From nobody Fri Nov 3 16:15:41 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SMQp54j2cz4ygRT; Fri, 3 Nov 2023 16:15:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SMQp5402gz4J13; Fri, 3 Nov 2023 16:15:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699028141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Kf1iUuumQXeFydFo1STdia5cHs6q8PUboE1/HXXf0l8=; b=aIbT5GlFVmF/DBGQfN7z3qqE/ZhZg9O1L/axW3bq7nRtUfluISY6trZStQKVHrRHASoASo 2kPtGxiDW4BMkhzTrkxh9lwbf9eYVvXAZH89VEj1rIyXtkT574lUk46BTMqt523AThX1Mi 1QU9tYUlBUXcuN5kfml3Oyai75okN0sFAkq+9YOBjZPyOKzuvb41sw28c4djHY1O900SgD f8zQFmE1RZG59UHtdnN2mKF0NB5ewoOYbEKnrJrUFFJYOxTQXGuAKMihpPWbxuBGmtbGmL SLTvuuzhVZJqGrOWGQIDK3z54VOeik0zEJ5fCjCWZ/oj3mK3CBpmjjVPDJLP2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699028141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Kf1iUuumQXeFydFo1STdia5cHs6q8PUboE1/HXXf0l8=; b=q8SIePAUtGUnE7vyoiFE//QEXV2pAasUIsjf/nuYGkU6BK08vH36JPVOSvJXGLSkdRJnZV NayBdQC0TBqgusCclwUEdIXnjkev3UqzM8oql5QaNF/sYAT8wtWf3X9sYJ2ZctDb5br2BC 0QX++Ww8DbvxXXueKqbGL2hq1DaSBaC25zgUe7/z08NPv+vsuHGF8PiOMAkTD/6CcERrC5 ACPMJiNNAyDoubB7MCTsGBTdSO7DMLV3y3lCaVwiAmWhjTqgInTKUKpOJzDo4XjGiImuUg XWffd6hsV7U1vMrJmhQJ39WtZiXO4T8zHPaJ6niNz270sxd720HyKma5BJGraQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699028141; a=rsa-sha256; cv=none; b=gsWgWqB1EdnWfDw9SeXx9MCfE3/MmmkMgvrvhIGsrCntO4sCwyYcEVkUdydmLMXx5a9+U6 umsaY4PTjSBw1Q/eOXPp/OkSrMz6VDTdeC/Fvbr9z7NKHIz0gJSNV1cqGIBLviufKwfYhC g3GeLW3SLFxwGJbtgEeJEZwBbmnfbvoV6rsYdHrlYAoNVQqquaw/9f39y1zX5d1kA3+aGC UyR2y8V2NcFOc3h5vv0eOLE3s+IGqWJzhuT6JVQjETqmDsASYP7+IgubKKlnKiKljouza4 ype/x+ivtlPa7PgjfWA+mTGCPNd/fIEJ0jf4Uoc0dd1VaM8kkYLDFdanPKA64Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SMQp52yBdz4rF; Fri, 3 Nov 2023 16:15:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A3GFf8X097143; Fri, 3 Nov 2023 16:15:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A3GFf22097140; Fri, 3 Nov 2023 16:15:41 GMT (envelope-from git) Date: Fri, 3 Nov 2023 16:15:41 GMT Message-Id: <202311031615.3A3GFf22097140@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Robert Nagy Subject: git: f2cd1a1c48db - main - security/vuxml: add www/*chromium < 119.0.6045.105 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rnagy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f2cd1a1c48db56973e5696f879ad51eeb7704676 Auto-Submitted: auto-generated The branch main has been updated by rnagy: URL: https://cgit.FreeBSD.org/ports/commit/?id=f2cd1a1c48db56973e5696f879ad51eeb7704676 commit f2cd1a1c48db56973e5696f879ad51eeb7704676 Author: Robert Nagy AuthorDate: 2023-11-03 16:14:31 +0000 Commit: Robert Nagy CommitDate: 2023-11-03 16:15:34 +0000 security/vuxml: add www/*chromium < 119.0.6045.105 Obtained from: https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html --- security/vuxml/vuln/2023.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 41df76564f38..6ebf350467cb 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,60 @@ + + chromium -- multiple vulnerabilities + + + chromium + 119.0.6045.105 + + + ungoogled-chromium + 119.0.6045.105 + + + + +

Chrome Releases reports:

+
+

This update includes 15 security fixes:

+
    +
  • [1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
  • +
  • [1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13
  • +
  • [1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13
  • +
  • [1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22
  • +
  • [1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18
  • +
  • [1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10
  • +
  • [1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22
  • +
  • [1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01
  • +
  • [1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13
  • +
  • [1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17
  • +
  • [1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18
  • +
  • [1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24
  • +
  • [1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13
  • +
+
+ +
+ + CVE-2023-5480 + CVE-2023-5482 + CVE-2023-5849 + CVE-2023-5850 + CVE-2023-5851 + CVE-2023-5852 + CVE-2023-5853 + CVE-2023-5854 + CVE-2023-5855 + CVE-2023-5856 + CVE-2023-5857 + CVE-2023-5858 + CVE-2023-5859 + https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html + + + 2023-10-31 + 2023-11-03 + +
+ phpmyfaq -- multiple vulnerabilities