From owner-svn-ports-all@FreeBSD.ORG Tue May 20 20:36:40 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C51B4B8D; Tue, 20 May 2014 20:36:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 97B8D2FF1; Tue, 20 May 2014 20:36:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4KKaepx075379; Tue, 20 May 2014 20:36:40 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4KKaeDW075378; Tue, 20 May 2014 20:36:40 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201405202036.s4KKaeDW075378@svn.freebsd.org> From: Rene Ladan Date: Tue, 20 May 2014 20:36:40 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r354686 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2014 20:36:40 -0000 Author: rene Date: Tue May 20 20:36:39 2014 New Revision: 354686 URL: http://svnweb.freebsd.org/changeset/ports/354686 QAT: https://qat.redports.org/buildarchive/r354686/ Log: Document new vulnerabilities in www/chromium < 35.0.1916.114 Obtained from: http://googlechromereleases.blogspot.nl/ MFH: 2014Q2 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 20 20:26:21 2014 (r354685) +++ head/security/vuxml/vuln.xml Tue May 20 20:36:39 2014 (r354686) @@ -57,6 +57,57 @@ Notes: --> + + chromium -- multiple vulnerabilities + + + chromium + 35.0.1916.114 + + + + +

Google Chrome Releases reports:

+
+

23 security fixes in this release, including:

+
    +
  • [356653] High CVE-2014-1743: Use-after-free in styles. Credit + to cloudfuzzer.
    • +
  • [359454] High CVE-2014-1744: Integer overflow in audio. Credit + to Aaron Staple.
    • +
  • [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to + Atte Kettunen of OUSPG.
    • +
  • [364065] Medium CVE-2014-1746: Out-of-bounds read in media + filters. Credit to Holger Fuhrmannek.
    • +
  • [330663] Medium CVE-2014-1747: UXSS with local MHTML file. + Credit to packagesu.
    • +
  • [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. + Credit to Jordan Milne.
    • +
  • [374649] CVE-2014-1749: Various fixes from internal audits, + fuzzing and other initiatives.
    • +
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in + version 3.25.28.16.
    • +
+
+ + + + CVE-2014-1743 + CVE-2014-1744 + CVE-2014-1745 + CVE-2014-1746 + CVE-2014-1747 + CVE-2014-1748 + CVE-2014-1749 + CVE-2014-3152 + http://googlechromereleases.blogspot.nl/ + + + 2014-05-20 + 2014-05-20 + + + chromium -- multiple vulnerabilities