Date: Tue, 22 Sep 2020 19:00:08 +0000 (UTC) From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r549622 - head/security/vuxml Message-ID: <202009221900.08MJ08TQ022320@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rene Date: Tue Sep 22 19:00:08 2020 New Revision: 549622 URL: https://svnweb.freebsd.org/changeset/ports/549622 Log: Document new vulnerabilities in www/chromium < 85.0.4183.121 Obtained from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Sep 22 18:59:55 2020 (r549621) +++ head/security/vuxml/vuln.xml Tue Sep 22 19:00:08 2020 (r549622) @@ -58,6 +58,66 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e68d3db1-fd04-11ea-a67f-e09467587c17"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>85.0.4183.121</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html"> + <p>This release fixes 10 security issues, including:</p> + <ul> + <li>[1100136] High CVE-2020-15960: Out of bounds read in storage. + Reported by Anonymous on 2020-06-28</li> + + <li>[1114636] High CVE-2020-15961: Insufficient policy + enforcement in extensions. Reported by David Erceg on + 2020-08-10</li> + + <li>[1121836] High CVE-2020-15962: Insufficient policy + enforcement in serial. Reported by Leecraso and Guang Gong of 360 + Alpha Lab working with 360 BugCloud on 2020-08-26</li> + + <li>[1113558] High CVE-2020-15963: Insufficient policy + enforcement in extensions. Reported by David Erceg on + 2020-08-06</li> + + <li>[1126249] High CVE-2020-15965: Out of bounds write in V8. + Reported by Lucas Pinheiro, Microsoft Browser Vulnerability + Research on 2020-09-08</li> + + <li>[1113565] Medium CVE-2020-15966: Insufficient policy + enforcement in extensions. Reported by David Erceg on + 2020-08-06</li> + + <li>[1121414] Low CVE-2020-15964: Insufficient data validation in + media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on + 2020-08-25</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2020-15960</cvename> + <cvename>CVE-2020-15961</cvename> + <cvename>CVE-2020-15962</cvename> + <cvename>CVE-2020-15963</cvename> + <cvename>CVE-2020-15964</cvename> + <cvename>CVE-2020-15965</cvename> + <cvename>CVE-2020-15966</cvename> + <url>https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html</url> + </references> + <dates> + <discovery>2020-09-21</discovery> + <entry>2020-09-22</entry> + </dates> + </vuln> + <vuln vid="f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9"> <topic>libxml -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009221900.08MJ08TQ022320>