From nobody Thu Mar 9 17:46:55 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PXc7h04PKz3xBgx; Thu, 9 Mar 2023 17:46:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PXc7g6f03z4JGW; Thu, 9 Mar 2023 17:46:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678384015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DEoZ6nuQSXXpf+iBD8gUEJoPTX2KrglqTjseNnjnMxk=; b=PUaF2dvOp5PHpFy5wujhwSgtrjFn9+ePXi4VrVB7eBG87YIlU3kKf5W7MWDwUg/DxKpEuJ 16kLJH72Fhik4ropIna7aGrizis86tBhMVbclPLZRcqX78hVxYnu6OfJPPWy6kusi9342Y 4PVXn0JFgpR118mkO4e1iGRWzUxJMpbxB9zsUN7VMWwJoRGG+2A/pXEJKd8nSj95Epq2aM XATbR8cEYzjGbDZDD8+h2naJZZa5sHNx+5JJcfO8sqgB4EMzbtV3t6PVHt9H4YPDuQRs4Z Glsk8G7CY9GuuHTzEvDc4JEyx+JROm7hLSCurMVxvdYnjnMX7WmfEe3VQ5Zvuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678384015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DEoZ6nuQSXXpf+iBD8gUEJoPTX2KrglqTjseNnjnMxk=; b=d1i8Va1sBSXdVah8vMUNyhZsu1T+Syk/JlhAJH3aSotIH9S9UzoUKo1QuEQVz6XDySCPRa lZWh8g0Euc3g8PsgiKrWPHOxBvoEZmGI/3Bk1uZ9YDZHw9xR+Rdl4f5EVZTDlheMYBIKWZ oXCpgsEg+V6b4iR94PtJT4VCusIVICwRcA63t2z7FVqM1JMm7OLOJCEko4DEAHonYUSFG4 J9zDW+VGD5OzfNiUG41yhB2lp4MueJzFxnOwntbXD0W2UElOBBR7c6bthj9sXBBtTVXInQ SI6FZjLzYFZhQSTglktIMKibSHPCzVfUhSfEZgInXZSQFvxwuwynk/aBGIAeIw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678384015; a=rsa-sha256; cv=none; b=eOg0RswqxljgqqjzIpxT1YkREIgKKZXIfS+CElUcCH/yrsZFxcd7f5E/j2NiAlohO+Ir3w PcqYbALWtCQC48lLuL2jYgwBla2/9twKdYXQMZK6vosFNxZczsIeGXb/CqzV9EiFCNOdmd LEK8jnq6DuOsRXZ7zjbTchKVE011OD0NTPkkmjFp2jGfX8ELNspHxvCy18gxkTUeqFWXjB yoSl2FfQiA1ItyWVY3g5VTBVr0HNxD2BaKzMjB1Zp67O7Jqe2YgZ46H6lQ9xXDyPfLnBK1 ckBfh/vJcDdn9x1S8V1y76rOREYUa2EpNBpk8de6KOdOdelEYJKks/0zHc0LjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PXc7g5gLpzGLh; Thu, 9 Mar 2023 17:46:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 329Hkt40046027; Thu, 9 Mar 2023 17:46:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 329HktvG046026; Thu, 9 Mar 2023 17:46:55 GMT (envelope-from git) Date: Thu, 9 Mar 2023 17:46:55 GMT Message-Id: <202303091746.329HktvG046026@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Robert Nagy Subject: git: 050b36b98160 - main - security/vuxml: add www/*chromium < 111.0.5563.64 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rnagy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 050b36b981605f437b3b6c3530d74b21fd9e21e4 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=050b36b981605f437b3b6c3530d74b21fd9e21e4 commit 050b36b981605f437b3b6c3530d74b21fd9e21e4 Author: Robert Nagy AuthorDate: 2023-03-08 19:06:26 +0000 Commit: Robert Nagy CommitDate: 2023-03-09 17:46:35 +0000 security/vuxml: add www/*chromium < 111.0.5563.64 Approved by: rene (mentor) Obtained from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html Differential Revision: https://reviews.freebsd.org/D38992 --- security/vuxml/vuln/2023.xml | 79 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index bfbaf05bc2e0..f2a5eb2bc2d5 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,82 @@ + + chromium -- multiple vulnerabilities + + + chromium + 111.0.5563.64 + + + ungoogled-chromium + 111.0.5563.64 + + + + +

Chrome Releases reports:

+
+

This update includes 40 security fixes:

+
    +
  • [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
  • +
  • [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
  • +
  • [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
  • +
  • [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
  • +
  • [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
  • +
  • [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
  • +
  • [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
  • +
  • [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
  • +
  • [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
  • +
  • [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
  • +
  • [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
  • +
  • [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
  • +
  • [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
  • +
  • [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
  • +
  • [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
  • +
  • [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
  • +
  • [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
  • +
  • [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
  • +
  • [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
  • +
  • [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
  • +
  • [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
  • +
  • [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
  • +
  • [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
  • +
  • [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14
  • +
+
+ +
+ + CVE-2023-1213 + CVE-2023-1214 + CVE-2023-1215 + CVE-2023-1216 + CVE-2023-1217 + CVE-2023-1218 + CVE-2023-1219 + CVE-2023-1220 + CVE-2023-1221 + CVE-2023-1222 + CVE-2023-1223 + CVE-2023-1224 + CVE-2023-1225 + CVE-2023-1226 + CVE-2023-1227 + CVE-2023-1228 + CVE-2023-1229 + CVE-2023-1230 + CVE-2023-1231 + CVE-2023-1232 + CVE-2023-1233 + CVE-2023-1234 + CVE-2023-1235 + CVE-2023-1236 + https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html + + + 2023-03-08 + 2023-03-09 + +
+ jenkins -- multiple vulnerabilities