Date: Wed, 5 Jan 2022 13:15:22 GMT From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 355c650718a5 - main - security/vuxml: document www/chromium < 97.0.4692.71 Message-ID: <202201051315.205DFM4r062642@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=355c650718a5af17bd7d977253c1e6186e495f07 commit 355c650718a5af17bd7d977253c1e6186e495f07 Author: Rene Ladan <rene@FreeBSD.org> AuthorDate: 2022-01-05 13:11:32 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2022-01-05 13:14:51 +0000 security/vuxml: document www/chromium < 97.0.4692.71 While here add definitions for 2022, as this is the first vuxml commit of the year. This cannot be done in its own commit because `make validate` complains in that case (even with a 0-byte vuln-2022.xml). Obtained from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html --- security/vuxml/files/tidy.xsl | 1 + security/vuxml/vuln-2022.xml | 104 ++++++++++++++++++++++++++++++++++++++++++ security/vuxml/vuln.xml | 4 +- 3 files changed, 108 insertions(+), 1 deletion(-) diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl index 8bf948a94b6e..e48c36c691c2 100644 --- a/security/vuxml/files/tidy.xsl +++ b/security/vuxml/files/tidy.xsl @@ -44,6 +44,7 @@ result in more namespace declarations than we wish. <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml"> <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml"> <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml"> +<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml"> ]> ]]></xsl:text> <xsl:apply-templates /> diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml new file mode 100644 index 000000000000..d2a5f1dfed62 --- /dev/null +++ b/security/vuxml/vuln-2022.xml @@ -0,0 +1,104 @@ + <vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>97.0.4692.71</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">; + <p>This release contains 37 security fixes, including:</p> + <ul> + <li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in + Storage. Reported by Yangkang (@dnpushme) of 360 ATA on + 2021-11-30</li> + <li>[1117173] High CVE-2022-0097: Inappropriate implementation in + DevTools. Reported by David Erceg on 2020-08-17</li> + <li>[1273609] High CVE-2022-0098: Use after free in Screen Capture. + Reported by @ginggilBesel on 2021-11-24</li> + <li>[1245629] High CVE-2022-0099: Use after free in Sign-in. + Reported by Rox on 2021-09-01</li> + <li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media + streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO + Mobile Telecommunications Corp. Ltd. on 2021-08-10</li> + <li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks. + Reported by raven (@raid_akame) on 2021-09-14</li> + <li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by + Brendon Tiszka on 2021-10-14</li> + <li>[1272266] High CVE-2022-0103: Use after free in SwiftShader. + Reported by Abraruddin Khan and Omair on 2021-11-21</li> + <li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE. + Reported by Abraruddin Khan and Omair on 2021-11-25</li> + <li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by + Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications + Corp. Ltd. on 2021-11-28</li> + <li>[1278960] High CVE-2022-0106: Use after free in Autofill. + Reported by Khalil Zhani on 2021-12-10</li> + <li>[1248438] Medium CVE-2022-0107: Use after free in File Manager + API. Reported by raven (@raid_akame) on 2021-09-10</li> + <li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in + Navigation. Reported by Luan Herrera (@lbherrera_) on + 2021-09-10</li> + <li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in + Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at + Seoul National University on 2021-10-20</li> + <li>[1237310] Medium CVE-2022-0110: Incorrect security UI in + Autofill. Reported by Alesandro Ortiz on 2021-08-06</li> + <li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in + Navigation. Reported by garygreen on 2021-08-18</li> + <li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser + UI. Reported by Thomas Orlita on 2021-10-04</li> + <li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in + Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li> + <li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in + Web Serial. Reported by Looben Yang on 2021-11-06</li> + <li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API. + Reported by Mark Brand of Google Project Zero on 2021-11-10</li> + <li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in + Compositing. Reported by Irvan Kurniawan (sourc7) on + 2021-11-20</li> + <li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers. + Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li> + <li>[1238631] Low CVE-2022-0118: Inappropriate implementation in + WebShare. Reported by Alesandro Ortiz on 2021-08-11</li> + <li>[1262953] Low CVE-2022-0120: Inappropriate implementation in + Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-0096</cvename> + <cvename>CVE-2022-0097</cvename> + <cvename>CVE-2022-0098</cvename> + <cvename>CVE-2022-0099</cvename> + <cvename>CVE-2022-0100</cvename> + <cvename>CVE-2022-0101</cvename> + <cvename>CVE-2022-0102</cvename> + <cvename>CVE-2022-0103</cvename> + <cvename>CVE-2022-0104</cvename> + <cvename>CVE-2022-0105</cvename> + <cvename>CVE-2022-0106</cvename> + <cvename>CVE-2022-0107</cvename> + <cvename>CVE-2022-0108</cvename> + <cvename>CVE-2022-0109</cvename> + <cvename>CVE-2022-0110</cvename> + <cvename>CVE-2022-0111</cvename> + <cvename>CVE-2022-0112</cvename> + <cvename>CVE-2022-0113</cvename> + <cvename>CVE-2022-0114</cvename> + <cvename>CVE-2022-0115</cvename> + <cvename>CVE-2022-0116</cvename> + <cvename>CVE-2022-0117</cvename> + <cvename>CVE-2022-0118</cvename> + <cvename>CVE-2022-0120</cvename> + <url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>; + </references> + <dates> + <discovery>2022-01-04</discovery> + <entry>2022-01-05</entry> + </dates> + </vuln> diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 25512c70513c..845b3df9e509 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -19,9 +19,10 @@ <!ENTITY vuln-2019 SYSTEM "vuln-2019.xml"> <!ENTITY vuln-2020 SYSTEM "vuln-2020.xml"> <!ENTITY vuln-2021 SYSTEM "vuln-2021.xml"> +<!ENTITY vuln-2022 SYSTEM "vuln-2022.xml"> ]> <!-- -Copyright 2003-2021 Jacques Vidrine and contributors +Copyright 2003-2022 Jacques Vidrine and contributors Redistribution and use in source (VuXML) and 'compiled' forms (SGML, HTML, PDF, PostScript, RTF and so forth) with or without modification, @@ -77,6 +78,7 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; +&vuln-2022; &vuln-2021; &vuln-2020; &vuln-2019;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201051315.205DFM4r062642>