From owner-svn-ports-head@FreeBSD.ORG Fri Feb 22 23:49:46 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id F31D0E99; Fri, 22 Feb 2013 23:49:45 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id D505E262; Fri, 22 Feb 2013 23:49:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1MNnj6x062822; Fri, 22 Feb 2013 23:49:45 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1MNnjaN062819; Fri, 22 Feb 2013 23:49:45 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201302222349.r1MNnjaN062819@svn.freebsd.org> From: Rene Ladan Date: Fri, 22 Feb 2013 23:49:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r312793 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2013 23:49:46 -0000 Author: rene Date: Fri Feb 22 23:49:44 2013 New Revision: 312793 URL: http://svnweb.freebsd.org/changeset/ports/312793 Log: Document vulnerabilities in www/chromium < 25.0.1364.97 Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Feb 22 21:34:27 2013 (r312792) +++ head/security/vuxml/vuln.xml Fri Feb 22 23:49:44 2013 (r312793) @@ -51,6 +51,100 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 25.0.1364.97 + + + + +

Google Chrome Releases reports:

+
[172243] High CVE-2013-0879: Memory corruption with web audio + node. Credit to Atte Kettunen of OUSPG.
+
[171951] High CVE-2013-0880: Use-after-free in database handling. + Credit to Chamal de Silva.
+
[167069] Medium CVE-2013-0881: Bad read in Matroska handling. + Credit to Atte Kettunen of OUSPG.
+
[165432] High CVE-2013-0882: Bad memory access with excessive SVG + parameters. Credit to Renata Hodovan.
+
[142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte + Kettunen of OUSPG.
+
[172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to + Google Chrome Security Team (Chris Evans).
+
[172369] Medium CVE-2013-0885: Too many API permissions granted to + web store.
+
[171065] [170836] Low CVE-2013-0887: Developer tools process has + too many permissions and places too much trust in the connected + server.
+
[170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit + to Google Chrome Security Team (Inferno).
+
[170569] Low CVE-2013-0889: Tighten user gesture check for + dangerous file downloads.
+
[169973] [169966] High CVE-2013-0890: Memory safety issues across + the IPC layer. Credit to Google Chrome Security Team (Chris + Evans).
+
[169685] High CVE-2013-0891: Integer overflow in blob handling. + Credit to Google Chrome Security Team (Jüri Aedla).
+
[169295] [168710] [166493] [165836] [165747] [164958] [164946] + Medium CVE-2013-0892: Lower severity issues across the IPC layer. + Credit to Google Chrome Security Team (Chris Evans).
+
[168570] Medium CVE-2013-0893: Race condition in media handling. + Credit to Andrew Scherkus of the Chromium development community.
+
[168473] High CVE-2013-0894: Buffer overflow in vorbis decoding. + Credit to Google Chrome Security Team (Inferno).
+
[Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling + in file copying. Credit to Google Chrome Security Team (Jüri + Aedla).
+
[166708] High CVE-2013-0896: Memory management issues in plug-in + message handling. Credit to Google Chrome Security Team (Cris + Neckar).
+
[165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to + Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from + Google Security Team.
+
[164643] High CVE-2013-0898: Use-after-free in URL handling. + Credit to Alexander Potapenko of the Chromium development + community.
+
[160480] Low CVE-2013-0899: Integer overflow in Opus handling. + Credit to Google Chrome Security Team (Jüri Aedla).
+
[152442] Medium CVE-2013-0900: Race condition in ICU. Credit to + Google Chrome Security Team (Inferno).
+

+ + + + CVE-2013-0879 + CVE-2013-0880 + CVE-2013-0881 + CVE-2013-0882 + CVE-2013-0883 + CVE-2013-0884 + CVE-2013-0885 + CVE-2013-0887 + CVE-2013-0888 + CVE-2013-0889 + CVE-2013-0890 + CVE-2013-0891 + CVE-2013-0892 + CVE-2013-0893 + CVE-2013-0894 + CVE-2013-0895 + CVE-2013-0896 + CVE-2013-0897 + CVE-2013-0898 + CVE-2013-0899 + CVE-2013-0900 + http://googlechromereleases.blogspot.nl/search/label/Stable%20updates + + + 2013-02-21 + 2013-02-22 + + + krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]