From owner-svn-ports-head@freebsd.org Fri Sep 29 15:28:56 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 340B7E2F23D; Fri, 29 Sep 2017 15:28:56 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D68566A61D; Fri, 29 Sep 2017 15:28:55 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8TFSta6009899; Fri, 29 Sep 2017 15:28:55 GMT (envelope-from zi@FreeBSD.org) Received: (from zi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8TFSsh0009897; Fri, 29 Sep 2017 15:28:54 GMT (envelope-from zi@FreeBSD.org) Message-Id: <201709291528.v8TFSsh0009897@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: zi set sender to zi@FreeBSD.org using -f From: Ryan Steinmetz Date: Fri, 29 Sep 2017 15:28:54 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450904 - head/security/vuxml X-SVN-Group: ports-head X-SVN-Commit-Author: zi X-SVN-Commit-Paths: head/security/vuxml X-SVN-Commit-Revision: 450904 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 15:28:56 -0000 Author: zi Date: Fri Sep 29 15:28:54 2017 New Revision: 450904 URL: https://svnweb.freebsd.org/changeset/ports/450904 Log: - Purge another batch of superceded www/chromium entries to give us additional headroom under the 5M vuln.xml file size limit Approved by: ports-secteam (with hat) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Sep 29 15:24:58 2017 (r450903) +++ head/security/vuxml/vuln.xml Fri Sep 29 15:28:54 2017 (r450904) @@ -52385,77 +52385,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - chromium-pulse - 38.0.2125.101 - - - - -

Google Chrome Releases reports:

-
159 security fixes in this release, including 113 found using - MemorySanitizer:
-
-
[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla - for a combination of V8 and IPC bugs that can lead to remote code - execution outside of the sandbox.
-
[398384] High CVE-2014-3189: Out-of-bounds read in PDFium. - Credit to cloudfuzzer.
-
[400476] High CVE-2014-3190: Use-after-free in Events. Credit - to cloudfuzzer.
-
[402407] High CVE-2014-3191: Use-after-free in Rendering. - Credit to cloudfuzzer.
-
[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to - cloudfuzzer.
-
[399655] High CVE-2014-3193: Type confusion in Session Management. - Credit to miaubiz.
-
[401115] High CVE-2014-3194: Use-after-free in Web Workers. - Credit to Collin Payne.
-
[403409] Medium CVE-2014-3195: Information Leak in V8. Credit - to Jüri Aedla.
-
[338538] Medium CVE-2014-3196: Permissions bypass in Windows - Sandbox. Credit to James Forshaw.
-
[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. - Credit to Takeshi Terada.
-
[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. - Credit to Atte Kettunen of OUSPG.
-
[395411] Low CVE-2014-3199: Release Assert in V8 bindings. - Credit to Collin Payne.
-
[420899] CVE-2014-3200: Various fixes from internal audits, - fuzzing and other initiatives (Chrome 38).
-
Multiple vulnerabilities in V8 fixed at the tip of the 3.28 - branch (currently 3.28.71.15).
-
-

- - - - CVE-2014-3188 - CVE-2014-3189 - CVE-2014-3190 - CVE-2014-3191 - CVE-2014-3192 - CVE-2014-3193 - CVE-2014-3194 - CVE-2014-3195 - CVE-2014-3196 - CVE-2014-3197 - CVE-2014-3198 - CVE-2014-3199 - CVE-2014-3200 - http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html - - - 2014-10-07 - 2014-10-08 - - - Bugzilla multiple security issues @@ -52935,34 +52864,6 @@ and CVE-2013-0155.

- - chromium -- RSA signature malleability in NSS - - - chromium - 37.0.2062.124 - - - - -

Google Chrome Releases reports:

-
[414124] RSA signature malleability in NSS (CVE-2014-1568). - Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith - and Advanced Threat Research team at Intel Security
-

- - - - CVE-2014-1568 - http://googlechromereleases.blogspot.nl/ - - - 2014-09-24 - 2014-09-25 - - - krfb -- Multiple security issues in bundled libvncserver @@ -53258,39 +53159,6 @@ and CVE-2013-0155.

- - www/chromium -- multiple vulnerabilities - - - chromium - 37.0.2062.120 - - - - -

Google Chrome Releases reports:

-
4 security fixes in this release, including:
-
-
[401362] High CVE-2014-3178: Use-after-free in rendering. - Credit to miaubiz.
-
[411014] CVE-2014-3179: Various fixes from internal audits, - fuzzing and other initiatives.
-
-

- - - - CVE-2014-3178 - CVE-2014-3179 - http://googlechromereleases.blogspot.nl/ - - - 2014-09-09 - 2014-09-09 - - - trafficserver -- unspecified vulnerability @@ -53322,64 +53190,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 37.0.2062.94 - - - - -

Google Chrome Releases reports:

-
50 security fixes in this release, including:
-
-
[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward - to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and - extensions that can lead to remote code execution outside of the - sandbox.
-
[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to - cloudfuzzer.
-
[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to - Andrzej Dyjak.
-
[390624] High CVE-2014-3170: Extension permission dialog spoofing. - Credit to Rob Wu.
-
[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to - cloudfuzzer.
-
[367567] Medium CVE-2014-3172: Issue related to extension debugging. - Credit to Eli Grey.
-
[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL. - Credit to jmuizelaar.
-
[389219] Medium CVE-2014-3174: Uninitialized memory read in Web - Audio. Credit to Atte Kettunen from OUSPG.
-
[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing - and other initiatives (Chrome 37).
- -
-

- - - - CVE-2014-3168 - CVE-2014-3169 - CVE-2014-3170 - CVE-2014-3171 - CVE-2014-3172 - CVE-2014-3173 - CVE-2014-3174 - CVE-2014-3175 - CVE-2014-3176 - CVE-2014-3177 - http://googlechromereleases.blogspot.nl/ - - - 2014-08-26 - 2014-08-26 - - - file -- buffer overruns and missing buffer size tests @@ -53571,42 +53381,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 36.0.1985.143 - - - - -

Google Chrome Releases reports:

-
12 security fixes in this release, including
-
-
[390174] High CVE-2014-3165: Use-after-free in web sockets. - Credit to Collin Payne.
-
[398925] High CVE-2014-3166: Information disclosure in SPDY. - Credit to Antoine Delignat-Lavaud.
-
[400950] CVE-2014-3167: Various fixes from internal audits, - fuzzing and other initiatives.
-
-

- - - - CVE-2014-3165 - CVE-2014-3166 - CVE-2014-3167 - http://googlechromereleases.blogspot.nl - - - 2014-08-12 - 2014-08-13 - - - serf -- SSL Certificate Null Byte Poisoning @@ -54401,39 +54175,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 36.0.1985.125 - - - - -

Google Chrome Releases reports:

-
26 security fixes in this release, including
-
-
[380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit - to Christian Schneider.
-
[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and - other initiatives.
-
-

- - - - CVE-2014-3160 - CVE-2014-3162 - http://googlechromereleases.blogspot.nl - - - 2014-07-16 - 2014-07-16 - - - kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw @@ -54862,44 +54603,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 35.0.1916.153 - - - - -

Google Chrome Releases reports:

-
4 security fixes in this release, including:
-
-
[369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit - to Collin Payne.
-
[369539] High CVE-2014-3155: Out-if-bounds read in SPDY. Credit - to James March, Daniel Sommermann and Alan Frindell of Facebook.
-
[369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit - to Atte Kettunen of OUSPG.
-
[368980] CVE-2014-3157: Heap overflow in media.
-
-

- - - - CVE-2014-3154 - CVE-2014-3155 - CVE-2014-3156 - CVE-2014-3157 - http://googlechromereleases.blogspot.nl - - - 2014-06-10 - 2014-06-10 - - - mozilla -- multiple vulnerabilities @@ -55226,93 +54929,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 35.0.1916.114 - - - - -

Google Chrome Releases reports:

-
23 security fixes in this release, including:
-
-
[356653] High CVE-2014-1743: Use-after-free in styles. Credit - to cloudfuzzer.
-
[359454] High CVE-2014-1744: Integer overflow in audio. Credit - to Aaron Staple.
-
[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to - Atte Kettunen of OUSPG.
-
[364065] Medium CVE-2014-1746: Out-of-bounds read in media - filters. Credit to Holger Fuhrmannek.
-
[330663] Medium CVE-2014-1747: UXSS with local MHTML file. - Credit to packagesu.
-
[331168] Medium CVE-2014-1748: UI spoofing with scrollbar. - Credit to Jordan Milne.
-
[374649] CVE-2014-1749: Various fixes from internal audits, - fuzzing and other initiatives.
-
[358057] CVE-2014-3152: Integer underflow in V8 fixed in - version 3.25.28.16.
-
-

- - - - CVE-2014-1743 - CVE-2014-1744 - CVE-2014-1745 - CVE-2014-1746 - CVE-2014-1747 - CVE-2014-1748 - CVE-2014-1749 - CVE-2014-3152 - http://googlechromereleases.blogspot.nl/ - - - 2014-05-20 - 2014-05-20 - - - - - chromium -- multiple vulnerabilities - - - chromium - 34.0.1847.137 - - - - -

Google Chrome Releases reports:

-
3 security fixes in this release:
-
-
[358038] High CVE-2014-1740: Use-after-free in WebSockets. - Credit to Collin Payne.
-
[349898] High CVE-2014-1741: Integer overflow in DOM ranges. - Credit to John Butler.
-
[356690] High CVE-2014-1742: Use-after-free in editing. Credit - to cloudfuzzer.
-
-

- - - - CVE-2014-1740 - CVE-2014-1741 - CVE-2014-1742 - http://googlechromereleases.blogspot.nl/ - - - 2014-05-13 - 2014-05-14 - - - libXfont -- X Font Service Protocol and Font metadata file handling issues @@ -55577,54 +55193,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 34.0.1847.132 - - - - -

Google Chrome Releases reports (belatedly):

-
9 security fixes in this release, including:
-
-
[354967] High CVE-2014-1730: Type confusion in V8. Credit to - Anonymous.
-
[349903] High CVE-2014-1731: Type confusion in DOM. Credit to - John Butler.
-
[359802] High CVE-2014-1736: Integer overflow in V8. Credit to - SkyLined working with HP's Zero Day Initiative.
-
[352851] Medium CVE-2014-1732: Use-after-free in Speech - Recognition. Credit to Khalil Zhani.
-
[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. - Credit to Jed Davis.
-
[367314] CVE-2014-1734: Various fixes from internal audits, - fuzzing and other initiatives.
-
[359130, 359525, 360429] CVE-2014-1735: Multiple - vulnerabilities in V8 fixed in version 3.24.35.33.
-
-

- - - - CVE-2014-1730 - CVE-2014-1731 - CVE-2014-1732 - CVE-2014-1733 - CVE-2014-1734 - CVE-2014-1735 - CVE-2014-1736 - http://googlechromereleases.blogspot.nl/ - - - 2014-04-24 - 2014-04-30 - - - mozilla -- multiple vulnerabilities @@ -56230,76 +55798,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 34.0.1847.116 - - - - -

Google Chrome Releases reports:

-
31 vulnerabilities fixed in this release, including:
-
-
[354123] High CVE-2014-1716: UXSS in V8. Credit to - Anonymous.
-
[353004] High CVE-2014-1717: OOB access in V8. Credit to - Anonymous.
-
[348332] High CVE-2014-1718: Integer overflow in compositor. - Credit to Aaron Staple.
-
[343661] High CVE-2014-1719: Use-after-free in web workers. - Credit to Collin Payne.
-
[356095] High CVE-2014-1720: Use-after-free in DOM. Credit to - cloudfuzzer.
-
[350434] High CVE-2014-1721: Memory corruption in V8. Credit to - Christian Holler.
-
[330626] High CVE-2014-1722: Use-after-free in rendering. - Credit to miaubiz.
-
[337746] High CVE-2014-1723: Url confusion with RTL characters. - Credit to George McBay.
-
[327295] High CVE-2014-1724: Use-after-free in speech. Credit - to Atte Kettunen of OUSPG.
-
[357332] Medium CVE-2014-1725: OOB read with window property. - Credit to Anonymous
-
[346135] Medium CVE-2014-1726: Local cross-origin bypass. - Credit to Jann Horn.
-
[342735] Medium CVE-2014-1727: Use-after-free in forms. Credit - to Khalil Zhani.
-
[360298] CVE-2014-1728: Various fixes from internal audits, - fuzzing and other initiatives.
-
[345820, 347262, 348319, 350863, 352982, 355586, 358059] - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version - 3.24.35.22.
-
-

- - - - CVE-2014-1716 - CVE-2014-1717 - CVE-2014-1718 - CVE-2014-1719 - CVE-2014-1720 - CVE-2014-1721 - CVE-2014-1722 - CVE-2014-1723 - CVE-2014-1724 - CVE-2014-1725 - CVE-2014-1726 - CVE-2014-1727 - CVE-2014-1728 - CVE-2014-1729 - http://googlechromereleases.blogspot.nl/ - - - 2014-04-08 - 2014-04-08 - - - OpenSSL -- Remote Information Disclosure @@ -56793,51 +56291,6 @@ and CVE-2013-0155.

- - www/chromium -- multiple vulnerabilities - - - chromium - 33.0.1750.152 - - - - -

Google Chrome Releases reports:

-
New vulnerabilities after the Pwn2Own competition:
-
-
[352369] Code execution outside sandbox. Credit to VUPEN. -
-
[352374] High CVE-2014-1713: Use-after-free in Blink - bindings
-
[352395] High CVE-2014-1714: Windows clipboard - vulnerability
-
-
-
[352420] Code execution outside sandbox. Credit to Anonymous. -
-
[351787] High CVE-2014-1705: Memory corruption in V8
-
[352429] High CVE-2014-1715: Directory traversal issue
-
-
-
-

- - - - CVE-2014-1705 - CVE-2014-1713 - CVE-2014-1714 - CVE-2014-1715 - http://googlechromereleases.blogspot.nl/ - - - 2014-03-14 - 2014-03-15 - - - mutt -- denial of service, potential remote code execution @@ -56998,48 +56451,6 @@ and CVE-2013-0155.

- - www/chromium --multiple vulnerabilities - - - chromium - 33.0.1750.149 - - - - -

Google Chrome Releases reports:

-
7 vulnerabilities fixed in this release, including:
-
-
[344881] High CVE-2014-1700: Use-after-free in speech. Credit - to Chamal de Silva.
-
[342618] High CVE-2014-1701: UXSS in events. Credit to - aidanhs.
-
[333058] High CVE-2014-1702: Use-after-free in web database. - Credit to Collin Payne.
-
[338354] High CVE-2014-1703: Potential sandbox escape due to a - use-after-free in web sockets.
-
[328202, 349079, 345715] CVE-2014-1704: Multiple - vulnerabilities in V8 fixed in version 3.23.17.18.
-
-

- - - - CVE-2014-1700 - CVE-2014-1701 - CVE-2014-1702 - CVE-2014-1703 - CVE-2014-1704 - http://googlechromereleases.blogspot.nl/ - - - 2014-03-11 - 2014-03-11 - - - freetype2 -- Out of bounds read/write @@ -57144,51 +56555,6 @@ and CVE-2013-0155.

- - chromium -- multiple vulnerabilities - - - chromium - 33.0.1750.146 - - - - -

Google Chrome Releases reports:

-
19 vulnerabilities fixed in this release, including:
-
-
[344492] High CVE-2013-6663: Use-after-free in svg images. - Credit to Atte Kettunen of OUSPG.
-
[326854] High CVE-2013-6664: Use-after-free in speech - recognition. Credit to Khalil Zhani.
-
[337882] High CVE-2013-6665: Heap buffer overflow in software - rendering. Credit to cloudfuzzer.
-
[332023] Medium CVE-2013-6666: Chrome allows requests in flash - header request. Credit to netfuzzerr.
-
[348175] CVE-2013-6667: Various fixes from internal audits, - fuzzing and other initiatives.
-
[343964, 344186, 347909] CVE-2013-6668: Multiple - vulnerabilities in V8 fixed in version 3.24.35.10.
-
-

- - - - CVE-2013-6663 - CVE-2013-6664 - CVE-2013-6665 - CVE-2013-6666 - CVE-2013-6667 - CVE-2013-6668 - http://googlechromereleases.blogspot.nl/ - - - 2014-03-03 - 2014-03-05 - - - gnutls -- multiple certificate verification issues @@ -57393,66 +56759,6 @@ JavaScript code would be executed.

- - chromium -- multiple vulnerabilities - - - chromium - 33.0.1750.117 - - - - -

Google Chrome Releases reports:

-
28 security fixes in this release, including:
-
-
[334897] High CVE-2013-6652: Issue with relative paths in - Windows sandbox named pipe policy. Credit to tyranid.
-
[331790] High CVE-2013-6653: Use-after-free related to web - contents. Credit to Khalil Zhani.
-
[333176] High CVE-2013-6654: Bad cast in SVG. Credit to - TheShow3511.
-
[293534] High CVE-2013-6655: Use-after-free in layout. Credit - to cloudfuzzer.
-
[331725] High CVE-2013-6656: Information leak in XSS auditor. - Credit to NeexEmil.
-
[331060] Medium CVE-2013-6657: Information leak in XSS auditor. - Credit to NeexEmil.
-
[322891] Medium CVE-2013-6658: Use-after-free in layout. Credit - to cloudfuzzer.
-
[306959] Medium CVE-2013-6659: Issue with certificates - validation in TLS handshake. Credit to Antoine Delignat-Lavaud - and Karthikeyan Bhargavan from Prosecco, Inria Paris.
-
[332579] Low CVE-2013-6660: Information leak in drag and drop. - Credit to bishopjeffreys.
-
[344876] Low-High CVE-2013-6661: Various fixes from internal - audits, fuzzing and other initiatives. Of these, seven are fixes - for issues that could have allowed for sandbox escapes from - compromised renderers.
-
-

- - - - CVE-2013-6652 - CVE-2013-6653 - CVE-2013-6654 - CVE-2013-6655 - CVE-2013-6656 - CVE-2013-6657 - CVE-2013-6658 - CVE-2013-6659 - CVE-2013-6660 - CVE-2013-6661 - http://googlechromereleases.blogspot.nl/ - - - 2014-02-20 - 2014-02-24 - - - PostgreSQL -- multiple privilege issues @@ -57975,40 +57281,6 @@ JavaScript code would be executed.

- - chromium -- multiple vulnerabilities - - - chromium - 32.0.1700.102 - - - - -

Google Chrome Releases reports:

-
14 security fixes in this release, including:
-
-
[330420] High CVE-2013-6649: Use-after-free in SVG images. - Credit to Atte Kettunen of OUSPG.
-
[331444] High CVE-2013-6650: Memory corruption in V8. This - issue was fixed in v8 version 3.22.24.16. Credit to Christian - Holler.
-
-

- - - - CVE-2013-6649 - CVE-2013-6650 - http://googlechromereleases.blogspot.nl/ - - - 2014-01-27 - 2014-01-27 - - - rt42 -- denial-of-service attack via the email gateway @@ -58233,51 +57505,6 @@ JavaScript code would be executed.

- - chromium -- multiple vulnerabilities - - - chromium - 32.0.1700.77 - - - - -

Google Chrome Releases reports:

-
11 security fixes in this release, including:
-
-
[249502] High CVE-2013-6646: Use-after-free in web workers. - Credit to Collin Payne.
-
[326854] High CVE-2013-6641: Use-after-free related to forms. - Credit to Atte Kettunen of OUSPG.
-
[324969] High CVE-2013-6642: Address bar spoofing in Chrome for - Android. Credit to lpilorz.
-
[321940] High CVE-2013-6643: Unprompted sync with an attacker’s - Google account. Credit to Joao Lucas Melo Brasio.
-
[318791] Medium CVE-2013-6645 Use-after-free related to speech - input elements. Credit to Khalil Zhani.
-
[333036] CVE-2013-6644: Various fixes from internal audits, - fuzzing and other initiatives.
-
-

- - - - CVE-2013-6641 - CVE-2013-6642 - CVE-2013-6643 - CVE-2013-6644 - CVE-2013-6645 - CVE-2013-6646 - http://googlechromereleases.blogspot.nl/ - - - 2014-01-14 - 2014-01-15 - - - ntpd DRDoS / Amplification Attack using ntpdc monlist command @@ -59033,57 +58260,6 @@ JavaScript code would be executed.

- - chromium -- multiple vulnerabilities - - - chromium - 31.0.1650.63 - - - - -

Google Chrome Releases reports:

-
15 security fixes in this release, including:
-
-
[307159] Medium CVE-2013-6634: Session fixation in sync related - to 302 redirects. Credit to Andrey Labunets.
-
[314469] High CVE-2013-6635: Use-after-free in editing. Credit - to cloudfuzzer.
-
[322959] Medium CVE-2013-6636: Address bar spoofing related to - modal dialogs. Credit to Bas Venis.
-
[325501] CVE-2013-6637: Various fixes from internal audits, - fuzzing and other initiatives.
-
[319722] Medium CVE-2013-6638: Buffer overflow in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.
-
[319835] High CVE-2013-6639: Out of bounds write in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.
-
[319860] Medium CVE-2013-6640: Out of bounds read in v8. This - issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow - of the Chromium project.
-
-

- - - - CVE-2013-6634 - CVE-2013-6635 - CVE-2013-6636 - CVE-2013-6637 - CVE-2013-6638 - CVE-2013-6639 - CVE-2013-6640 - http://googlechromereleases.blogspot.nl/ - - - 2013-12-04 - 2013-12-05 - - - Joomla! -- Core XSS Vulnerabilities @@ -59448,33 +58624,6 @@ JavaScript code would be executed.

- - chromium -- multiple memory corruption issues - - - chromium - 31.0.1650.57 - - - - -

Google Chrome Releases reports:

-
[319117] [319125] Critical CVE-2013-6632: Multiple memory - corruption issues. Credit to Pinkie Pie.
-

- - - - CVE-2013-6632 - http://googlechromereleases.blogspot.nl/ - - - 2013-11-14 - 2013-11-15 - - - linux-flashplugin -- multiple vulnerabilities @@ -59503,69 +58652,6 @@ JavaScript code would be executed.

- - chromium -- multiple vulnerabilities - - - chromium - 31.0.1650.48 - - - - -

Google Chrome Releases reports:

-
25 security fixes in this release, including:
-
-
[268565] Medium CVE-2013-6621: Use after free related to speech input elements. - Credit to Khalil Zhani.
-
[272786] High CVE-2013-6622: Use after free related to media elements. Credit *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***