aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml82
1 files changed, 82 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 2a4a0335dda6..5668bb8d9c1e 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,88 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="555af074-22b9-11e8-9799-54ee754af08e">
+<topic>chromium -- vulnerability</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>65.0.3325.146</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">
+ <p>45 security fixes in this release:</p>
+ <ul>
+ <li>[758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25</li>
+ <li>[758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25</li>
+ <li>[780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02</li>
+ <li>[794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12</li>
+ <li>[780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31</li>
+ <li>[789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30</li>
+ <li>[792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07</li>
+ <li>[798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03</li>
+ <li>[808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01</li>
+ <li>[799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05</li>
+ <li>[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30</li>
+ <li>[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30</li>
+ <li>[799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08</li>
+ <li>[668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25</li>
+ <li>[777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23</li>
+ <li>[791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01</li>
+ <li>[804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20</li>
+ <li>[809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06</li>
+ <li>[608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03</li>
+ <li>[758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24</li>
+ <li>[778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26</li>
+ <li>[793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10</li>
+ <li>[788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24</li>
+ <li>[792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05</li>
+ <li>[797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24</li>
+ <li>[767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21</li>
+ <li>[771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-11215</cvename>
+ <cvename>CVE-2017-11225</cvename>
+ <cvename>CVE-2018-6060</cvename>
+ <cvename>CVE-2018-6061</cvename>
+ <cvename>CVE-2018-6060</cvename>
+ <cvename>CVE-2018-6061</cvename>
+ <cvename>CVE-2018-6062</cvename>
+ <cvename>CVE-2018-6057</cvename>
+ <cvename>CVE-2018-6063</cvename>
+ <cvename>CVE-2018-6064</cvename>
+ <cvename>CVE-2018-6065</cvename>
+ <cvename>CVE-2018-6066</cvename>
+ <cvename>CVE-2018-6067</cvename>
+ <cvename>CVE-2018-6069</cvename>
+ <cvename>CVE-2018-6070</cvename>
+ <cvename>CVE-2018-6071</cvename>
+ <cvename>CVE-2018-6072</cvename>
+ <cvename>CVE-2018-6073</cvename>
+ <cvename>CVE-2018-6074</cvename>
+ <cvename>CVE-2018-6075</cvename>
+ <cvename>CVE-2018-6076</cvename>
+ <cvename>CVE-2018-6077</cvename>
+ <cvename>CVE-2018-6078</cvename>
+ <cvename>CVE-2018-6079</cvename>
+ <cvename>CVE-2018-6080</cvename>
+ <cvename>CVE-2018-6081</cvename>
+ <cvename>CVE-2018-6082</cvename>
+ <cvename>CVE-2018-6083</cvename>
+ <url>https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-03</discovery>
+ <entry>2018-03-08</entry>
+ </dates>
+</vuln>
+
<vuln vid="c5ab620f-4576-4ad5-b51f-93e4fec9cd0e">
<topic>wireshark -- multiple security issues</topic>
<affects>
generated by cgit (git 2.34.1) at 2025-02-01 04:51:05 +0800