From owner-svn-ports-all@FreeBSD.ORG Mon May 26 20:36:27 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 72794787; Mon, 26 May 2014 20:36:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5264D2927; Mon, 26 May 2014 20:36:27 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4QKaRRh056663; Mon, 26 May 2014 20:36:27 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4QKaRqP056662; Mon, 26 May 2014 20:36:27 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201405262036.s4QKaRqP056662@svn.freebsd.org> From: Eitan Adler Date: Mon, 26 May 2014 20:36:27 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r355451 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2014 20:36:27 -0000 Author: eadler Date: Mon May 26 20:36:26 2014 New Revision: 355451 URL: http://svnweb.freebsd.org/changeset/ports/355451 QAT: https://qat.redports.org/buildarchive/r355451/ Log: Report the latest flash security issue Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon May 26 20:35:08 2014 (r355450) +++ head/security/vuxml/vuln.xml Mon May 26 20:36:26 2014 (r355451) @@ -57,241 +57,35 @@ Notes: --> - - openjpeg -- Multiple vulnabilities - - - openjpeg - 1.5.2 - - - - -

Openjpeg release notes report:

-
-

That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 - release.

-
-
-

That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, - CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, - where fixed in the 1.5.2 release.

-
- - - - CVE-2012-3358 - CVE-2012-3535 - CVE-2013-1447 - CVE-2013-4289 - CVE-2013-4290 - CVE-2013-6045 - CVE-2013-6052 - CVE-2013-6053 - CVE-2013-6054 - CVE-2013-6887 - http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS - http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS - - - 2012-05-13 - 2014-05-24 - - - - - chromium -- multiple vulnerabilities - - - chromium - 35.0.1916.114 - - - - -

Google Chrome Releases reports:

-
-

23 security fixes in this release, including:

-
    -
  • [356653] High CVE-2014-1743: Use-after-free in styles. Credit - to cloudfuzzer.
    • -
  • [359454] High CVE-2014-1744: Integer overflow in audio. Credit - to Aaron Staple.
    • -
  • [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to - Atte Kettunen of OUSPG.
    • -
  • [364065] Medium CVE-2014-1746: Out-of-bounds read in media - filters. Credit to Holger Fuhrmannek.
    • -
  • [330663] Medium CVE-2014-1747: UXSS with local MHTML file. - Credit to packagesu.
    • -
  • [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. - Credit to Jordan Milne.
    • -
  • [374649] CVE-2014-1749: Various fixes from internal audits, - fuzzing and other initiatives.
    • -
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in - version 3.25.28.16.
    • -
-
- - - - CVE-2014-1743 - CVE-2014-1744 - CVE-2014-1745 - CVE-2014-1746 - CVE-2014-1747 - CVE-2014-1748 - CVE-2014-1749 - CVE-2014-3152 - http://googlechromereleases.blogspot.nl/ - - - 2014-05-20 - 2014-05-20 - - - - - chromium -- multiple vulnerabilities - - - chromium - 34.0.1847.137 - - - - -

Google Chrome Releases reports:

-
-

3 security fixes in this release:

-
    -
  • [358038] High CVE-2014-1740: Use-after-free in WebSockets. - Credit to Collin Payne.
    • -
  • [349898] High CVE-2014-1741: Integer overflow in DOM ranges. - Credit to John Butler.
    • -
  • [356690] High CVE-2014-1742: Use-after-free in editing. Credit - to cloudfuzzer.
    • -
-
- - - - CVE-2014-1740 - CVE-2014-1741 - CVE-2014-1742 - http://googlechromereleases.blogspot.nl/ - - - 2014-05-13 - 2014-05-14 - - - - - libXfont -- X Font Service Protocol and Font metadata file handling issues - - - libXfont - 1.4.7_3 - - - - -

Alan Coopersmith reports:

-
-

Ilja van Sprundel, a security researcher with IOActive, has - discovered several issues in the way the libXfont library - handles the responses it receives from xfs servers, and has - worked with X.Org's security team to analyze, confirm, and fix - these issues.

-

Most of these issues stem from libXfont trusting the font server - to send valid protocol data, and not verifying that the values - will not overflow or cause other damage. This code is commonly - called from the X server when an X Font Server is active in the - font path, so may be running in a setuid-root process depending - on the X server in use. Exploits of this path could be used by - a local, authenticated user to attempt to raise privileges; or - by a remote attacker who can control the font server to attempt - to execute code with the privileges of the X server.

-
- - - - CVE-2014-0209 - CVE-2014-0210 - CVE-2014-0211 - http://lists.x.org/archives/xorg-announce/2014-May/002431.html - - - 2014-05-13 - 2014-05-13 - - - - - libxml2 -- lack of end-of-document check DoS - - - libxml2 - 2.8.0_5 - - - - -

CVE MITRE reports:

-
-

parser.c in libxml2 before 2.9.0, as used in Google - Chrome before 28.0.1500.71 and other products, allows remote - attackers to cause a denial of service (out-of-bounds read) - via a document that ends abruptly, related to the lack of - certain checks for the XML_PARSER_EOF state.

-
- - - - CVE-2013-2877 - https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 - - - 2013-04-11 - 2013-07-10 - - - - - libxml2 -- entity substitution DoS + + linux-flashplugin -- multiple vulnerabilities - libxml2 - 2.8.0_5 + linux-f10-flashplugin + 11.2r202.359 -

Stefan Cornelius reports:

-
-

It was discovered that libxml2, a library providing - support to read, modify and write XML files, incorrectly - performs entity substitution in the doctype prolog, even if - the application using libxml2 disabled any entity - substitution. A remote attacker could provide a - specially-crafted XML file that, when processed, would lead - to the exhaustion of CPU and memory resources or file - descriptors.

-

This issue was discovered by Daniel Berrange of Red Hat.

+

Adobe reports:

+
+

These updates address vulnerabilities that could cause a crash + and potentially allow an attacker to take control of the affected system.

- CVE-2014-0191 - http://www.openwall.com/lists/oss-security/2014/05/06/4 - https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191 + CVE-2014-0510 + CVE-2014-0516 + CVE-2014-0517 + CVE-2014-0518 + CVE-2014-0519 + CVE-2014-0520 + https://helpx.adobe.com/security/products/flash-player/apsb14-14.html - 2013-12-03 - 2014-05-06 + 2014-03-13 + 2014-05-26