diff options
| author | cpm <cpm@FreeBSD.org> | 2017-08-02 08:28:29 +0800 |
|---|---|---|
| committer | cpm <cpm@FreeBSD.org> | 2017-08-02 08:28:29 +0800 |
| commit | 822806313c29f6a987fc9585ea33c9f41d769569 (patch) | |
| tree | 90fa0055f7f23fb5998904d65eaf38968d43164d /security | |
| parent | 089d3940c305baaa714f63bd2042b305ee5b75e7 (diff) | |
| download | freebsd-ports-gnome-822806313c29f6a987fc9585ea33c9f41d769569.tar.gz freebsd-ports-gnome-822806313c29f6a987fc9585ea33c9f41d769569.tar.zst freebsd-ports-gnome-822806313c29f6a987fc9585ea33c9f41d769569.zip | |
Document new vulnerabilities in www/chromium < 60.0.3112.78
Obtained from: https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d32b6b0c5bc8..46d41a1976e2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,98 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7d138476-7710-11e7-88a1-e8e0b747a45a"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-pulse</name> + <range><lt>60.0.3112.78</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"> + <p>40 security fixes in this release, including:</p> + <ul> + <li>[728887] High CVE-2017-5091: Use after free in IndexedDB. Reported by + Ned Williamson on 2017-06-02</li> + <li>[733549] High CVE-2017-5092: Use after free un PPAPI. Reported by + Yu Zhou, Yuan Deng of Ant-financial Light-Year Security Lab on 2017-06-15</li> + <li>[550017] High CVE-2017-5093: UI spoofing in Blink. Reported by + Luan Herrera on 2015-10-31</li> + <li>[702946] High CVE-2017-5094: Type confusion in extensions. Reported by + Anonymous on 2017-03-19</li> + <li>[732661] High CVE-2017-5095: Out-of-bounds write in PDFium. Reported by + Anonymous on 2017-06-13</li> + <li>[714442] High CVE-2017-5096: User information leak via Android intents. Reported by + Takeshi Terada on 2017-04-23</li> + <li>[740789] High CVE-2017-5097: Out-of-bounds read in Skia. Reported by + Anonymous on 2017-07-11</li> + <li>[740803] High CVE-2017-5098: Use after free in V8. Reported by + Jihoon Kim on 2017-07-11</li> + <li>[733548] High CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by + Yuan Deng, Yu Zhou of Ant-financial Light-Year Security Lab on 2017-06-15</li> + <li>[718292] Medium CVE-2017-5100: Use after free in Chrome Apps. Reported by + Anonymous on 2017-05-04</li> + <li>[681740] Medium CVE-2017-5101: URL spoofing in OmniBox. Reported by + Luan Herrera on 2017-01-17</li> + <li>[727678] Medium CVE-2017-5102: Uninitialized use in Skia. Reported by + Anonymous on 2017-05-30</li> + <li>[726199] Medium CVE-2017-5103: Uninitialized use in Skia. Reported by + Anonymous on 2017-05-25</li> + <li>[729105] Medium CVE-2017-5104: UI spoofing in browser. Reported by + Khalil Zhani on 2017-06-02</li> + <li>[742407] Medium CVE-2017-7000: Pointer disclosure in SQLite. Reported by + Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative</li> + <li>[729979] Low CVE-2017-5105: URL spoofing in OmniBox. Reported by + Rayyan Bijoora on 2017-06-06</li> + <li>[714628] Medium CVE-2017-5106: URL spoofing in OmniBox. Reported by + Jack Zac on 2017-04-24</li> + <li>[686253] Low CVE-2017-5107: User information leak via SVG. Reported by + David Kohlbrenner of UC San Diego on 2017-01-27</li> + <li>[695830] Low CVE-2017-5108: Type of confusion in PDFium. Reported by + Guang Gong of Alpha Team, Qihoo 360 on 2017-02-24</li> + <li>[710400] Low CVE-2017-5109: UI spoofing in browser. Reported by + Jose Maria Acunia Morgado on 2017-04-11</li> + <li>[717476] Low CVE-2017-5110: UI spoofing in payments dialog. Reported by + xisigr of Tencent's Xuanwu Lab on 2017-05-02</li> + <li>[748565] Various fixes from internal audits, fuzzing and other initiatives</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5091</cvename> + <cvename>CVE-2017-5092</cvename> + <cvename>CVE-2017-5093</cvename> + <cvename>CVE-2017-5094</cvename> + <cvename>CVE-2017-5095</cvename> + <cvename>CVE-2017-5096</cvename> + <cvename>CVE-2017-5097</cvename> + <cvename>CVE-2017-5098</cvename> + <cvename>CVE-2017-5099</cvename> + <cvename>CVE-2017-5100</cvename> + <cvename>CVE-2017-5101</cvename> + <cvename>CVE-2017-5102</cvename> + <cvename>CVE-2017-5103</cvename> + <cvename>CVE-2017-5104</cvename> + <cvename>CVE-2017-7000</cvename> + <cvename>CVE-2017-5105</cvename> + <cvename>CVE-2017-5106</cvename> + <cvename>CVE-2017-5107</cvename> + <cvename>CVE-2017-5108</cvename> + <cvename>CVE-2017-5109</cvename> + <cvename>CVE-2017-5110</cvename> + <url>https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2017-07-25</discovery> + <entry>2017-08-01</entry> + </dates> + </vuln> + <vuln vid="f86d0e5d-7467-11e7-93af-005056925db4"> <topic>Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php</topic> <affects> |