Date: Fri, 29 Oct 2021 19:33:59 GMT From: Rene Ladan <rene@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: e3b412ec750d - main - security/vuxml: add www/chromium < 95.0.4638.69 Message-ID: <202110291933.19TJXx8C056844@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=e3b412ec750d72264a29310c4bc7ea162d70ccba commit e3b412ec750d72264a29310c4bc7ea162d70ccba Author: Rene Ladan <rene@FreeBSD.org> AuthorDate: 2021-10-29 19:33:00 +0000 Commit: Rene Ladan <rene@FreeBSD.org> CommitDate: 2021-10-29 19:33:45 +0000 security/vuxml: add www/chromium < 95.0.4638.69 Obtained from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html --- security/vuxml/vuln-2021.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index ced576293f91..59cf97125ed7 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,58 @@ + <vuln vid="976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>95.0.4638.69</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html">; + <p>This release contains 8 security fixes, including:</p> + <ul> + <li>[1259864] High CVE-2021-37997 : Use after free in Sign-In. + Reported by Wei Yuan of MoyunSec VLab on 2021-10-14</li> + <li>[1259587] High CVE-2021-37998 : Use after free in Garbage + Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO + Mobile Telecommunications Corp. Ltd. on 2021-10-13</li> + <li>[1251541] High CVE-2021-37999 : Insufficient data validation in + New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21</li> + <li>[1249962] High CVE-2021-38000 : Insufficient validation of + untrusted input in Intents. Reported by Clement Lecigne, Neel + Mehta, and Maddie Stone of Google Threat Analysis Group on + 2021-09-15</li> + <li>[1260577] High CVE-2021-38001 : Type Confusion in V8. Reported + by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16</li> + <li>[1260940] High CVE-2021-38002 : Use after free in Web Transport. + Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on + 2021-10-16</li> + <li>[1263462] High CVE-2021-38003 : Inappropriate implementation in + V8. Reported by Clément Lecigne from Google TAG and Samuel Gross + from Google Project Zero on 2021-10-26</li> + </ul> + <p>Google is aware that exploits for CVE-2021-38000 and + CVE-2021-38003 exist in the wild.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-37997</cvename> + <cvename>CVE-2021-37998</cvename> + <cvename>CVE-2021-37999</cvename> + <cvename>CVE-2021-38000</cvename> + <cvename>CVE-2021-38001</cvename> + <cvename>CVE-2021-38002</cvename> + <cvename>CVE-2021-38003</cvename> + <url>https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html</url>; + </references> + <dates> + <discovery>2021-10-28</discovery> + <entry>2021-10-29</entry> + </dates> + </vuln> + <vuln vid="c848059a-318b-11ec-aa15-0800270512f4"> <topic>fail2ban -- possible RCE vulnerability in mailing action using mailutils</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110291933.19TJXx8C056844>