diff options
| author | cpm <cpm@FreeBSD.org> | 2017-03-31 05:43:45 +0800 |
|---|---|---|
| committer | Koop Mast <kwm@rainbow-runner.nl> | 2017-04-09 21:02:23 +0800 |
| commit | 883fe3f3591fa85800dd077c2ca823da57e38e81 (patch) | |
| tree | 9715f5b67c72f600ce6c53cf397e76328f2a22dd /security | |
| parent | 05ec281cf2817fd72d21a52a9bf30f743c289bfb (diff) | |
| download | freebsd-ports-gnome-883fe3f3591fa85800dd077c2ca823da57e38e81.tar.gz freebsd-ports-gnome-883fe3f3591fa85800dd077c2ca823da57e38e81.tar.zst freebsd-ports-gnome-883fe3f3591fa85800dd077c2ca823da57e38e81.zip | |
Document new vulnerabilities in www/chromium < 57.0.2987.133
Obtained from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6f6b7236029e..d231c9e71e95 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,50 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7cf058d8-158d-11e7-ba2c-e8e0b747a45a"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-npapi</name> + <name>chromium-pulse</name> + <range><lt>57.0.2987.133</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html"> + <p>5 security fixes in this release, including:</p> + <ul> + <li>[698622] Critical CVE-2017-5055: Use after free in printing. Credit to + Wadih Matar</li> + <li>[699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to + Nicolas Trippar of Zimperium zLabs</li> + <li>[662767] High CVE-2017-5052: Bad cast in Blink. Credit to + JeongHoon Shin</li> + <li>[705445] High CVE-2017-5056: Use after free in Blink. Credit to + anonymous</li> + <li>[702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to + Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5055</cvename> + <cvename>CVE-2017-5054</cvename> + <cvename>CVE-2017-5052</cvename> + <cvename>CVE-2017-5056</cvename> + <cvename>CVE-2017-5053</cvename> + <url>https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html</url> + </references> + <dates> + <discovery>2017-03-29</discovery> + <entry>2017-03-30</entry> + </dates> + </vuln> + <vuln vid="47873d72-14eb-11e7-970f-002590263bf5"> <topic>xen-tools -- xenstore denial of service via repeated update</topic> <affects> |