Date: Wed, 2 Sep 2015 20:08:19 +0200 From: =?UTF-8?Q?Ren=c3=a9_Ladan?= <rene@freebsd.org> To: Carlos J Puga Medina <cpm@fbsd.es> Cc: freebsd-chromium@freebsd.org Subject: Re: Document new vulnerabilities in www/chromium < 45.0.2454.85 Message-ID: <55E73B13.1080408@freebsd.org> In-Reply-To: <1441189302.97726.2.camel@fbsd.es> References: <1441189302.97726.2.camel@fbsd.es>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/02/2015 12:21, Carlos J Puga Medina wrote: > Current www/chromium is marked as vulnerable on Google Chrome > website[0]. Committed, with a few line rewraps and addition of variants specific to PC-BSD. Thanks, René > > --- vuln.xml.orig 2015-09-02 02:30:55.000000000 +0200 > +++ vuln.xml 2015-09-02 12:18:45.643172000 +0200 > @@ -58,6 +58,66 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="a9350df8-5157-11e5-b5c1-e8e0b747a45a"> > + <topic>chromium -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>chromium</name> > + <range><lt>45.0.2454.85</lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml">; > + <p>Google Chrome Releases reports:</p> > + <blockquote cite="http://googlechromereleases.blogspot.nl">; > + <p>29 security fixes in this release, including:</p> > + <ul> > + <li>[516377] High CVE-2015-1291: Cross-origin bypass in > DOM. Credit > + to anonymous.</li> > + <li>[522791] High CVE-2015-1292: Cross-origin bypass in > ServiceWorker. Credit > + to Mariusz Mlynski.</li> > + <li>[524074] High CVE-2015-1293: Cross-origin bypass in > DOM. Credit > + to Mariusz Mlynski.</li> > + <li>[492263] High CVE-2015-1294: Use-after-free in Skia. > Credit > + to cloudfuzzer.</li> > + <li>[502562] High CVE-2015-1295: Use-after-free in > Printing. Credit > + to anonymous.</li> > + <li>[421332] High CVE-2015-1296: Character spoofing in > omnibox. Credit > + to zcorpan.</li> > + <li>[510802] Medium CVE-2015-1297: Permission scoping > error in Webrequest. Credit > + to Alexander Kashev.</li> > + <li>[518827] Medium CVE-2015-1298: URL validation error in > extensions. Credit > + to Rob Wu.</li> > + <li>[416362] Medium CVE-2015-1299: Use-after-free in > Blink. Credit > + to taro.suzuki.dev.</li> > + <li>[511616] Medium CVE-2015-1300: Information leak in > Blink. Credit > + to cgvwzq.</li> > + <li>[526825] CVE-2015-1301: Various fixes from internal > audits, fuzzing and > + other initiatives.</li> > + </ul> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2015-1291</cvename> > + <cvename>CVE-2015-1292</cvename> > + <cvename>CVE-2015-1293</cvename> > + <cvename>CVE-2015-1294</cvename> > + <cvename>CVE-2015-1295</cvename> > + <cvename>CVE-2015-1296</cvename> > + <cvename>CVE-2015-1297</cvename> > + <cvename>CVE-2015-1298</cvename> > + <cvename>CVE-2015-1299</cvename> > + <cvename>CVE-2015-1300</cvename> > + <cvename>CVE-2015-1301</cvename> > + <url>http://googlechromereleases.blogspot.nl</url>; > + </references> > + <dates> > + <discovery>2015-09-01</discovery> > + <entry>2015-09-02</entry> > + </dates> > + </vuln> > + > <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5"> > <topic>ghostscript -- denial of service (crash) via crafted > Postscript files</topic> > <affects> > > [0] http://googlechromereleases.blogspot.nl/2015/09/stable-channel-upda > te.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJV5zsEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMDFBNzE2QjE2MkIwMEU1NUJFREVBMDVB REJCRjg2MTBBMzc4OUI3AAoJEK27+GEKN4m3xDgP/24c1+7hBU7DT+nQu5gad/Rg esmRRZwAc8a2OklRGwkRJWjv0zmB/F4fk9FN9RZ9FOtsP1oI4LuNGM1/EWeEeh9l ESGCZpyPBK263tMb6+aExB6gtifAAc777HPEOIEeqWFmy6mWWe3Wp7eFOoxY/Dtg 2DenHkueGb3Fh70W0/uoSWK/EQLiv0yUQ96bUQPsDt0Ru2hdFqxVvhSC063WJ/R1 2YLN8LM2Ib/LEhzvRLZa4WpvtqheK0muB5jXw84FwAwPkNfCzsE59pSLBXASoZAT hFcpJSh5HmUpV+qtNsEEFi/15xm9jBeUPMtl/KpMYminkydA1PvEo7snpcQcNKa/ IApJeLLZtOOyiZGkbWT4whSMscu02RuwKqeiO++5cy6mY45aVOFpzuzFvl5TKVu1 LFrN3v2xjUVG4ML34/jYxsB0zYDPXkdryCEX8camjqWnAwhn8xWpUgpeHSEjVYKx bu5Pea7OxLUOzI04XqEM8HSd2rMrnwu9/hN3Ud/YnpszMCQOZ/Wm9OcZB56oERgA VPGTaQlXzKLpNlGV834YgE0/UQh2oPxDpCuQhPd+9OsPf6eLdzrW1PJHuE66GF5Z 3oYK/wTrjt8ws4M01zsrpksEE1u0Lko8g0iov8mUMgPyL28AMX1nEIggdaphvmjl CLWL/uohvUf31Tu1pkpb =h+29 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E73B13.1080408>