Date: Thu, 29 Feb 2024 08:31:19 GMT From: Robert Nagy <rnagy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 8b4e2296cc59 - main - security/vuxml: add www/*chromium < 122.0.6261.94 Message-ID: <202402290831.41T8VJer021729@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=8b4e2296cc598d711520a73a87f1fe78fb2c1038 commit 8b4e2296cc598d711520a73a87f1fe78fb2c1038 Author: Robert Nagy <rnagy@FreeBSD.org> AuthorDate: 2024-02-29 08:30:39 +0000 Commit: Robert Nagy <rnagy@FreeBSD.org> CommitDate: 2024-02-29 08:31:13 +0000 security/vuxml: add www/*chromium < 122.0.6261.94 Obtained from: https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html --- security/vuxml/vuln/2024.xml | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 8938a3888d23..c54b142afe17 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,38 @@ + <vuln vid="31bb1b8d-d6dc-11ee-86bb-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>122.0.6261.94</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>122.0.6261.94</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html">; + <p>This update includes 4 security fixes:</p> + <ul> + <li>[324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11</li> + <li>[323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-1938</cvename> + <cvename>CVE-2024-1939</cvename> + <url>https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html</url>; + </references> + <dates> + <discovery>2024-02-27</discovery> + <entry>2024-02-29</entry> + </dates> + </vuln> + <vuln vid="3dada2d5-4e17-4e39-97dd-14fdbd4356fb"> <topic>null -- Routinator terminates when RTR connection is reset too quickly after opening</topic> <affects> @@ -10,7 +45,7 @@ <body xmlns="http://www.w3.org/1999/xhtml">; <p>sep@nlnetlabs.nl reports:</p> <blockquote cite="https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt">; - <p>Due to a mistake in error checking, Routinator will terminate when + <p>Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.</p> </blockquote> @@ -25,6 +60,7 @@ <entry>2024-02-28</entry> </dates> </vuln> + <vuln vid="02e33cd1-c655-11ee-8613-08002784c58d"> <topic>curl -- OCSP verification bypass with TLS session reuse</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402290831.41T8VJer021729>