From owner-dev-commits-ports-all@freebsd.org Tue Sep 21 20:17:55 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8703C67A279; Tue, 21 Sep 2021 20:17:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HDXmM3P6zz4Sj3; Tue, 21 Sep 2021 20:17:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 513A82617; Tue, 21 Sep 2021 20:17:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18LKHtJn060566; Tue, 21 Sep 2021 20:17:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18LKHtOC060565; Tue, 21 Sep 2021 20:17:55 GMT (envelope-from git) Date: Tue, 21 Sep 2021 20:17:55 GMT Message-Id: <202109212017.18LKHtOC060565@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Rene Ladan Subject: git: 8170e64e0eb5 - main - security/vuxml: add chromium < 94.0.4606.54 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rene X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8170e64e0eb549bdfe91ef605e3a4e6d022e3e7e Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2021 20:17:55 -0000 The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=8170e64e0eb549bdfe91ef605e3a4e6d022e3e7e commit 8170e64e0eb549bdfe91ef605e3a4e6d022e3e7e Author: Rene Ladan AuthorDate: 2021-09-21 20:16:57 +0000 Commit: Rene Ladan CommitDate: 2021-09-21 20:17:35 +0000 security/vuxml: add chromium < 94.0.4606.54 Obtained from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html --- security/vuxml/vuln-2021.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 2baf51425253..78428bf81fae 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,91 @@ + + chromium -- multiple vulnerabilities + + + chromium + 94.0.4606.54 + + + + +

Chrome Releases reports:

+
This update contains 19 security fixes, including:
+
+
[1243117] High CVE-2021-37956: Use after free in Offline use. + Reported by Huyna at Viettel Cyber Security on 2021-08-24
+
[1242269] High CVE-2021-37957: Use after free in WebGPU. + Reported by Looben Yang on 2021-08-23
+
[1223290] High CVE-2021-37958: Inappropriate implementation in + Navigation. Reported by James Lee (@Windowsrcer) on + 2021-06-24
+
[1229625] High CVE-2021-37959: Use after free in Task Manager. + Reported by raven (@raid_akame) on 2021-07-15
+
[1247196] High CVE-2021-37960: Inappropriate implementation in + Blink graphics. Reported by Atte Kettunen of OUSPG on + 2021-09-07
+
[1228557] Medium CVE-2021-37961: Use after free in Tab Strip. + Reported by Khalil Zhani on 2021-07-13
+
[1231933] Medium CVE-2021-37962: Use after free in Performance + Manager. Reported by Sri on 2021-07-22
+
[1199865] Medium CVE-2021-37963: Side-channel information + leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, + University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv + University, Sioli O'Connell, University of Adelaide, and Jason + Kim, Georgia Institute of Technology on 2021-04-16
+
[1203612] Medium CVE-2021-37964: Inappropriate implementation in + ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the + Chinese University of Hong Kong on 2021-04-28
+
[1239709] Medium CVE-2021-37965: Inappropriate implementation in + Background Fetch API. Reported by Maurice Dauer on 2021-08-13
+
[1238944] Medium CVE-2021-37966: Inappropriate implementation in + Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11
+
[1243622] Medium CVE-2021-37967: Inappropriate implementation in + Background Fetch API. Reported by SorryMybad (@S0rryMybad) of + Kunlun Lab on 2021-08-26
+
[1245053] Medium CVE-2021-37968: Inappropriate implementation in + Background Fetch API. Reported by Maurice Dauer on 2021-08-30
+
[1245879] Medium CVE-2021-37969: Inappropriate implementation in + Google Updater. Reported by Abdelhamid Naceri (halov) on + 2021-09-02
+
[1248030] Medium CVE-2021-37970: Use after free in File System + API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on + 2021-09-09
+
[1219354] Low CVE-2021-37971: Incorrect security UI in Web + Browser UI. Reported by Rayyan Bijoora on 2021-06-13
+
[1234259] Low CVE-2021-37972: Out of bounds read in + libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from + Panguite-Forensics-Lab of Qianxin on 2021-07-29
+
+

+ + + + CVE-2021-37956 + CVE-2021-37957 + CVE-2021-37958 + CVE-2021-37959 + CVE-2021-37960 + CVE-2021-37961 + CVE-2021-37962 + CVE-2021-37963 + CVE-2021-37964 + CVE-2021-37965 + CVE-2021-37966 + CVE-2021-37967 + CVE-2021-37968 + CVE-2021-37969 + CVE-2021-37970 + CVE-2021-37971 + CVE-2021-37972 + https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html + + + 2021-09-21 + 2021-09-21 + + + libssh -- possible heap-buffer overflow vulnerability