diff options
| author | rene <rene@FreeBSD.org> | 2016-04-20 04:14:53 +0800 |
|---|---|---|
| committer | rene <rene@FreeBSD.org> | 2016-04-20 04:14:53 +0800 |
| commit | cadfff3854291f46d786f6922e4b450b025e02a6 (patch) | |
| tree | 297e01aa1c915548a99cb1a4b30aef745f7c8b32 /security | |
| parent | 36b254e453e1ba2462a5089b76ecb0ba7750e173 (diff) | |
| download | freebsd-ports-gnome-cadfff3854291f46d786f6922e4b450b025e02a6.tar.gz freebsd-ports-gnome-cadfff3854291f46d786f6922e4b450b025e02a6.tar.zst freebsd-ports-gnome-cadfff3854291f46d786f6922e4b450b025e02a6.zip | |
Doument new vulnerabilities in www/chromium < 50.0.2661.75
Obtained from: http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d9028c74145d..2caeeec73dec 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,64 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6d8505f0-0614-11e6-b39c-00262d5ed8ee"> + <topic>chromium -- multiple vulnerabilities</topic> + <affects> + <package> + <name>chromium</name> + <name>chromium-npapi</name> + <name>chromium-pulse</name> + <range><lt>50.0.2661.75</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Google Chrome Releases reports:</p> + <blockquote cite="http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html"> + <p>20 security fixes in this release, including:</p> + <ul> + <li>[590275] High CVE-2016-1652: Universal XSS in extension + bindings. Credit to anonymous.</li> + <li>[589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit + to Choongwoo Han.</li> + <li>[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium + JPEG2000 decoding. Credit to kdot working with HP's Zero Day + Initiative.</li> + <li>[589512] Medium CVE-2016-1654: Uninitialized memory read in + media. Credit to Atte Kettunen of OUSPG.</li> + <li>[582008] Medium CVE-2016-1655: Use-after-free related to + extensions. Credit to Rob Wu.</li> + <li>[570750] Medium CVE-2016-1656: Android downloaded file path + restriction bypass. Credit to Dzmitry Lukyanenko.</li> + <li>[567445] Medium CVE-2016-1657: Address bar spoofing. Credit to + Luan Herrera.</li> + <li>[573317] Low CVE-2016-1658: Potential leak of sensitive + information to malicious extensions. Credit to Antonio Sanso + (@asanso) of Adobe.</li> + <li>[602697] CVE-2016-1659: Various fixes from internal audits, + fuzzing and other initiatives.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1651</cvename> + <cvename>CVE-2016-1652</cvename> + <cvename>CVE-2016-1653</cvename> + <cvename>CVE-2016-1654</cvename> + <cvename>CVE-2016-1655</cvename> + <cvename>CVE-2016-1656</cvename> + <cvename>CVE-2016-1657</cvename> + <cvename>CVE-2016-1658</cvename> + <cvename>CVE-2016-1659</cvename> + <url>http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html</url> + </references> + <dates> + <discovery>2016-04-13</discovery> + <entry>2016-04-19</entry> + </dates> + </vuln> + <vuln vid="976567f6-05c5-11e6-94fa-002590263bf5"> <topic>wpa_supplicant -- multiple vulnerabilities</topic> <affects> |