tGvwfgJsCamn6bpcL4E+7pB83fI7suc7e4u2QBGUkpGcHX1/RMIluzA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659538317; a=rsa-sha256; cv=none;
	b=rjrw0QfNjzJ5/ebrT7Aoao5ulI2UxJTBinxonEs8mgsr5GWmAJjy0+86vLwhWtUuOQAkVx
	H1zAZmccpH4vC5eE4DgG9yI4SMo36s1Bd0lzk/euqfWoXdwW2j4ZCwLzb1OK4yC4lk8h2h
	jLyZyQzr951sqeukEl+kwYJtAPsGQJ1QPdd4K8Qkv4WyTyQ+5GciPvWqSIvYQe+vB1CHVZ
	L/Gm6i5XACmigbQ6auoexqK1F1K1kiyjVht4HZW2vOQMrTPpZm/IcySnCurJZjjioDdO7O
	ALYZzhCcG9dd0kutDLoPa48IqD3cYqO7beZ0g/ECoVhmBph/AKhOax2QoQZdEA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by rene:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5b9287003a185c527d70c5a81751d85825665498

commit 5b9287003a185c527d70c5a81751d85825665498
Author:     Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-08-03 14:49:13 +0000
Commit:     Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-08-03 14:50:50 +0000

    security/vuxml: add www/chromium < 104.0.5112.79
    
    Obtained from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
---
 security/vuxml/vuln-2022.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index d6c63af710cc..d13953c0710c 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,74 @@
+  <vuln vid="96a41723-133a-11ed-be3b-3065ec8fd3ec">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<range><lt>104.0.5112.79</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html">
+	  <p>This release contains 27 security fixes, including:</p>
+	  <ul>
+	    <li>[1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16</li>
+	    <li>[1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10</li>
+	    <li>[1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22</li>
+	    <li>[1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31</li>
+	    <li>[1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11</li>
+	    <li>[1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01</li>
+	    <li>[1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22</li>
+	    <li>[1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09</li>
+	    <li>[1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28</li>
+	    <li>[1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30</li>
+	    <li>[1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13</li>
+	    <li>[1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05</li>
+	    <li>[1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10</li>
+	    <li>[1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02</li>
+	    <li>[1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31</li>
+	    <li>[1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21</li>
+	    <li>[1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04</li>
+	    <li>[1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17</li>
+	    <li>[1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07</li>
+	    <li>[1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03</li>
+	    <li>[1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20</li>
+	    <li>[1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-2603</cvename>
+      <cvename>CVE-2022-2604</cvename>
+      <cvename>CVE-2022-2605</cvename>
+      <cvename>CVE-2022-2606</cvename>
+      <cvename>CVE-2022-2607</cvename>
+      <cvename>CVE-2022-2608</cvename>
+      <cvename>CVE-2022-2609</cvename>
+      <cvename>CVE-2022-2610</cvename>
+      <cvename>CVE-2022-2611</cvename>
+      <cvename>CVE-2022-2612</cvename>
+      <cvename>CVE-2022-2613</cvename>
+      <cvename>CVE-2022-2614</cvename>
+      <cvename>CVE-2022-2615</cvename>
+      <cvename>CVE-2022-2616</cvename>
+      <cvename>CVE-2022-2617</cvename>
+      <cvename>CVE-2022-2618</cvename>
+      <cvename>CVE-2022-2619</cvename>
+      <cvename>CVE-2022-2620</cvename>
+      <cvename>CVE-2022-2621</cvename>
+      <cvename>CVE-2022-2622</cvename>
+      <cvename>CVE-2022-2623</cvename>
+      <cvename>CVE-2022-2624</cvename>
+      <url>https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html</url>
+    </references>
+    <dates>
+      <discovery>2022-08-02</discovery>
+      <entry>2022-08-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7f8d5435-125a-11ed-9a69-10c37b4ac2ea">
     <topic>go -- decoding big.Float and big.Rat can panic</topic>
     <affects>