FreeBSD Mail Archives

Date:      Fri, 21 Apr 2017 13:46:50 +0000 (UTC)
From:      "Carlos J. Puga Medina" <cpm@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r439067 - head/security/vuxml
Message-ID:  <201704211346.v3LDkoTd013943@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: cpm
Date: Fri Apr 21 13:46:49 2017
New Revision: 439067
URL: https://svnweb.freebsd.org/changeset/ports/439067

Log:
  Document new vulnerabilities in www/chromium < 58.0.3029.81
  
  Obtained from:	https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Apr 21 13:43:24 2017	(r439066)
+++ head/security/vuxml/vuln.xml	Fri Apr 21 13:46:49 2017	(r439067)
@@ -58,6 +58,72 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="95a74a48-2691-11e7-9e2d-e8e0b747a45a">
+    <topic>chromium -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>chromium</name>
+	<name>chromium-pulse</name>
+	<range><lt>58.0.3029.81</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Google Chrome Releases reports:</p>
+	<blockquote cite="https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html">;
+	  <p>29 security fixes in this release, including:</p>
+	  <ul>
+	    <li>[695826] High CVE-2017-5057: Type confusion in PDFium. Credit to
+	      Guang Gong of Alpha Team, Qihoo 360</li>
+	    <li>[694382] High CVE-2017-5058: Heap use after free in Print Preview.
+	      Credit to Khalil Zhani</li>
+	    <li>[684684] High CVE-2017-5059: Type confusion in Blink. Credit to
+	      SkyLined working with Trend Micro's Zero Day Initiative</li>
+	    <li>[683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to
+	      Xudong Zheng</li>
+	    <li>[672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to
+	      Haosheng Wang (@gnehsoah)</li>
+	    <li>[702896] Medium CVE-2017-5062: Use after free in Chrome Apps.
+	      Credit to anonymous</li>
+	    <li>[700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to
+	      Sweetchip</li>
+	    <li>[693974] Medium CVE-2017-5064: Use after free in Blink. Credit to
+	      Wadih Matar</li>
+	    <li>[704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to
+	      Khalil Zhani</li>
+	    <li>[690821] Medium CVE-2017-5066: Incorrect signature handing in Networking.
+	      Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen
+	      (ICTT, Xidian University)</li>
+	    <li>[648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to
+	      Khalil Zhani</li>
+	    <li>[691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to
+	      Michael Reizelman</li>
+	    <li>[713205] Various fixes from internal audits, fuzzing and other initiatives</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2017-5057</cvename>
+      <cvename>CVE-2017-5058</cvename>
+      <cvename>CVE-2017-5059</cvename>
+      <cvename>CVE-2017-5060</cvename>
+      <cvename>CVE-2017-5061</cvename>
+      <cvename>CVE-2017-5062</cvename>
+      <cvename>CVE-2017-5063</cvename>
+      <cvename>CVE-2017-5064</cvename>
+      <cvename>CVE-2017-5065</cvename>
+      <cvename>CVE-2017-5066</cvename>
+      <cvename>CVE-2017-5067</cvename>
+      <cvename>CVE-2017-5069</cvename>
+      <url>https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html</url>;
+    </references>
+    <dates>
+      <discovery>2017-04-19</discovery>
+      <entry>2017-04-21</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="607f8b57-7454-42c6-a88a-8706f327076d">
     <topic>icu -- multiple vulnerabilities</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704211346.v3LDkoTd013943>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation