Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Sep 2015 20:08:19 +0200
From:      =?UTF-8?Q?Ren=c3=a9_Ladan?= <rene@freebsd.org>
To:        Carlos J Puga Medina <cpm@fbsd.es>
Cc:        freebsd-chromium@freebsd.org
Subject:   Re: Document new vulnerabilities in www/chromium < 45.0.2454.85
Message-ID:  <55E73B13.1080408@freebsd.org>
In-Reply-To: <1441189302.97726.2.camel@fbsd.es>
References:  <1441189302.97726.2.camel@fbsd.es>
next in thread | previous in thread | raw e-mail | index | archive | help 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/02/2015 12:21, Carlos J Puga Medina wrote:
> Current www/chromium is marked as vulnerable on Google Chrome
> website[0].
Committed, with a few line rewraps and addition of variants specific to
PC-BSD.

Thanks,
René
>
> --- vuln.xml.orig    2015-09-02 02:30:55.000000000 +0200
> +++ vuln.xml    2015-09-02 12:18:45.643172000 +0200
> @@ -58,6 +58,66 @@
> 
>  -->
>  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
> +  <vuln vid="a9350df8-5157-11e5-b5c1-e8e0b747a45a">
> +    <topic>chromium -- multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +    <name>chromium</name>
> +    <range><lt>45.0.2454.85</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">;
> +    <p>Google Chrome Releases reports:</p>
> +    <blockquote cite="http://googlechromereleases.blogspot.nl">;
> +      <p>29 security fixes in this release, including:</p>
> +      <ul>
> +        <li>[516377] High CVE-2015-1291: Cross-origin bypass in
> DOM. Credit
> +          to anonymous.</li>
> +        <li>[522791] High CVE-2015-1292: Cross-origin bypass in
> ServiceWorker. Credit
> +          to Mariusz Mlynski.</li>
> +        <li>[524074] High CVE-2015-1293: Cross-origin bypass in
> DOM. Credit
> +          to Mariusz Mlynski.</li>
> +        <li>[492263] High CVE-2015-1294: Use-after-free in Skia.
> Credit
> +          to cloudfuzzer.</li>
> +        <li>[502562] High CVE-2015-1295: Use-after-free in
> Printing. Credit
> +          to anonymous.</li>
> +        <li>[421332] High CVE-2015-1296: Character spoofing in
> omnibox. Credit
> +          to zcorpan.</li>
> +        <li>[510802] Medium CVE-2015-1297: Permission scoping
> error in Webrequest. Credit
> +          to Alexander Kashev.</li>
> +        <li>[518827] Medium CVE-2015-1298: URL validation error in
> extensions. Credit
> +          to Rob Wu.</li>
> +        <li>[416362] Medium CVE-2015-1299: Use-after-free in
> Blink. Credit
> +          to taro.suzuki.dev.</li>
> +        <li>[511616] Medium CVE-2015-1300: Information leak in
> Blink. Credit
> +          to cgvwzq.</li>
> +        <li>[526825] CVE-2015-1301: Various fixes from internal
> audits, fuzzing and
> +          other initiatives.</li>
> +      </ul>
> +    </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2015-1291</cvename>
> +      <cvename>CVE-2015-1292</cvename>
> +      <cvename>CVE-2015-1293</cvename>
> +      <cvename>CVE-2015-1294</cvename>
> +      <cvename>CVE-2015-1295</cvename>
> +      <cvename>CVE-2015-1296</cvename>
> +      <cvename>CVE-2015-1297</cvename>
> +      <cvename>CVE-2015-1298</cvename>
> +      <cvename>CVE-2015-1299</cvename>
> +      <cvename>CVE-2015-1300</cvename>
> +      <cvename>CVE-2015-1301</cvename>
> +      <url>http://googlechromereleases.blogspot.nl</url>;
> +    </references>
> +    <dates>
> +      <discovery>2015-09-01</discovery>
> +      <entry>2015-09-02</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5">
>      <topic>ghostscript -- denial of service (crash) via crafted
> Postscript files</topic>
>      <affects>
>
> [0] http://googlechromereleases.blogspot.nl/2015/09/stable-channel-upda
> te.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJV5zsEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMDFBNzE2QjE2MkIwMEU1NUJFREVBMDVB
REJCRjg2MTBBMzc4OUI3AAoJEK27+GEKN4m3xDgP/24c1+7hBU7DT+nQu5gad/Rg
esmRRZwAc8a2OklRGwkRJWjv0zmB/F4fk9FN9RZ9FOtsP1oI4LuNGM1/EWeEeh9l
ESGCZpyPBK263tMb6+aExB6gtifAAc777HPEOIEeqWFmy6mWWe3Wp7eFOoxY/Dtg
2DenHkueGb3Fh70W0/uoSWK/EQLiv0yUQ96bUQPsDt0Ru2hdFqxVvhSC063WJ/R1
2YLN8LM2Ib/LEhzvRLZa4WpvtqheK0muB5jXw84FwAwPkNfCzsE59pSLBXASoZAT
hFcpJSh5HmUpV+qtNsEEFi/15xm9jBeUPMtl/KpMYminkydA1PvEo7snpcQcNKa/
IApJeLLZtOOyiZGkbWT4whSMscu02RuwKqeiO++5cy6mY45aVOFpzuzFvl5TKVu1
LFrN3v2xjUVG4ML34/jYxsB0zYDPXkdryCEX8camjqWnAwhn8xWpUgpeHSEjVYKx
bu5Pea7OxLUOzI04XqEM8HSd2rMrnwu9/hN3Ud/YnpszMCQOZ/Wm9OcZB56oERgA
VPGTaQlXzKLpNlGV834YgE0/UQh2oPxDpCuQhPd+9OsPf6eLdzrW1PJHuE66GF5Z
3oYK/wTrjt8ws4M01zsrpksEE1u0Lko8g0iov8mUMgPyL28AMX1nEIggdaphvmjl
CLWL/uohvUf31Tu1pkpb
=h+29
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E73B13.1080408>